Toggle menu

Hosting Service Manual

Environment and Infrastructure

Environment Names

We use standard naming conventions across all of our hosting environments.

EnvironmentDescription
LocalA developer's personal workspace, running on their own machine. It may connect to a shared development environment database, iCM or API Server
DevelopmentA GOSS-hosted environment that developers can use for new functionality and fixes. This environment may be unstable and is likely to change regularly. This is a place for active development and is not suitable for formal testing
TestA stable environment used by everyone to test the latest development work. We have dedicated test environments so work can be tested while other work goes on in the development environment
Pre-ProductionA replica of the production environment used as a staging area. This environment should be kept in sync with the production environment and serves as a trial run for deployments. It may also be used to replicate support issues found in the production environment
ProductionThe live, public-facing website/intranet
DRA Disaster Recovery environment

Infrastructure

The GOSS Cloud Services infrastructure is powered by various public cloud providers including Amazon Web Services and Google Cloud Platform (both in the London regions), enabling us to deliver a cloud-agnostic, high performance, high security, and most of all, highly reliable platform for the delivery of client services. All data is stored, processed and managed in the UK and we are a UK-based service provider.

The infrastructure allows us to seamlessly increase the resources for a particular service or expand the resilience and capacity of a service by adding more virtual machines to the environment. Tenants of the platform are fully segregated using logical security controls, dedicated private networks and dedicated resource reservations.

Please note that additional storage can be purchased if required.

Scaling

Services are scaled to meet client transactional volumetric requirements and anticipated growth, in line with the suggested fair usage policy, as detailed in the Service Definition Document. If volumes exceed fair usage the service can be scaled-up to cope with additional demand by moving to the next appropriate service level. By using analysis tools, each individual server and service is carefully calibrated to achieve optimum efficiency and performance.

Availability

We offer two SLAs, covering your production environments:

  • 99.99% for network availability
  • 99.95% website availability

Non-production environments are not covered by the above SLAs. We offer service credits should availability fail to meet these SLAs - refer to your Service Terms and Conditions document.

Energy Efficient Hosting

To reduce the environmental impact of our hosting infrastructure we have implemented policies that will power-down servers when they are not being used - primarily overnight. The following table outlines our standard schedules.

You can request a change to the times below by contacting a member of the support team.

EnvironmentAvailableNotes
ProductionAlways onWe do not power-down production environments. These servers will be available as per our published SLAs
Pre-production07:00 - 19:00 weekdaysThe pre-production staging area is available during extended business hours
Test07:00 - 19:00 weekdaysTest servers are available during extended business hours
DevelopmentOn demand - 19:00Development servers are, by default, powered-down. They are enabled during active project work, during the upgrade/patching process, and while resolving support issues. Development servers can be enabled with the relevant permission levels via the MyGOSS platform as and when they are needed. Alternatively, a GOSS support technician, developer, or member of the hosting team can enable the development servers on request.

PCI DSS Compliance

Please note that we are not currently assessed against the Payment Card Industry Data Security Standard. All payment actions are performed via third party hosted payment providers. Form payment fields redirect users to those payment providers and no payment details (card number etc) are entered into or stored by our platform or hosting infrastructure.

Security

All of our internet facing infrastructure has been assessed and certified under the Cyber Essentials Plus scheme developed by the UK National Cyber Security centre.

Our information security management systems are certified as meeting the ISO 27001 information security standard.

We carry out penetration testing on an annual basis and encourage clients to perform their own as required.

DDos Protection

We make use of AWS Shield Standard and rate limiting features to mitigate DDoS attacks.

Last modified on December 17, 2024

Share this page

Facebook icon Twitter icon email icon

Print

print icon