itopia Labs is delivered as a fully-managed service by itopia, including virtual lab environment monitoring, scaling, patching, and security. This allows K12 school district administrators can focus on delivering highly-personalized, creative curriculum for students without needing to worry about technology management complexity or maintenance issues.

itopia will follow best practices to review and approve managed service updates, changes or enhancements such as: version updates, security fixes, etc.

Image Management

All Deployment Images for itopia Labs are built by the itopia Site Reliability Engineering (SRE) Team and managed centrally. All deployment images are pre-hardened. These images are automatically patched and subjected to preliminary testing before being published. The images are published locally within GCP and do not traverse the public Internet.

Patch Management

All system components are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Patches on production are subject to complex testing and validation procedures. In certain cases, risk mitigation-- rather than patching-- may be preferable.

Monitoring and Auditing

itopia Labs infrastructure is monitored by the itopia’s SRE Team using a variety of tools to ensure healthy, normal operations of components and the GCP infrastructure. itopia enables Google's Cloud Operations integration to provide real-time and historic monitoring.

itopia similarly configures Google Cloud alerting policies to provide real-time notification of service disruptions or system issues.

Access and Change Management

Administrative access to itopia Labs environments is tightly controlled and audited. itopia engineers have no meaningful access to customer workloads beyond high-level monitoring; support technicians require explicit authorization by the customer before accessing any customer data or systems.

itopia's internal Change Management System tracks all configuration data for customer environments and ensures all changes are authorized. All Managed Cloud Desktop tenant environments are routinely audited for configuration compliance and undocumented changes.

Did this answer your question?