OpenBao by VSHN

OpenBao, managed by VSHN and bespinian for you.

OpenBao is an identity-based secrets and encryption management system.

— OpenBao Website

The service is not yet available on AppCat.

Our service offers a compelling solution for businesses seeking secure and efficient event streaming. Based in Switzerland, our service provides several key advantages:

Switzerland Based: Hosting your OpenBao service by a company based in Switzerland ensures data privacy, security, and compliance with strict Swiss regulations.
Unrestricted Access to OpenBao Features: With our service, you have access to the full range of OpenBao’s features, ensuring you can tailor your secret and encryption management to your specific needs.
Supported by OpenBao Professionals: Together with bespinian, our team consists of experienced OpenBao professionals who can provide expert guidance and support, ensuring that you can make the most of your OpenBao implementation.
Simple Price Model: We offer a straightforward pricing model, making it easy for you to budget and plan for your secret and encryption management needs without hidden costs or surprises.
SLA Available: For added peace of mind, we offer Service Level Agreements (SLAs) that guarantee the reliability and availability of your OpenBao service.
Run by Experts Running Software: Our service is managed by a team of experts with a proven track record of running complex software systems, ensuring that your OpenBao service is in capable hands.

In summary, our service provides a secure, feature-rich, and hassle-free solution for secret and encryption management, all while benefiting from Switzerland’s robust data protection laws and the expertise of OpenBao professionals.

The user documentation is available under docs.appcat.ch.

Availability of the service

Features

Available sizing	1 or 3 replicas
No downtime during regular maintenance	^[1]
High availability	^[2]
TLS Encrypted Connection
OpenBao specific metrics and dashboards
Guaranteed performance	^[3]
Support

Available sizing

1 or 3 replicas

No downtime during regular maintenance

^[1]

High availability

^[2]

TLS Encrypted Connection

OpenBao specific metrics and dashboards

Guaranteed performance

^[3]

Support

The following common features are available as well:

Self-Service Instance Provisioning and Configuration	Service instances can be self-service ordered and are provisioned fully automated in the background. Access to self-service provisioning is provided via custom Kubernetes configuration objects in the Kubernetes cluster or via Open Service Broker API (on request).
Best-Practice Configuration Management	Services are configured with best practices and the configuration is updated continuously as we learn improvements during day-2 operations and from the community. Industry standards are used for security configuration and wherever possible TLS encrypted connections are offered by default.
Maintenance and Security Operations	Patch updates are applied as they get available. We monitor security information for services and apply zero-day patches or workaround configuration as they become available.
Data Protection and Recovery	All services offer regular backup and deletion protection options. See the service descriptions for more details.
Service Metrics	Performance metrics are collected regularly. The metrics are automatically monitored and acted upon irregularities, see Monitoring and Alerting below.
Monitoring and Alerting	Service Level Indicators are monitored and alerted upon. Depending on the service level alerts are handled by a VSHNeer. User alerting is highly encouraged. See the service descriptions for more details.
Service Logging	All logs are collected and are available to debug service errors.
Support by VSHN or Partner	Support from VSHN is available at additional cost via Support Plans. Depending on the service, additional support by the software partner or a third-party might be available at additional cost.

Self-Service Instance Provisioning and Configuration

Service instances can be self-service ordered and are provisioned fully automated in the background. Access to self-service provisioning is provided via custom Kubernetes configuration objects in the Kubernetes cluster or via Open Service Broker API (on request).

Best-Practice Configuration Management

Services are configured with best practices and the configuration is updated continuously as we learn improvements during day-2 operations and from the community. Industry standards are used for security configuration and wherever possible TLS encrypted connections are offered by default.

Maintenance and Security Operations

Patch updates are applied as they get available. We monitor security information for services and apply zero-day patches or workaround configuration as they become available.

Data Protection and Recovery

All services offer regular backup and deletion protection options. See the service descriptions for more details.

Service Metrics

Performance metrics are collected regularly. The metrics are automatically monitored and acted upon irregularities, see Monitoring and Alerting below.

Monitoring and Alerting

Service Level Indicators are monitored and alerted upon. Depending on the service level alerts are handled by a VSHNeer. User alerting is highly encouraged. See the service descriptions for more details.

Service Logging

All logs are collected and are available to debug service errors.

Support by VSHN or Partner

Support from VSHN is available at additional cost via Support Plans. Depending on the service, additional support by the software partner or a third-party might be available at additional cost.

Consulting / Onboarding Package

This product is fully supported by bespinian.

To get started with OpenBao, consider bespiniana onboarding package.

Further customization of the OpenBao onboarding package is available by bespinian.

OpenBao Support

Support for OpenBao is organized in three levels:

Level 1: End-User Support: Helping users with the daily use of OpenBao is the customer’s concern. End-user support isn’t included in this service.
Level 2: Operations Support: VSHN provides support concerning the operations of OpenBao. Our Support Plans describes in detail what VSHN offers in terms of support.
Level 3: Application Support: bespinian offers third-level support for OpenBao to VSHN, so that there are experts available to help with complex issues. Direct support from bespinian to the end-user is available with a separate support contract.

Supported versions

Upgrade Policy

Service Level Indicator (SLI)

According to the service levels the SLI "Up" is defined as follows:

An unmanaged service is a service that is not monitored and SLA doesn’t apply anymore.

Data Protection

Security measures

Integrity and Availability

Recurring Maintenance

We conduct recurring maintenance tasks on the service to keep it stable and up-to-date.

Planned Maintenance Activities

Updating of the base container image with the latest patched version, this causes a service restart.
If there’s a newer minor version available that does not contain breaking changes, then the service will automatically be updated to that minor version.
Major upgrades are not automatic.
Configuration improvements as we learn new best-practices or some configuration proved to be non-optimal.

Mandatory Maintenance Activities

Security issue (CVE) mitigation by updating to a patched version or configuration adjustments, usually causes service restart.
Regular maintenance on the underlying platform, usually causing up to 2 restarts per replica.

Maintenance Windows

This is an automated recurrence once a week. The day and time can be configured per service instance, whereas by default it is a random time in the night from Tuesday to Wednesday.

Users responsibilities

As a DevOps company, we believe in its collaborative approach. Flawless service is only possible through a sense of responsibility on both sides. Accordingly, we rely on the user to consider the following points:

Choose reasonably sized resources for the software consuming the service
Act early when an increase in service usage is foreseen (for example increase resources)
Rely on best-practices for using the service
Choose a matching service level for your use-case