Hosting Services - Functionality

General

Code Repository

Alokai provides Gitlab/Github Code Management - Git repository hosting and a Git-based deployment process.

Automatic Deployments

Alokai delivers a fully automated deployment flow with change logs (git-log) and a seamless restore process in case of any failure.

Programmatic Access

Alokai provides two ways for programmatic access to the platform: CLI and REST API. Both options allow customers to retrieve detailed information about their application (including instance status, logs).

REST API - https://docs.vuestorefront.io/cloud/v2/api/swagger.html
CLI - https://docs.vuestorefront.io/cloud/v2/guide/access-to-logs.html#access-via-cli

Access and Error Logging

For ad-hoc log analysis, Alokai provides the ability to access logs via programmatic access (CLI or REST API).
Alokai also supports log streaming directly to the customer log analysis platform.

Supported are Azure Log Analytics, DataDog and New Relic. Additional integrations to 3rd party log analysis platforms can be provided upon request.
Documentation: https://docs.vuestorefront.io/cloud/v2/guide/access-to-logs.html

Alokai CDN

Fast, reliable web and static content delivery with global scale and reach
Alokai leverages Google Cloud CDN global infrastructure to deliver Alokai Javascript and CSS assets.

GCP Cloud CDN uses over 100 locations (Points of Presence) to cache content – https://cloud.google.com/cdn/docs/locations

CDN caching rules are optimized for Alokai application workloads and further can be fine-grained by using application’s Cache-Control headers.
For other digital assets we recommend using a service which is dedicated for image & video optimization.

Monitoring and Troubleshooting

Alokai troubleshoots fast by proactively detecting and resolving issues.
Alokai uses extensive internal observability tooling based on GCP standards. As part of the standard practice, once a month Alokai provides to customers uptime parameters from the UptimeRobot service. Monitoring data can also be provided at any other time, upon request.

Level of Alerts

To protect our customers’ customer experience we use full-stack alerting.
Alokai employs Metrics Explorer, Alerting, Uptime Checks and Logging provided by GCP as depicted here: https://cloud.google.com/monitoring . These are integrated with UptimeRobot and PagerDuty.
External monitoring checks the availability and performance metrics (response codes/response times) hosted on Alokai service. In addition, Alokai uses GCP tools detailed above that report performance metrics and alerts to Alokai in case of incidents or failures.

Web Application Firewall & Advanced DDoS Attack Mitigation

Alokais provides Google Cloud Armor to protect against denial of service and web attacks.
WAF is configured following industry best practices (e.g. OWASP TOP10) and our expert knowledge based on the overall traffic analysis of our Cloud Platform.
Documentation:

PCI level 4 & ISO 27001 compliant infrastructure

Alokai uses GCP for infrastructure which is PCI and ISO compliant.
It is important to note that Alokai does not store any data. Traffic to the customer-facing applications is encrypted “in-transit” (HTTPS).

Managed Monitoring, Threat Detection & Response

Vue storefront uses native GCP services - Cloud Logging & Monitoring to detect traffic anomalies.

Audited and Pentested Application & Infrastructure

Alokais runs PCI compliance audits and penetration tests. Additionally, customer-initiated scans and penetration tests are supported, upon request.
Internally, we use secure coding practices. Fundamentally, we utilize Infrastructure as Code approach to provision our infrastructure.

All changes to our infrastructure are auditable and need to pass the code review process.
Our process also includes automated security scanning. We validate each change to our infrastructure based on the industry standards such as OWASP TOP10 and CIS Benchmarks.