VSHN Managed Server

While VSHN believes that standard services should ideally be self-serviced (e.g., using Servala or AppCat) and that custom software belongs in containers, tested and deployed to Kubernetes via a CI/CD or GitOps flow, there are scenarios where a dedicated server is the better fit.

This is often due to operational requirements such as special network configurations, advanced or large-scale data handling, or the need to run software that does not integrate well with Kubernetes or is not supported on Kubernetes by the vendor. For these situations, VSHN can build a (partly) Managed Service for most open source and third-party Linux standard software based on the VSHN Managed Server.

Building Block Type

The Managed Server serves as the foundation for other services that need a Linux server.

It must always be part of a Solution in combination with a Service Building Block.

All aspects of the service running on this server are defined in their specific building block or in the custom solution. Services based on the Managed Server inherit all defaults defined here, but may override or extend them.

Type	🟦 Managed Standard Software
Level	🧱 Base
Primary Managed Software	Ubuntu Server LTS
Primary Management Framework	VSHN Puppet Infrastructure and Profiles

Type

🟦 Managed Standard Software

Level

🧱 Base

Primary Managed Software

Ubuntu Server LTS

Primary Management Framework

VSHN Puppet Infrastructure and Profiles

Included Services

The following services, whether automated or manual effort by VSHN, are included in the base monthly fee.

Software Security and Minor Updates

Periodic automated (unattended) package updates (all base server installed packages)
Short-notice updates to mitigate severe and urgent security issues
Selectable maintenance window (same as for Major Configuration Changes)
Reaction to and fixing of update issues

Configuration Management

Automated and state-ensuring configuration management of all relevant aspects of the operating system and needed base services, according to VSHN best practices
Planned roll-outs of Major Configuration Changes that could impact the service
Short-notice workaround or fix to mitigate severe and urgent issues

Backup & Disaster Recovery

Server can be recreated from managed configuration and VSHN daily backups.
Only system configuration is included — not user data or application consistency.

The service using the Base Managed Server defines the recovery concept and backups specifically for that server.

Monitoring and Incident Resolution

VSHN monitors base aspects of all VSHN Managed Servers and reacts to alerts in a reasonable time to fix impacted services.
Optionally, VSHN can guarantee the availability of the base server.

See Service Level Indicators & Objectives.

Service Level Indicators & Objectives

Please refer to Service Levels for further information about service levels. Also, check out "What does SLI / SLA / SLO mean?" for more information about these terms.

Monitoring (and potential guarantees) are defined in the services using the Base Managed Server.

Service Level Indicator	VSHN Internal Objective (SLO)	Customer Objective (SLO)
Server is up and running Server sends health checks every minute to VSHN central monitoring. Monitoring triggers if no heartbeat is received.	99.99%	99%, best-effort Optional Guaranteed Availability
OS and Tooling Software Up-to-date Available, relevant minor and security updates are not delayed more than the defined time. Outdated packages are reported to VSHN monitoring.	1 week	1 month, best-effort
Backup Completes Successfully Server reports backup results daily to VSHN monitoring. Indicates days without a successful backup.	1 day	3 days, best-effort
Managed Configuration is ensured Server reports Puppet run results multiple times a day. Monitoring checks for missing results.	1 day	7 days, best-effort

Service Level Indicator

VSHN Internal Objective (SLO)

Customer Objective (SLO)

Server is up and running: Server sends health checks every minute to VSHN central monitoring. Monitoring triggers if no heartbeat is received.

99.99%

99%, best-effort
Optional Guaranteed Availability

OS and Tooling Software Up-to-date: Available, relevant minor and security updates are not delayed more than the defined time. Outdated packages are reported to VSHN monitoring.

1 week

1 month, best-effort

Backup Completes Successfully: Server reports backup results daily to VSHN monitoring. Indicates days without a successful backup.

1 day

3 days, best-effort

Managed Configuration is ensured: Server reports Puppet run results multiple times a day. Monitoring checks for missing results.

1 day

7 days, best-effort

Pricing

The price depends on the Service Levels — see Service Level Indicators & Objectives on how it applies to the Managed Server — and whether a custom Puppet Environment is needed.

Per Managed Server

Best-Effort	Guaranteed Availability
CHF 176.- / month per server	CHF 200.- / month per server Automatically selected if a service on top of the base server is on "Guaranteed Availability".

Best-Effort

Guaranteed Availability

CHF 176.- / month per server

CHF 200.- / month per server
Automatically selected if a service on top of the base server is on "Guaranteed Availability".

Puppet Environment Base Fee

Managing a Puppet environment is (even if automated) a recurring effort done by VSHN, to keep Puppet modules and VSHN Puppet profiles up to date. When we need custom Puppet profiles for a solution or pin installed software to specific versions, this effort increases, usually due to dependency issues.

	Standard	Custom Environment
Price	CHF 0.-	CHF 200.- / month per solution
Included	Temporary environments that VSHN needs to test something or as a workaround	Solution only uses VSHN standard Puppet profiles, nothing customer-specific AND the configuration doesn’t require pinning to a specific version of the managed software components.
Conditions	1 Production Environment 1 Test Environment	Solution requires custom Puppet profiles OR we’re required to pin to a specific version of Puppet profiles or installed software Also applies to custom solutions if the customer has fewer than 20 paid Managed Servers total; exceptions can be made based on total customer revenue.

Standard

Custom Environment

Price

CHF 0.-

CHF 200.- / month per solution

Included

Temporary environments that VSHN needs to test something or as a workaround

Solution only uses VSHN standard Puppet profiles, nothing customer-specific
AND the configuration doesn’t require pinning to a specific version of the managed software components.

Conditions

1 Production Environment
1 Test Environment

Solution requires custom Puppet profiles
OR we’re required to pin to a specific version of Puppet profiles or installed software

Also applies to custom solutions if the customer has fewer than 20 paid Managed Servers total; exceptions can be made based on total customer revenue.

Options

Option	Price
Encrypted Disk Encrypted user data partitions Unlocking (VSHN-managed)	CHF 44.- / month per server
Additional Data Backup Capacity 100 GB storage per customer is included	CHF 15.- / month per additional 100 GB

Option

Price

Encrypted Disk

Encrypted user data partitions
Unlocking (VSHN-managed)

CHF 44.- / month
per server

Additional Data Backup Capacity: 100 GB storage per customer is included

CHF 15.- / month
per additional 100 GB

Setup and Engineering

Activity	Billing
Initial default setup (with 12-month term)	Included
Extra setup/customization due to IaaS/on-prem/manual steps	Billed by the hour

Activity

Billing

Initial default setup (with 12-month term)

Included

Extra setup/customization due to IaaS/on-prem/manual steps

Billed by the hour

Changes and Support

Activity	Billing
Occasional minor usage support or changes (like adding a user, changing the maintenance window, etc.)	Included (15 min per request, ~2 per month per solution)
Incident handling (related to defined SLIs and towards SLO, not caused by customer or third-party)	Included
Major Version Upgrades	Offered first, billed by the hour
Any other manual effort	Billed by the hour

Activity

Billing

Occasional minor usage support or changes
(like adding a user, changing the maintenance window, etc.)

Included
(15 min per request, ~2 per month per solution)

Incident handling
(related to defined SLIs and towards SLO, not caused by customer or third-party)

Included

Major Version Upgrades

Offered first, billed by the hour

Any other manual effort

Billed by the hour

Supported Software

Operating System

VSHN provides Ubuntu Server LTS only.
New systems are installed with the current LTS version only.
Systems become unmanaged by VSHN after the end of the "Standard security maintenance for Ubuntu Main” period.
Exceptions need to be defined and offered per solution proactively.

Services

VSHN can make a "Managed Standard Software" building block for most open-source or other third-party standard software and run it on the base server. See also Services Software.

We either use an existing, reusable standard software building block to make clear what we provide and how, or we create a custom-building block for the software the customer needs.

Examples: MariaDB, PostgreSQL, Kafka, RabbitMQ, Redis, Elastic, HAProxy, etc.

Unsupported Software

Software or their needed configuration conflicting with VSHN tooling (e.g., duplicate monitoring agents)
Custom-made software is not support directly on Managed Servers, see Custom-Made Software.

Under the Hood

Managed Configuration

Managed System / Base Services

SSH Server (OpenSSH)
Firewall (iptables)
NTP (Server Time)
DNS Resolving
Package Repositories (ensuring maintained and trusted sources for software packages)
Puppet Agent to use our Puppet Infrastructure
Linux System Users and Groups
- SSH keys of users
- SSH access (who is allowed to log in via SSH)
- sudo restrictions
- dotfiles per user
VSHN Monitoring Tooling (currently Icinga2)

Backup

VSHN configures a backup agent (Burp or Restic) to back up files from a managed server to an external location.

Backup of configuration files (for additional security and traceability of issues, even if configuration is managed). Folders we back up are visible to the customer in our portal: control.vshn.net — Server Management.
Data is encrypted on the client, and the encrypted data is then sent to the backup server through a TLS-encrypted and authenticated connection.

Further backup and restore documentation is available in the VSHN Knowledge Base.

Backup Schedule & Retention

The backup runs daily. A fixed start time, multiple backup runs per day, and shorter intervals are available as options.

By default, we have the following retention policy. Keep the last:

Daily backups for 7 days
Weekly backups for 4 weeks

Backup Location

By default, backups are sent to and stored at an off-site backup target, which is automatically selected by VSHN and can change at any time.

Default backup targets are in state-of-the-art Swiss data centers.
Backup targets are either VSHN Managed Servers or S3 object storage services from a trusted cloud provider.

Custom locations are available on request.

OS Upgrade Policy

For upgrading the underlying Ubuntu version, we prefer to perform an in-place upgrade of the VM in coordination with our customers.

VSHN can also offer to set up a separate server and migrate the data in a coordinated effort with our customers.
Major upgrades are always offered and considered fully billable effort — see Changes and Support.

Requirements

Access Needed by VSHN

VSHN requires dedicated root access to the server and will overwrite all configuration on the server. Usually, a fresh (empty) VM is required, provisioned automatically by VSHN.

VSHN provides a list of services that must be reachable from all Managed Servers at any time and without manual intervention.
Managed Servers must be accessible by VSHN employees and automation systems at all times — manual methods such as personal VPN clients, remote desktop jump hosts, hardware devices, and customer notebooks are excluded.
VSHN can optionally provide required SSH and VPN jump hosts and is usually able to comply with most customer information security policies.
VSHN employee and service user accounts are exclusively managed via VSHN Configuration Management.

Services Software

VSHN uses open source software wherever possible. In rare cases, commercial products are used as defined in the respective service building block definition.

Software is typically installed in the latest stable release version.
Support is provided until official end-of-life.
VSHN contacts customers early before end-of-life to plan major upgrades.
Major upgrades are generally performed by provisioning new servers and migrating services and data — billed as a one-time effort.

Custom-made software is usually not supported on Managed Servers, see Custom-Made Software.

IaaS Provider

VSHN supports running Managed Servers (and thus Managed Services) on any IaaS provider that meets the following criteria:

Automated VM installation with a VSHN-supported Linux distribution, including:
- Initial SSH access
- Internet access/network configuration
- Package repositories
Custom images for automated VM provisioning
Flexible storage options:
- Disk resizing
- Multiple disks
- Attach/detach options
- Fast local vs. redundant network storage

Infrastructure / VM Sizing

Virtual Machines must be properly sized. VSHN recommends assessing infrastructure sizing (CPU, memory, disk, I/O, network) during solution design, sales, setup, and ongoing operations. Backup, Puppet, and monitoring components also require adequate resources.

VSHN may resize the infrastructure to meet the minimum requirements to operate a server at any time; this can result in higher recurring provider costs.

Constraints & Limitations

Additional effort caused by non-compliant providers or on-premises setups is billed by the hour. Recurring manual effort may lead to increased or additional monthly recurring costs.
If the infrastructure cannot be adequately sized within a reasonable time due to infrastructure provider restrictions or customer inaction, VSHN may remove the server from the Managed Service Framework after two consecutive warnings within 30 days. The server will be marked as unmanaged until further notice, and the customer will be informed. See also Infrastructure / VM Sizing above.

Custom-Made Software

Custom software, meaning applications that are developed by the customer or specifically for the customer, needs a proper CI/CD flow and belongs in containers.

The reason is the missing separation between the software stack and dependencies of the custom application and the platform (the server, with its OS packages and VSHN tooling).

Not having this separation makes it hard to nearly impossible to test software in a defined and contained state to ensure that it runs in production (our servers) when tested on other systems first (the “it worked in dev / it worked on my notebook” issue).
Operating system or VSHN tooling software updates can easily impact and often break the custom software.
Blurry responsibilities between Devs and VSHN (e.g., PHP version and extensions, HTTP rewrites, redirects, permissions, folder structures, etc. — controlled by VSHN, but the application defines what is needed).

Exceptions are possible for special requirements or to support legacy setups.