Spokn uses Google cloud platform to host all the needed machines, DBs and APIs
All Infrastructure is hosted inside the US.
A single Security Group is the only one allowed to access the whole infrastructure
Infrastructure contains 2 separate VPC one for Production and one for Staging
VPCs are only accessible from a single machine that is exposed to the Internet and accessible through Tunneled SSH.
To access any machine you will use 2 SSH keys to reach your resource and get authenticated
Multi-Factor Authorization is used on all the systems inside GCP.
All SSH are 2048 RSA length.
Inbound traffic for Spokn Servers are managed by Google Load balancer which include a heavy intrusion detection and prevention measures.
If fake traffic is simulated to Spokn servers it will be directly blocked by firewall.
Main Production cluster is using Google Kubernetes to manage the workloads and scaling up/down when needed.
All inbound communication is done over SSL, certificates are managed by Google.
Spokn have 2 types of Information that being stored
Access to Spokn app will be through creating profile, we permit this action through:
All systems we have are monitored using a platform called Stackdriver from Google
System Health Check <> Back-end Latency
System Health Check <> CPU Utilization for K8s
System Health Check <> CPU Utilization for VMs
System Health Check <> Error logs rate is more than 50%
System Health Check <> Hits are huge [6000 rpm]
System Health Check <> K8s Pods Stability <> Restart count
System Health Check <> SQL CPU / Read is high
System Health Check <> Systems availability
Notification Policy for all monitors:
SMS for Production Engineers to check the problem
Periodical notification over Slack channel till the incident get solved
Postmortem and Incident report will be communicated to all our Enterprise customers and users.