aql® can be involved as little or as much as is required within your technology project. For those clients who have a clear understanding of the services they need, we provide a low cost "light touch" service. However, many clients prefer to partner with us and let us manage their online service delivery.
Scenario 1 - Enterprise Client - Goal Led
A enterprise payment donation operator required a secure hosted platform to deliver an SSL web portal, with a backend high-availability database service, an SFTP platform and also a specialist encrypted link to several company payroll systems to deduct payments-at-source. Many of the payroll systems were operated by financial institutions demanding a high level of integrity and insisted on their own penetration testing and diligence audit of the solution.
The service was designed as a two-site, layer 2 resilient solution, with high-availability stateful firewalls providing protection for a failover web cluster and database cluster, within separate demarcated subnets. A production and test environment was provided, with the test environment being made available offline via VPN.
The solution was security audited by aql's in-house audit team prior to rollout. Frequent audits were performed during in-life operation. External security audits were required by the end users. aql® consulted with the external penetration testing and audit teams to demonstrate industry best practice.
Upgrades and maintenance was provided by aql® on an ongoing basis, including :
- Provision of a managed CVS (current versioning system) server, with full backup, allowing the customers developers to maintain an auditable development cycle and roll back if required.
- Access to a secure partition within an aql® SAN (storage area network) and offsite tape and SCSI backup.
- Security patching and routine integrity checking
Scenario 2 - Technical Client - Requirement Led
At the opposite end of the spectrum, aql® are approached by many clients who simply wish to be provided with IP addresses and access. A sample customer provided a 2U server to be colocated within our Leeds facility. The customer also required their own firewall to be installed.
aql® consulted with the client to understand the network requirements of the firewall appliance and completed a RIPE allocation assessment to understand the number of IP addresses the customer would need as their project expanded. It was found that the client would need over 100 IP addresses in the first year in order to support a whitelabel storefront, which needed many SSL certificates.
- Provided two network allocations - one for inside, one for outside of the customers security appliance
- Provided a /24 (class C) allocation to cover the customers first 24 months of growth
- Provided 24/7 access and a proximity access tag and code to the customers' engineers, allowing them to manage their own server 24/7
- Provided a unique-keyed quarter rack, allowing the customer secure access to their own equipment