GitLab by VSHN

GitLab, managed by VSHN for you.

GitLab is the most comprehensive DevSecOps Platform.

— GitLab Website
Availability of the service
  • Any cloud

  • On-premises


Flexible sizing

All combinations of CPU/RAM/Storage are supported as per the underlying infrastructure. See Requirements below.

Dedicated GitLab server instance

You don’t have to share the GitLab with any other customer. You control where your data is located and how the system is accessed to ensure the highest level of compliance.

Control over the configuration

The User management gives full administrative access to the GitLab configuration, the user management, and the repositories allowing tweaking the GitLab to the requirements.

Works with all GitLab plans: Free, Premium, and Ultimate

No matter if you prefer the Free (previously Community Edition CE), Premium, or Ultimate (previously Enterprise Edition EE) GitLab plans, we can take care of the server management and the [licensing]( for you.

More GitLab features compared to GitLab SaaS

See the "only available on Self-Managed" features on the GitLab website.

Flexible GitLab CI workers

You can choose to bring your own GitLab CI workers, let VSHN manage dedicated workers for you, or integrate a Kubernetes cluster to schedule CI jobs as pods and auto-scale the cluster.

Supported Installations

Supported versions:

  • GitLab 15

  • GitLab 16

Once a version isn’t supported anymore by the upstream project, we’ll stop supporting the version as well.

Supported Installations: Currently, we deploy all Gitlab instances on single virtual machines. We are in the development of the Managed Gitlab on Kubernetes service.

Upgrade Policy

  • We only support a version as long as it’s supported upstream

  • 3 months before the support ends ("Final Release") the grace period starts, and you’re urged to migrate to a supported version

  • Once the support for a service has ended, all service management stops. The service might continue to run but without any guarantee.

Service properties

Configuration Management

All VSHN managed services including the operating system and its core components are configured, enforced and versioned by the VSHN Configuration Management which is based on Puppet Server. This notably includes the following aspects of the server (operating system):

  • Basic server configuration using current best practices

  • Hardening by configuration incl. continuous improvements

  • SSHd configuration

  • IPtables (local firewall)

  • NTP (timezone and time sync)

  • DNS resolvers

  • Enforcement of package repositories

  • Semi-automated weekly package updates (see Maintenance)

  • Puppet agent to use our Puppet Server infrastructure

  • Security-related configuration changes (0-day mitigation)

  • Users and Groups

    • SSH keys

    • SSH access (who is allowed to log in via SSH)

    • sudo restrictions

    • dotfiles per user

  • Backup of all system-relevant files (see Backup)

  • VSHN Central Monitoring of relevant (defined by VSHN) aspects of the system (see Monitoring)


To ensure secure and stable systems VSHN performs weekly updates for all system packages and software. The regular maintenance window may be skipped or rescheduled due to external circumstances, such as conflicting public holidays. During maintenance windows, service downtimes may occur. The customer can choose from different maintenance windows. We only perform automated updates as part of the service for minor releases of the software. Major updates have to be requested by the customer via a change request.

In addition to regular maintenance VSHN also announces emergency maintenance windows to address severe vulnerabilities.

The maintenance process and possible maintenance windows are described in the VSHN Knowledge Base.


As the server including all managed services itself can be recreated from our Configuration Management we only backup folders where we expect customer data to be placed. The backup concept is currently based on burp with VSHN pre- and post-backup tools to ensure consistent backups of services.

  • The folders we backup are visible to the customer in our portal Server Management.
    Should the customer need files backed up anywhere else on the server he needs to inform VSHN and request to add the files to the backup

  • All data is encrypted on the client and the encrypted data is then sent to the backup server

  • The data transport between the client and server is done over a TLS-encrypted connection

Further backup and restore documentation is available in the VSHN Knowledge Base.

Backup schedule & retention

The Backup runs daily. A fixed start time, multiple backup runs per day and shorter intervals are available as options.

By default, we have the following retention policy. Keep the last:

  • daily backups for 7 days

  • weekly backups for 4 weeks

This guarantees to keep 7 backups in a row, plus 4 on multiples of 7. The backup schedule & retention configuration is visible in the VSHN Configuration Management.

Backup location

In the default configuration, Managed Servers including all Managed Services are configured to backup to an off-site backup target, which is automatically selected by VSHN and can change at any time. By default, backup targets are in state-of-the-art Swiss data centers. Custom locations are available on request. 100 GB Backup Storage per customer is included.


All Managed Servers are automatically (see Configuration Management) part of the VSHN Central Monitoring system. Systems are monitored and metrics are collected 24/7. Depending on the Service Level Agreement (SLA) options, VSHN reacts to monitoring alerts 24/7 or at least during VSHN business hours. The list of monitored aspects of the Managed Server and Managed Services and the methods used are constantly changing to improve observability and proactive operations. Currently, the list notably includes:

  • Disk space and I/O performance metrics

  • CPU utilization and Linux load

  • Memory and swap space usage

  • Network utilization and out-of-memory killer

  • Reachability (server connected to our monitoring)

  • Puppet agent is running periodically and applying the catalog correctly

  • System time sync (NTP)

  • DNS resolving

  • Mount Point health

  • Mail sending queue

  • Maintenance aspects (reboot required, pending package updates, package pre-download)

  • Backup (running in the configured interval, error handling of last backup run)

  • Service-specific checks for all services running on the Managed Service
    By default, each Service is checked to be up and running. Service-specific monitoring is defined in individual service product definitions.


The base setup of all VSHN Managed Services is included in the monthly recurring fees during the minimum contract term and not billed separately. Any additional effort caused by the cloud provider or on-premises installations (e.g. no automated installation via API available, manual OS installation required, difficulties with network and firewalls, etc.) and any customization of the service will be invoiced.

  • If VSHN has access to the cloud provider console or API, VSHN creates new systems as needed (as ordered or within the project scope).

  • If VSHN has no access to create systems, the customer creates the systems according to the specs defined by VSHN. The customer gives root access to VSHN for initial configuration management takeover.


VSHN Managed Services include the use of the VSHN Support organization which is available according to the chosen Service Level Agreement (SLA) options.

Incident Handling

  • Resolution of incidents not caused by the customer or a 3rd party is included and not billed

  • Resolution of incidents caused by the customer or 3rd party (e.g. cloud provider) are not included and usually billed

Support Requests

  • Occasional support questions regarding the Managed Service (up to 15min efforts each) are included and not billed

  • Occasional support requests regarding small (<15min effort each) and isolated changes (low risk, well-known or documented process) are included and not billed, this notably includes the following:

    • Adding and removing SSH/system users

    • Change of maintenance windows

    • Adjustment of monitoring thresholds

    • Change of local firewall rules, DNS resolvers, NTP servers and similar system options

  • All other support requests are not included and are usually fully billed

VSHN asses what low-risk, well-known or occasional means, should this be necessary - we favor a fair-play approach here.

Change requests

Changes are assessed by our Service Desk and/or the Customer Service Manager and the customer is informed of the estimated effort first. Changes are usually fully billed as long as not explicitly stated otherwise.


Contact us at