Kafka by VSHN

Apache Kafka, managed by VSHN and SPOUD for you.

Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

— Apache Kafka Website

Our service offers a compelling solution for businesses seeking secure and efficient event streaming. Based in Switzerland, our service provides several key advantages:

Switzerland Based: Hosting your Kafka service by a company based in Switzerland ensures data privacy, security, and compliance with strict Swiss regulations.
Unrestricted Access to Kafka Features: With our service, you have access to the full range of Kafka’s features, ensuring you can tailor your event streaming to your specific needs.
Supported by Kafka Professionals: Together with SPOUD, our team consists of experienced Kafka professionals who can provide expert guidance and support, ensuring that you can make the most of your Kafka implementation.
Simple Price Model: We offer a straightforward pricing model, making it easy for you to budget and plan for your event streaming needs without hidden costs or surprises.
SLA Available: For added peace of mind, we offer Service Level Agreements (SLAs) that guarantee the reliability and availability of your Kafka service.
Run by Experts Running Software: Our service is managed by a team of experts with a proven track record of running complex software systems, ensuring that your Kafka service is in capable hands.

In summary, our service provides a secure, feature-rich, and hassle-free solution for event streaming, all while benefiting from Switzerland’s robust data protection laws and the expertise of Kafka professionals.

The user documentation is available under docs.appcat.ch.

Availability of the service

Features

Available sizing	1 or 3 replicas
No downtime during regular maintenance	^[1]
High availability	^[2]
Topic and user self-service
Kafka WebUI ^[3]
TLS Encrypted Connection
Kafka specific metrics and dashboards
Schema registry	^[4]
KRaft mode
Guaranteed performance	^[5]
Support

Available sizing

1 or 3 replicas

No downtime during regular maintenance

^[1]

High availability

^[2]

Topic and user self-service

Kafka WebUI ^[3]

TLS Encrypted Connection

Kafka specific metrics and dashboards

Schema registry

^[4]

KRaft mode

Guaranteed performance

^[5]

Support

The following common features are available as well:

Self-Service Instance Provisioning and Configuration	Service instances can be self-service ordered and are provisioned fully automated in the background. Access to self-service provisioning is provided via custom Kubernetes configuration objects in the Kubernetes cluster or via Open Service Broker API (on request).
Best-Practice Configuration Management	Services are configured with best practices and the configuration is updated continuously as we learn improvements during day-2 operations and from the community. Industry standards are used for security configuration and wherever possible TLS encrypted connections are offered by default.
Maintenance and Security Operations	Patch updates are applied as they get available. We monitor security information for services and apply zero-day patches or workaround configuration as they become available.
Data Protection and Recovery	All services offer a regular backup option. See the service descriptions for more details.
Service Metrics	Performance metrics are collected regularly and are available as graphs to the user. The metrics are automatically monitored and acted upon irregularities, see Monitoring and Alerting below.
Monitoring and Alerting	Service Level Indicators are monitored and alerted upon. Depending on the service level alerts are automatically handled by a VSHNeer.
Service Logging	All logs are collected and are available to debug service errors.
Support by VSHN or Vendor	Support for all services are available from VSHN support engineers. Depending on the service, additional support by the software vendor or a third-party might be available.

Self-Service Instance Provisioning and Configuration

Service instances can be self-service ordered and are provisioned fully automated in the background. Access to self-service provisioning is provided via custom Kubernetes configuration objects in the Kubernetes cluster or via Open Service Broker API (on request).

Best-Practice Configuration Management

Services are configured with best practices and the configuration is updated continuously as we learn improvements during day-2 operations and from the community. Industry standards are used for security configuration and wherever possible TLS encrypted connections are offered by default.

Maintenance and Security Operations

Patch updates are applied as they get available. We monitor security information for services and apply zero-day patches or workaround configuration as they become available.

Data Protection and Recovery

All services offer a regular backup option. See the service descriptions for more details.

Service Metrics

Performance metrics are collected regularly and are available as graphs to the user. The metrics are automatically monitored and acted upon irregularities, see Monitoring and Alerting below.

Monitoring and Alerting

Service Level Indicators are monitored and alerted upon. Depending on the service level alerts are automatically handled by a VSHNeer.

Service Logging

All logs are collected and are available to debug service errors.

Support by VSHN or Vendor

Support for all services are available from VSHN support engineers. Depending on the service, additional support by the software vendor or a third-party might be available.

Consulting / Onboarding Package

This product is fully supported by SPOUD.

To get started with Kafka, consider SPOUDs 5-day onboarding package. This package includes a workshop designed to clarify your current needs, future goals, and any open questions you may have.

Key topics covered in the workshop include:

Designing your Kafka Setup (Replication, Access and Security, Encryption, CI/CD, Data Centers)
Best practices for sizing and scalability (Number of clusters, brokers, volume)
Security and compliance (IAM, authorization, and authentication)
Managing Kafka clusters (monitoring, upgrades, maintenance)
Analyzing logs (Retention policy and solutions)
Troubleshooting common issues

Further customization of the Kafka onboarding package is available by SPOUD.

Kafka Support

Support for Kafka is organized in three levels:

Level 1: End-User Support: Helping users with the daily use of Kafka is the customer’s concern. End-user support isn’t included in this service.
Level 2: Operations Support: VSHN provides support concerning the operations of Kafka. Our Support Plans describes in detail what VSHN offers in terms of support.
Level 3: Application Support: SPOUD offers third-level support for Kafka to VSHN, so that there are experts available to help with complex issues. Direct support from SPOUD to the end-user is available with a separate support contract.

Supported versions

Supported are only the latest two Apache Kafka versions. See this page for the current latest versions.

We’re following the version support of the Strimzi Kafka Kubernetes Operator

Upgrade Policy

The upgrade to a new major version needs to be performed within a 2-month grace period after the latest major.minor version.
Once the support for a service has ended, the service is considered "unmanaged" by VSHN. Meanwhile, the service still continues to run.

Service Level Indicator (SLI)

According to the service levels the SLI "Up" is defined as follows:

Controller nodes are reachable in Kubernetes and are healthy

Kafka Brokers are reachable in Kubernetes and are healthy

E2E Latency below 2s

Schema registry cluster reachable in Kubernetes and is healthy

An unmanaged service is a service that is not monitored and SLA doesn’t apply anymore.

Data Protection

Security measures

Encryption: Data will be encrypted in transit using TLS. If available on the underlying platform, data can be encrypted at rest.
Access Control Lists: Allow the definition of fine-grained permissions for users on the platform. Ideally this is supported by a consistent naming scheme between users, topics, subjects, consumer groups and transactional ids.

Integrity and Availability

Replication: Data is protected by setting up enough brokers and distributing them as much as possible (Nodes, Racks, Availability Zones / Data Centers). The application developers are then able to adjust the replication factor of the topics which will ensure data is replicated to multiple brokers.
Retention Policies: With retention policies, a developer can define how long data will be stored on Apache Kafka. This can be defined based on time or size.

Recurring Maintenance

We conduct recurring maintenance tasks on the service to keep it stable and up-to-date.

Planned Maintenance Activities

Updating of the base container image with the latest patched version, this causes a service restart.
If there’s a newer minor version available that does not contain breaking changes, then the service will automatically be updated to that minor version.
Major upgrades are not automatic.
Configuration improvements as we learn new best-practices or some configuration proved to be non-optimal.

Mandatory Maintenance Activities

Security issue (CVE) mitigation by updating to a patched version or configuration adjustments, usually causes service restart.
Regular maintenance on the underlying platform, usually causing up to 2 restarts per replica.

Maintenance Windows

This is an automated recurrence once a week. The day and time can be configured per service instance, whereas by default it is a random time in the night from Tuesday to Wednesday.

Users responsibilities

As a DevOps company, we believe in its collaborative approach. Flawless service is only possible through a sense of responsibility on both sides. Accordingly, we rely on the user to consider the following points:

Choose reasonably sized resources for the software consuming the service
Act early when an increase in service usage is foreseen (for example increase resources)
Rely on best-practices for using the service
Choose a matching service level for your use-case

Kafka Addons

Kafka Connect: Kafka Connect is a tool for scalable and reliable streaming of data between Apache Kafka and other data systems.
Mirror Maker: Kafka’s mirroring feature makes it possible to maintain a replica of an existing Kafka cluster.
Kafka Bridge: Kafka Bridge can be used to integrate HTTP client applications with your Kafka cluster.

Behind the scenes

This service is made possible with Strimzi and is provided in a partnership with SPOUD.

Pricing

Service Level	per hour	per 30 days (720h)	Minimum Size
Best Effort	CHF 0.2778	CHF 200.00	1
Guaranteed Availability	CHF 0.8334	CHF 600.00	3

Service Level

per hour

per 30 days (720h)

Minimum Size

Best Effort

CHF 0.2778

CHF 200.00

Guaranteed Availability

CHF 0.8334

CHF 600.00

All prices are per instance size of one.
Excl. Compute resources.
Consulting / Onboarding Package from SPOUD (5 days / 40 hours): CHF 8'000.00
These prices are valid starting 2024-07-01 until further notice.

Table 1. Addons
Addon	per hour	per 30 days (720h)
Kafka Connect	CHF 0.1112	CHF 80.00
Mirror Maker	CHF 0.3334	CHF 240.00
Kafka Bridge	CHF 0.1112	CHF 80.00
Schema Registry	CHF 0.5556	CHF 400.00

Excl. Compute resources.
These prices are valid starting 2024-07-01 until further notice.

See Pricing for more details.

1. With more than 1 replica

2. With Service Level "Guaranteed Availability" and with more than 1 replica

3. The Kafka WebUI is provided with the software "AKHQ"

4. The schema registry is provided with the software "Apicurio Registry"

5. Depends on the underlying platform