Hosting Services - Functionality

General

• VSF API-first Architecture

• Vue Storefront Cloud configuration options are available via API. 

• Documentation: https://docs.vuestorefront.io/cloud/v2/api/swagger.html

Workflows and Deployments

Code Repository 

• Vue Storefront provides Gitlab/Github Code Management - Git repository hosting and a Git-based deployment process. 

• Documentation: https://docs.vuestorefront.io/cloud/v2/guide/ci-cd.html#ci-cd

Automatic Deployments

• Vue Storefront delivers a fully automated deployment flow with change logs (git-log) and a seamless restore process in case of any failure.

• Documentation: https://docs.vuestorefront.io/cloud/v2/guide/ci-cd.html

Programmatic Access

• Vue Storefront provides two ways for programmatic access to the  platform: CLI and REST API. Both options allow customers to  retrieve detailed information about their application (including instance status, logs).

• Documentation: 

1. REST API - https://docs.vuestorefront.io/cloud/v2/api/swagger.html

2. CLI - https://docs.vuestorefront.io/cloud/v2/guide/access-to-logs.html#access-via-cli

Access and Error Logging

• For ad-hoc log analysis, Vue Storefront provides the ability to access logs via programmatic access (CLI or REST API). 

• Vue Storefront also supports log streaming directly to the customer log analysis platform.

• Supported are Azure Log Analytics, DataDog and New Relic. Additional integrations to 3rd party log analysis platforms can be provided upon request. 

• Documentation: https://docs.vuestorefront.io/cloud/v2/guide/access-to-logs.html

Vue Storefront CDN

• Fast, reliable web and static content delivery with global scale and reach

• Vue Storefront leverages Google Cloud CDN global infrastructure to deliver Vue Storefront Javascript and CSS assets.

• GCP Cloud CDN  uses over 100  locations (Points of Presence) to cache content – https://cloud.google.com/cdn/docs/locations

• CDN caching rules are optimized for Vue Storefront  application workloads and further can be fine-grained by using application’s Cache-Control headers.

• For other digital assets we recommend using a service which is dedicated for image & video optimization.

Performance Monitoring

Monitoring and Troubleshooting

• Vue Storefront troubleshoots fast by proactively detecting and resolving issues.

• Vue Storefront uses extensive internal observability tooling based on GCP standards.  As part of the standard practice, once a month Vue Storefront provides to customers uptime parameters from the UptimeRobot service. Monitoring data can also be provided at any other time, upon request.

Level of Alerts

• To protect our customers’ customer experience we use full-stack alerting. 

• Vue Storefront employs Metrics Explorer, Alerting, Uptime Checks and Logging  provided by GCP as depicted here:  https://cloud.google.com/monitoring . These are integrated with UptimeRobot and PagerDuty.

• External monitoring checks the availability and performance metrics (response codes/response times) hosted on Vue Storefront service. In addition, Vue Storefront uses GCP tools detailed above that report performance metrics and alerts to Vue Storefront in case of incidents or failures. 

Security

Web Application Firewall & Advanced DDoS Attack Mitigation 

• Vue Storefronts provides Google Cloud Armor to protect against denial of service and web attacks.

• WAF is configured following  industry best practices (e.g. OWASP TOP10) and our expert knowledge based on the overall traffic analysis of our Cloud Platform.

• Documentation: 

• https://cloud.google.com/armor#section-6 and https://cloud.google.com/armor/docs/advanced-network-ddos

PCI level 4 & ISO 27001 compliant infrastructure 

• Vue Storefront uses GCP for infrastructure which is PCI and ISO compliant.

• It is important to note that Vue Storefront does not store any data. Traffic to the customer-facing applications is encrypted “in-transit” (HTTPS).

Managed Monitoring, Threat Detection & Response

• Vue storefront uses native GCP services - Cloud Logging & Monitoring to detect traffic anomalies. 

Audited and Pentested Application & Infrastructure

• Vue Storefronts runs PCI compliance audits and penetration tests. Additionally, customer-initiated scans and penetration tests are supported, upon request. 

• Internally, we use secure coding practices. Fundamentally, we utilize Infrastructure as Code approach to provision our infrastructure.

• All changes to our infrastructure are auditable and need to pass the code review process.

• Our process  also includes automated security scanning. We validate each change to our infrastructure based on the industry standards such as OWASP TOP10 and CIS Benchmarks.