Release Notes 24.12
This document describes announcements and discontinuations in the scope of services of ix.Cloud.
Announcements
This section describes changes to existing functionalities and the introduction of new features and services that were introduced in the scope of this release.
NewBackup
The Backup Service is being adjusted with the introduction of "NewBackup" regarding the expanded service scope. In addition to access control and data encryption, backup data cannot be modified or deleted during the entire retention period (Immutable Backup). Furthermore, backup profiles have been optimized with extended retention periods.
Database Security Audit
The Database Service is being expanded with the Database Security Audit service.
We offer this service in 2 parts, a mandatory and optional part. The mandatory Database Security Audit is provided with every MSSQL and PostgreSQL instance. The optional Database Security Audit can be added via Change Request.
Database Services
Patch Management
- Patches are deployed every 4 weeks in 3 waves
- Systems that cannot be patched automatically are patched manually on a monthly basis. The patching process and all relevant information are documented in Confluence.
- For Emergency Patching, an identified critical vulnerability is patched immediately.
Logging
- Systems are logged by our monitoring, including event logs, logins, and records of administrator accounts.
- Logs are stored online for 90 days, statistics are retained for 360 days.
- Monitoring ensures that logs are continuously recorded. In case of failure, a ticket is automatically sent to operations.
Malware Protection
- Malware protection is ensured through protection via the Operating System.
Container Registry
The Container Registry Service has been expanded with an additional service option "CVE allowlist". A whitelist can be created for each project/repo. This applies to all images in this location (see Service Catalog Container Registry as a Service).
Namespace as a Service
There are applications that cannot work around ResourceQuotas or Networkpolicy from the namespace. These can be disabled when ordering the namespace.
AnyCloudK8s
AnyCloudK8s is an agnostic container platform and offers full flexibility and independence from the underlying cloud provider. This gives you maximum support for the development and management of cloud-native applications. Additionally, persistent storage according to SLA Rhodium and SLA Silver is now automatically integrated (see AnyCloudK8s).
Discontinuations
This section lists features and services that are being removed from the scope of services with this release.
info
For discontinuations, migration can be supported by Inventx via Change Request.
Container Services Agile Factory (Rancher Product)
Reminder discontinuation Agile Factory Rancher product Release Notes 24.09
Change Log
Textual changes in the Service Catalog are described per release in the Change Log.
The goal is to provide a transparent and traceable medium for content changes.
| New | Old | Where |
|---|---|---|
| Positions marked with "◻" are not included in the base price but can be ordered optionally. Billing is done according to a separate price list. | Positions marked with "◻" are not included in the base price but can be ordered optionally. Billing is done according to a separate price sheet. | Character Legend |
| <Adjustment of response times for P1 and P2 / P3 and P4 deleted> |  |
on site Time Response Times |
| <Table deleted> |  |
on site Time Recovery Times |
| <Adjustment of response times for P1 / P3 and P4 deleted> |  |
on call Time Response Times |
| <Table deleted> |  |
on call Time Response Times |
| With the Rack Collocation service, the customer rents a complete, dedicated rack or the desired number of rack units in a shared rack in Inventx's data centers via "Generic Request". The systems are in this case managed by the customer themselves. Power consumption is billed individually and according to actual consumption. The power price is adjusted annually according to the price level of electricity suppliers. This service is not available as a standalone service, but only in combination with other services from this service catalog. Customers benefit from this service in cases where, in addition to the cloud service, a solution is needed for hosting non-cloud-capable applications, systems, or appliances. | With the Rack Collocation service, the customer rents a complete, dedicated rack or the desired number of rack units in a shared rack in Inventx's data centers via "Generic Request". The systems are in this case managed by the customer themselves. Power consumption is billed individually and according to actual consumption. The power price is adjusted annually according to the price level of electricity suppliers. This service is not available as a standalone service, but only in combination with other services from this service catalog. Customers benefit from this service in cases where, in addition to the cloud service, a solution is needed for hosting non-cloud-capable applications, systems, or appliances. | Rack Collocation |
|
Emergency Recovery RTO and RPO define in the context of an emergency the maximum duration for recovery (RTO) of an application, system and/or process and the maximum data loss (RPO). |
Disaster Recovery The Service Levels for Disaster Recovery define in the context of an IT catastrophe the maximum duration for recovery (RTO) and the maximum data loss (RPO) of the service. |
Disaster Recovery |
| The constellation in an emergency can be very different and can have an impact on this service level. The value depends very strongly on the number of simultaneous recovery operations, i.e., with multiple simultaneous recovery operations, the value per recovery operation can be lower. For a recovery operation, a guideline value in the range of 200-400 MB/s can be assumed. |
The Service Level RTO is the maximum allowable time span for recovery of an IT service following an interruption. The constellation in a disaster can be very different and can have an impact on this service level. The value depends very strongly on the number of simultaneous recovery operations, i.e., with multiple simultaneous recovery operations, the value per recovery operation can be lower. For a recovery operation, a guideline value in the range of 200-400 MB/s can be assumed. |
RTO, Recovery Time Objective |
| Damage events caused by manipulated or corrupted data are covered exclusively by backup-relevant quality elements in the SLA. This means that if corrupted data exists in the live system, it can only be corrected from a backup, and the specified RPO thus does not apply. |
The Service Level RPO defines how much data/transactions between the last backup and the system failure may be lost at most. Damage events caused by manipulated or corrupted data are covered exclusively by backup-relevant quality elements in the SLA. This means that if corrupted data exists in the live system, it can only be corrected from a backup, and the specified RPO thus does not apply. |
RPO, Recovery Point Objective |
| Inventx is ISO 27001 certified by the Swiss Association for Quality and Management Systems (SQS), covering the entire company with all locations/processes including the three data centers. Furthermore, all controls that can be applied to Switzerland are valid - Inventx is thus certified across the entire company with all controls and additionally has ISO 27017 and ISO 27018 confirmed by SQS. | Inventx is ISO 27'001 certified by the Swiss Association for Quality and Management Systems (SQS), covering the entire company with all locations/processes including the three data centers. Furthermore, all controls that can be applied to Switzerland are valid - Inventx is thus certified across the entire company with all controls and additionally has ISO 27'017 and ISO 27'018 confirmed by SQS. | Certifications |
| The corresponding resources are removed from the target system. | The corresponding resources are removed from the target system. | Deletion of a Resource |
|
The maximum value is not limited, so it is up to the customer to define it according to the available resources on the Agile Factory. NOTE The Memory Quota must be chosen carefully, as it can cause applications to crash if it is set too low KubeConfig Each Container Namespace has a Service Account. This account can be ordered with different permissions. Either as an Admin Service Account or as a Viewer. In addition to the Service Account, a token is also created, which expires after the defined "Time to Live" expiration time. The definition of whether the permission should be Admin or Viewer can only be set when creating the Container Namespace. The KubeConfig can be displayed and copied. If the KubeConfig has expired (reaching the Time to Live), it can be renewed. This ensures that the permission on the namespace does not always have the same credentials. NOTE The Container Namespace can only be deleted on the target cluster if it was ordered with admin rights. |
The maximum value is not limited, so it is up to the customer to define it according to the available resources on the Agile Factory. NOTE The Memory Quota must be chosen carefully, as it can cause applications to crash if it is set too low KubeConfig Each Container Namespace has a Service Account. This account can be ordered with different permissions. Either as an Admin Service Account or as a Viewer. In addition to the Service Account, a token is also created, which expires after the defined "Time to Live" expiration time. The definition of whether the permission should be Admin or Viewer can only be set when creating the Container Namespace. The Kubeconfig can be displayed and copied. If the Kubeconfig has expired (reaching the Time to Live), it can be renewed. This ensures that the permission on the namespace does not always have the same credentials. NOTE The Container Namespace can only be deleted on the target cluster if it was ordered with admin rights. |
Container Namespace |
| Existing services may only be discontinued, reduced in scope, or otherwise changed to the detriment of the customer if Inventx informs the customer in writing at least six (6) months in advance. | Existing services may only be discontinued, reduced in scope, or otherwise changed to the detriment of the customer if Inventx informs the customer in writing at least six (6) months in advance via release notes. | Changes to the Scope of Services |
| Inventx can adjust prices downward at any time and implement them with each release. Price increases are communicated to the customer in writing at least four (4) months in advance. | Inventx can adjust prices downward at any time and implement them with each release. Price increases are communicated to the customer in writing at least four (4) months in advance via release notes. | Price Changes |
| The listed statutory bases as well as the regulatory requirements from the next chapter are reviewed at least annually by external experts, provided that contractual obligations and responsibilities have been transferred to Inventx. Furthermore, the so-called "Legal Register" for inventorying the relevant statutory bases is updated annually and possible impacts on the services to be provided are assessed. Here too, the contractually transferred obligations for operating the relevant infrastructure components and the resulting responsibilities form the basis. | The listed statutory bases as well as the regulatory requirements from the next chapter are reviewed at least annually by external experts, provided that contractual obligations and responsibilities have been transferred to Inventx. Annually, the so-called "Legal Register" for inventorying the relevant statutory bases is updated and possible impacts on the services to be provided are assessed. Here too, the contractually transferred obligations for operating the relevant infrastructure components and the resulting responsibilities form the basis. | Statutory Bases |
| Compute Services are used to deploy, host, and manage workloads. This section describes the different services and their options with regard to Compute Services of ix.Cloud. | Compute Services are used to deploy, host, and manage workloads. This section describes the different services and their options with regard to Compute Services of ix.Cloud. | Compute Services |
| Hardware profiles are divided into two types (Standard and Highclock). The Standard hardware type has processors with a low clock frequency and is suitable for use with multithreading-capable applications. The Highclock hardware type, on the other hand, uses processors with increased clock frequency and is particularly suitable for applications that are not multithreading-capable. | Hardware profiles are divided into two types (Standard and Highclock). The Standard hardware type has processors with a low clock frequency and is suitable for use with multithreading-capable applications. The Highclock hardware type, on the other hand, uses processors with increased clock frequency and is particularly suitable for applications that are not multithreading-capable. | Hardware Profiles |
| System Management Services support customers in resilient management of VMs and applications scalably at the infrastructure level. The application owner can thus use a standard tool set and focus entirely on fulfilling their core responsibilities, the management of their business applications. | System Management Services support customers in resilient management of VMs and applications scalably at the infrastructure level. The application owner can thus use a standard tool set and focus entirely on fulfilling their core responsibilities, the management of their business applications. | System Management Services |
| The continuous correction of software with regard to stability, security, and currency. | The continuous correction of software with regard to stability, security, and currency. | Managed OS Patching |
| With "Container Services", ix.Cloud offers a comprehensive tool set for fully automated deployment and efficient management of micro-services. You focus entirely on your applications and processes, while Inventx operates the infrastructure for you and continuously develops it further. | With "Container Services", ix.Cloud offers a comprehensive tool set for fully automated deployment and efficient management of micro-services. You focus entirely on your applications and processes, while Inventx operates the infrastructure for you and continuously develops it further. | Container Services |
| For persistent data, the Agile Factory is equipped with persistent storage in the initial setup. If needed, the Kubernetes cluster can be expanded with additional persistent storage. Typically, persistent storage is obtained from the File Storage service. Optionally, the Object Storage service can also be used as persistent storage. | For persistent data, the Agile Factory is equipped with persistent storage in the initial setup. If needed, the Kubernetes cluster can be expanded with additional persistent storage. Typically, persistent storage is obtained from the File Storage service. Optionally, the Object Storage service can also be used as persistent storage. | Container Services | Persistent Storage |
| Through the Authentication Authorization Infrastructure (AAI) and the LDAP Operator, an individual RBAC concept can be implemented. For this, customer-defined AD groups and Kubernetes cluster roles are linked together. | Through the Authentication Authorization Infrastructure (AAI) and the LDAP Operator, an individual RBAC concept can be implemented. For this, customer-defined AD groups and Kubernetes cluster roles are linked together. | Container Services | Permission Management |
| Namespaces are central in Kubernetes and a key element. Namespaces allow developers to build their projects modularly and separate certain aspects into separate files. This way, you can modernize your applications and reduce complexity, allowing the developer to focus on the essentials. | Namespaces are central in Kubernetes and a key element. Namespaces allow developers to build their projects modularly and separate certain aspects into separate files. This way, you can modernize your applications and reduce complexity, allowing the developer to focus on the essentials. | Container Services | Container Namespace |
| Per subscription, it can be defined which target destinations can be used. This allows you to specifically define which users can deploy a Container Namespace or application on which Agile Factory. | Per subscription, it can be defined which target destinations can be used. This allows you to specifically define which users can deploy a Container Namespace or application on which Agile Factory. | Container Namespace | Target Destination |