itopia Spaces is delivered as a fully-managed service by itopia, including a virtual containerized environment with monitoring, scaling, patching, and security for each customer.
itopia will follow best practices to review and approve managed service updates, changes or enhancements such as: version updates, security fixes, etc.
All Deployment Images for itopia Spaces are built by the itopia Site Reliability Engineering (SRE) Team and managed centrally. All deployment images are pre-hardened. These images are automatically patched and subjected to preliminary testing before being published. The images are published locally within GCP and do not traverse the public Internet.
All system components are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Patches on production are subject to complex testing and validation procedures. In certain cases, risk mitigation-- rather than patching-- may be preferable.
Monitoring and Auditing
itopia Spaces infrastructure is monitored by the itopia’s SRE Team using a variety of tools to ensure healthy, normal operations of components and the GCP infrastructure. itopia enables Google's Cloud Operations integration to provide real-time and historic monitoring.
itopia similarly configures Google Cloud alerting policies to provide real-time notification of service disruptions or system issues.
Access and Change Management
Administrative access to itopia Spaces environments is tightly controlled and audited. itopia engineers have no meaningful access to customer workloads beyond high-level monitoring; support technicians require explicit authorization by the customer before accessing any customer data or systems.
itopia's internal Change Management System tracks all configuration data for customer environments and ensures all changes are authorized. All Managed Cloud Desktop tenant environments are routinely audited for configuration compliance and undocumented changes.