Kiapo Private Clouds Service Description

Technical Overview

Kiapo Private Clouds is a robust private cloud infrastructure designed for small to medium enterprises. Built on open-source technologies across essential areas such as Storage, Networking, and Compute, Kiapo offers a stable, flexible, and cost-efficient solution for industries with high-performance computing needs and stringent regulatory requirements such as Science, Technology, Engineering, and Creative Fields.

Combining standards-based infrastructure with best practices, industry-specific policies, and management tools, Kiapo provides a strong foundation that allows organizations to seamlessly scale to hundreds of employees without typical pain points and setbacks. Its unified network architecture, encompassing both on-premises and data center resources, ensures optimal performance, scalability, and redundancy

At the heart of Kiapo Private Clouds is a powerful combination of storage, networking, and computing resources that forms a solid foundation for running essential business applications and services. This integrated approach allows organizations to deploy tools that directly support their strategic goals, helping them stay ahead of the competition. By leveraging this robust infrastructure, businesses can drive innovation, deliver exceptional customer service, and respond faster to changing needs, all while maintaining the flexibility to grow and adapt without disruption.

Additionally, Kiapo Private Clouds streamlines the provisioning and management of workstations, desktop environments, and key applications, leveraging trusted Microsoft-based technologies. Customers retain full control over their infrastructure, ensuring flexibility and avoiding vendor lock-in. With advanced tools for collaboration, communication, and compliance, Kiapo is the ideal choice for managing demanding workloads while maintaining control and compliance.

Terms and Definitions

Kiapo Private Cloud Team

The Kiapo Private Cloud team works at your data centers, on your premises, and remotely from our offices. They are responsible for the overall architecture, deployment, and ongoing management of your cloud infrastructure.

• Next Business Day (NBD) support: 8x5 desktop support available via phone, chat, and remote desktop access.
• On-site provisioning: Setup and configuration of storage, networking, and hypervisor infrastructure.
• Comprehensive on-site diagnostics: Troubleshooting and diagnostics for storage, networking, hypervisors, hardware, and other critical infrastructure components to ensure optimal system performance.
• Backend system management: Implementation and maintenance of backend systems supporting critical areas such as security, provisioning, communications, applications, collaboration, web services, and compliance, as well as other enterprise systems.

Kiapo Desktop Team

The Kiapo Desktop Team is responsible for desktop support and management. This team can be composed of:

• Customer staff: One or more technically proficient employees of the customer in an on-site support role, or
• Kiapo Desktop Support program: A comprehensive support solution providing:
• Next Business Day (NBD) support: 8x5 desktop support via phone, chat, and remote desktop assistance.
• On-site provisioning: Setup and configuration of new workstations and desktop systems.
• On-site diagnostics: Troubleshooting and issue resolution for desktop systems as needed.

The choice between these options depends on the customer's preferences and capabilities.

($$) - Additional Fees

Some services or features may incur extra costs beyond the Kiapo Private Cloud's base program. Typically, services related to maintaining the current state of the existing infrastructure and its core functions are covered under the base program fee. However, capacity expansions, enhancements, and the introduction of new features may result in additional per unit or per hour charges.

Private Cloud Architecture

When building a hybrid or private cloud, starting with the right network architecture is critical because it forms the foundation for performance, scalability, and security. The vertical stack—storage, network, and the hypervisor (or Kubernetes)—is essential because each layer depends on the one below it.

Equally important is network segmentation, which involves dividing the network into smaller VLANs or VXLANs. This segmentation is crucial for both security and performance. VLANs ensure that different types of traffic—whether it's VOIP, replication, or virtual machine traffic—stay in their own lanes, improving network performance and making it easier to troubleshoot issues.

Storage

Architectural components

• ZFS based Storage Servers with redundant cooling, power and management
• CEPH based Storage Clusters at larger sites
• Mirrored Pools of high speed NVMe solid state storage for high performance data in hot-swap enclosures
• Mirrored Pools of larger capacity hard drives for streaming media or longer term storage, in hot-swap enclosures
• High speed fiber network connections
• iSCSI targets over dedicated SAN interfaces
• NFS targets over dedicated SAN interfaces

Services

• Initial provisioning and configuration of systems ($$)
• Active monitoring of storage health including server metrics, disk metrics and network metrics
• 8x5 NDB response and remediation for failed drives
• Active performance monitoring and optimization of real data transmission performance
• Planning, acquisition, installation and configuration of new or re-provisioned Storage Nodes ($$)

Network

Architectural components

• High Performance Core L2/L3 Switching Infrastructure
• Leaf & Spine Architecture
• Functionally Segmented VLAN & VXLANs including Secure Wired & Wireless Client Access Network, Guest Wireless Network, VOIP Network, Server Network, NFS & iSCSI SAN Networks, Hypervisor Network, Backup Network, Device Management Network, Unsecured Media Network, Isolation Network and more..
• Network-level encryption for data in transit, including implementation of TLS 1.3 where applicable
• Gigabit Plus to the desktop (Wired and Wireless)
• High Performance network is dynamically adjusted for wireless interference, load balances based on active traffic, and allows users to seamlessly roam between wireless access points which work together as a single system
• Secure, high performance VPN Access and Remote Desk Protocols
• Secure, high-performance Tunnels connecting Data Centers and Sites
• SDN (Software Defined Networking)
• Traffic shaping and Quality of Service (QoS) management, including QoS for VoIP services
• Network access control (NAC) solutions including AD/Kerberos, Radius, Role-Based Access Control, OAuth2, OpenID Connect, SAML and Certificates
• Split-Horizon DNS System with caching DNS servers on-prem
• DHCP and Address Management for all Segmented Networks
• Zone and Interface Firewalls for Functionally Segmented Networks

Services

• Architectural review of existing network ($$)
• Design of private hybrid cloud network, including functional VLAN segmentation, leaf & spine switch topology, L2/L3 trunks and access, site-to-site tunnels, VPNs, routing protocols, gateways, DNS, address spaces, and firewalls($$)
• Initial provisioning and configuration of network equipment ($$)
• Incident response for both wired and wireless networks within the 8x5 Next Business Day (NBD) service window
• Continuous monitoring and optimization of network performance including latency and throughput
• Management and monitoring of physical network infrastructure, including switches, routers/gateways, concentrators, WAN Connections and load balancers
• Management and monitoring of virtual network infrastructure including including VLAN segmentation, leaf & spine switch topology, L2/L3 trunks and access, site-to-site tunnels, VPNs, Network Access Control, routing protocols, gateways, DNS, NAT, PAM, address spaces, and firewalls
• Proactive configuration changes to optimize network performance and security
• Regular security and functional updates to firmware and operating systems for all network components
• Implementation and maintenance of software-defined networking (SDN) solutions
• Monitoring of network traffic patterns and anomaly detection
• Regular security assessments and penetration testing of network infrastructure
• Deployment and management of intrusion detection and prevention systems (IDS/IPS) available at some sites ($$)
• Secure configuration and management of split horizon DNS services including onsite caching servers
• Secure management of remote access solutions, including VPNs and remote desktop protocols
• Regular review and update of network security policies and access control lists (ACLs)
• Monitoring and mitigation of DDoS attacks to the extent possible
• Planning, acquisition, installation and configuration of new or re-provisioned Networking equipment ($$)

Hypervisor/VM Infrastructure

• Performance and capacity monitoring and remediation
• Configuration changes and updates to existing hypervisor nodes
• Updating and configuring guest tools (IO, network, and graphics drivers) on each VM
• SR-IOV (Single Root I/O Virtualization) configuration and optimization
• Management of virtual switches and network policies
• VM template creation and maintenance
• Orchestration and automation of VM deployments
• Resource allocation and optimization
• High availability and fault tolerance
• Backup and disaster recovery
• Monitoring and logging
• Planning, acquisition, installation and configuration of new or re-provisioned Hypervisor Nodes ($$)

Wireless Network

• High-speed dynamically adaptable wireless networks using Cisco's latest access points ($$)
• Multiple WLANs including Guest and Secured Client Networks
• Continuously Adjusts transmission spectrum in response to RF Interference
• Dynamically Load Balances wireless clients across access points for optimal performance
• Enterprise Grade Security such as EAP and Radius Authentication
• Centralized management with advanced features through Cisco Wireless LAN Controllers (WLC) or built-in controller capabilities
• Regular security audits and penetration testing of wireless infrastructure
• Continuous monitoring of wireless network performance and security
• Implementation of rogue access point detection and mitigation
• Support for high-density environments and bandwidth-intensive applications
• Planning, acquisition, installation and configuration of new wireless access points ($$)

Hardware Procurement

• Custom high-performance workstations available via Kiapo Gear ($$)
• Workstations, laptops, displays, and other desktop equipment available through major vendors (e.g., HP, BenQ, Dell, Lenovo) at competitive prices ($$)

Windows and Linux VM Server Maintenance

• Monthly security updates and patches (or as available) for Linux and Windows servers
• Performance monitoring and optimization
• Capacity planning and resource allocation
• Snapshot management: 4 times daily snapshots of DFS volumes, kept for 30 days
• Daily backups to separate storage
• Off-site archiving every 3 months (in conjunction with client for disk swapping and off-site storage)
• Proactive monitoring for potential issues
• Regular health checks and performance audits
• Coordination with software vendors for compatibility and updates
• Documentation of all maintenance activities and system changes
• Planning, installation and configuration of new Windows or Linux Server VMs ($$)

Certificate Management

• Maintenance of Enterprise Certificate Server
• Automatic deployment to end users via GPOs for server logins, RDP, etc.
• Creation of certificate templates for each type of certificate ($$)
• Creation of GPO policies to deploy those certificates to end users' workstations ($$)
• Maintenance and troubleshooting of existing templates and deployments
• Regular review and updates of certificate policies and procedures
• Monitoring of certificate expiration dates and timely renewal
• Integration with network authentication and security systems
• Acquisition and management of commercial certificates ($$)
• Assistance with certificate selection based on specific client needs and compliance requirements
• Coordination with Certificate Authorities (CAs) for certificate issuance and renewal
• Implementation of certificate pinning for enhanced security where applicable
• Management of certificate revocation processes when necessary
• Regular audits of certificate usage and deployment across the infrastructure

Distributed File System (DFS) Infrastructure

A Distributed File System (DFS) not only serves as a unified collaborative workspace but also offers high-performance, on-prem storage, making it invaluable for small to medium enterprises (SMEs) in industries like research, engineering, architecture, technical manufacturing, and creative fields such as animation. Applications like Revit, Maya, Houdini, Bentley, Solidworks, and AutoCAD rely on fast, reliable access to large, complex files—exactly what our DFS infrastructure delivers.

Collaborative Benefits of DFS:

• Unified DFS Namespace: A single, enterprise-wide file system enables seamless collaboration, with all files accessible under a unified tree, improving workflow efficiency across teams.
• Continuous Replication: On-premises servers replicate data in real-time to mirrored infrastructure in the data center, ensuring data integrity, availability, and protection for distributed workflows.

Infrastructure Highlights:

Our DFS is built upon a robust, high-performance vertical stack that includes:

• Hypervisor Layer: Windows nodes hosted on hypervisors provide optimized resource allocation and performance
• Storage Connectivity: The infrastructure leverages 25 GbE SAN networks connecting to ZFS storage servers via iSCSI and NFS protocols. These storage servers utilize mirrored pools of NVMe drives, providing fast, redundant storage for critical applications.
• DFS Replication (DFSR): High-speed on-prem storage is continuously replicated to data center locations, ensuring business continuity and reducing downtime.

High-Performance, Redundant Storage:

For management and end users alike, the benefit of on-site, high-performance redundant storage cannot be overstated. Local infrastructure—backed by ultra-fast 25 GbE SANs and NVMe-powered ZFS mirrored pools—offers lower latency and higher throughput for demanding applications, compared to cloud-only or slower storage alternatives. This configuration enhances productivity, increases reliability, reduces wait times for large file operations, and provides a robust foundation for your organization’s growing data needs.

Services provided for this DFS infrastructure include:

• Design and implementation of the DFS topology ($$)
• Configuration and management of DFS namespaces and replication groups
• Monitoring of replication health and performance
• Troubleshooting replication conflicts and synchronization issues
• Capacity planning and storage growth management
• Regular health checks and optimization of the DFS infrastructure
• Disaster recovery planning and testing for DFS services
• Snapshot Management
• Configuration of additional Primary nodes on the tree ($$)
• Addition of new underlying compute, network or storage to support growth ($$)

SQL Server Management

• Regular updates and maintenance
• Two-phase commit configuration
• Hourly transaction log backups
• Full nightly backups (on-server and to remote backup location)
• Assistance with setting up accounting packages ($$)
• Performance optimization using matched SAN storage options and local hypervisor Optane Disks for high-performance databases
• Continuous monitoring and tuning of database performance
• Implementation of high availability solutions (e.g., AlwaysOn Availability Groups)
• Regular security audits and patch management
• Capacity planning and scalability assessments

Identity and Access Management

• User account provisioning and de-provisioning
• Role-based access control (RBAC) implementation
• Single sign-on (SSO) integration
• Privileged access management
• Windows Network Policy Server (NPS) or other RADIUS server management
• Integration with wireless access network and VPN servers

Desktop Management

• Windows Automated Patching or Windows Update Server (WUS) management
• Windows Deployment Services (WDS) for initial deployment:
  • PXE boot deployment of Windows Enterprise to all workstations
  • Quarterly updates of hardware drivers for all workstation classes
  • WDS maintained via Kiapo Private Clouds
• Workstation image deployment (via Kiapo Desktop Support program or designated client representative)

User Applications and Software Distribution

We employ advanced techniques for efficient, reliable, and automated software distribution across the organization:

Application Virtualization

This technology packages applications in a way that allows them to run in isolated environments on client computers without being installed in the traditional manner. We use two main technologies for this:

• App-V (Application Virtualization): Creates virtual applications that run in their own "bubble," reducing conflicts with other software and allowing for easier updates and rollbacks.
• MSIX: A newer packaging format that combines the benefits of MSI, App-V, and other installation technologies. It provides a modern packaging experience and improves the reliability and consistency of application deployment.

Other Distribution Methods

• Group Policy Object (GPO) Deployment: We use GPOs to automatically install and configure applications across the network, ensuring consistency and reducing manual setup time.
• Software Installation Points: These are centralized locations on the network where installation files are stored, allowing for controlled and efficient traditional native software installs.

Benefits of our approach

1. Reliability: Virtualized applications reduce conflicts and improve stability.
2. Efficiency: Automated deployment saves time and reduces errors.
3. Flexibility: Easy to update or roll back applications as needed.
4. Consistency: Ensures all users have the same version of software.

Virtualized Application Deployment Methodology

The Kiapo Private Cloud Team is responsible for creating and testing virtualized applications. These applications are made available to specific groups based on their roles, either through:

1. Automated rollout using Group Policy Objects (GPO), OR
2. Availability on a DFS SharePoint, where users can simply click the application to run it

Customers have the flexibility to choose which applications are virtualized. It's important to note that the cost of the Kiapo Desktop Support program decreases based on the number of virtualized applications. We encourage customers to virtualize as many applications as possible for several reasons:

1. Reduced support costs: Virtualized applications require less individualized management and troubleshooting.
2. Improved stability: Virtualized apps run in isolated environments, reducing conflicts with other software.
3. Faster deployment: Updates and new installations can be rolled out more quickly and efficiently.
4. Enhanced security: Virtualization provides an additional layer of isolation, improving overall system security.

The process for deploying new or updated virtualized applications typically involves:

1. Application sequencing and GPO creation by the Kiapo Private Cloud Team ($$)
2. Testing by one or more users from the Kiapo Desktop Team before full rollout
3. Deployment to end-users via GPO or DFS SharePoint 

Sequencing fees apply for each application, both initially and on a quarterly basis (or more frequently if requested by the client) when the application is updated with the latest patches and improvements. While fees vary based on application characteristics, this method is generally more economical and less error-prone than traditional installation methods, especially as the number of virtualized applications increases.

This comprehensive approach to application management and distribution helps maintain a stable, efficient, and up-to-date software environment across the organization.

User Profile and Data Management

Our user profile and data management system ensures that users have consistent access to their files and settings across different devices, while also providing robust data protection and efficient storage utilization.

Redirected Folders

This feature moves user folders (like Documents, Desktop, etc.) from the local computer to a centralized, high-performance Single Unified Folder Tree. While the data is stored centrally, these folders appear and function as if they were local to the user's device. This means:

• Users can access their files from any computer on the network with a familiar, local-like experience
• IT can more easily manage backups and storage

Offline Folders

Also known as "Offline Files," this feature allows users to access their network files even when disconnected from the network. Key benefits include:

• Access to files when offline
• Automatic syncing of changes when the connection is restored
• Users always have the latest version of their files

Roaming Profiles

This feature stores a copy of a user's Windows profile on a server, allowing users to:

• Log on to any computer on the network
• Access their personalized desktop environment, including wallpaper, application settings, and mapped network drives

Profile Management with network-mounted VHDs

This solution offers a streamlined and highly efficient approach to managing user profiles for physical and virtual desktop environments. It enhances the end-user experience by reducing login times, simplifying profile management, and providing seamless access to personalized settings across different devices. This approach is particularly useful in environments where users need consistent access to their profiles regardless of the physical or virtual machine they are working on

Key Benefits of Network VHD-based Profile Management:

• Reduced Login Times: Eliminates the need to copy user profiles at login, significantly reducing login times and improving overall user satisfaction. Profiles are loaded instantly from a central location without delays and permission conflicts typically caused by legacy profile management solutions.
• Simplified Profile Management: Stores user profiles in virtual disks, making it easier for administrators to manage, back up, and maintain user data. This centralization minimizes the complexities associated with managing roaming profiles or folder redirection
• Consistent User Experience Across Sessions: Whether users log in from different physical desktops, virtual desktops or remote locations, this solution ensures that they have access to their personalized settings, applications, and files, providing a consistent experience across multiple sessions or devices.

User Profiles, Preferences and local Data protection:

Profile Management Solutions are protected with:

• 4 daily snapshots, kept for 30 days
• Nightly backups
• Quarterly off-site archiving

This comprehensive approach ensures data accessibility, consistency, and protection across the organization.

Messaging and Collaboration Platform (Zimbra)

Kiapo Private Clouds offers Zimbra Collaboration as a powerful standards-based messaging and collaboration platform. This service is primarily covered under the per-employee Kiapo Private Clouds program, which includes most of the technical labor and automation for managing the Kiapo Zimbra platform. However, there are additional components to the pricing structure:

1. Per-Mailbox Licensing Fee: An additional per-mailbox licensing fee is charged to cover software licensing costs.
2. Data Center Resource Allocation: The data center resources required for Zimbra nodes (such as Proxy, MTA, Mailbox, and LDAP nodes) are billed separately, following the same pricing model as other data center resources in the Kiapo Private Clouds program.

This structure ensures that clients only pay for the resources they actually use, while still benefiting from the comprehensive management and support included in the Kiapo Private Clouds program.

Management and Support

Our team handles a wide range of tasks, including:

• Provisioning and configuration of Zimbra environments
• Performance monitoring and tuning
• Ongoing maintenance and updates of Zimbra nodes
• Management of sending MTAs to ensure proper email delivery
• Continuous optimization of spam filtering based on organization-specific patterns
• Optimization of email delivery systems, including:
  • Troubleshooting and resolving delivery issues
  • Configuration of email authentication protocols (DKIM, SPF, DMARC)
  • Monitoring and management of IP and domain reputation
  • Implementation of advanced anti-spam and anti-virus measures
  • Regular review and adjustment of email policies and configurations

Key Features

• Data center deployment with proxy nodes on customer premises
• High-speed solid-state storage for mailbox nodes with up-to-the-minute backup to RAID 10 ZFS storage
• Support for multiple large mailboxes (100GB+) linked to primary mailboxes (typically kept under 50GB)
• Rapid search capabilities across large mailboxes

Advanced Email Management

• Hierarchical folder structure for efficient email organization
• Search folders for dynamic email categorization
• S/MIME support for secure email encryption and digital signatures
• SSL/TLS encryption for all email communications
• Trusted addresses and blacklists management per email account
• Multiple personas (email identities) within a single account
• Powerful email filtering system for workflow automation

Calendar Features

• iCal URL importing for external calendar integration
• Calendar resources management (conference rooms, equipment, etc.)
• Shared calendars with customizable permission levels
• Recurring events and color-coded event categorization

Contact Management

• Hierarchical contact folders for organized contact storage
• Shared contact folders with customizable permissions
• Global Address List (GAL) for organization-wide contacts
• Contact groups and distribution lists
• Advanced contact search and filtering capabilities

Access Methods

• Zimbra Web Client (ZWC)
• Zimbra Desktop Client
• Mobile Access (iOS and Android support)

Zimbra Drive and OnlyOffice Integration

• Integrated file storage and sharing solution
• Real-time collaborative editing of documents, spreadsheets, and presentations
• Support for various file formats
• Version control and document history

Collaboration Tools

• Folder and document sharing capabilities
• Integration with Slack and Zoom for enhanced team communication
• Individual voice portals for managing calls, voicemails, and faxes

Security and Compliance

• End-to-end encryption for data at rest and in transit
• Granular permission settings for access control
• Mobile Device Management (MDM) capabilities
• Remote wipe functionality for lost or stolen devices
• On-premises or cloud deployment options for data sovereignty

Kiapo VOICE Services

Kiapo VOICE, partnering with 2600Hz, offers a comprehensive suite of enterprise-grade voice communication features. Available as a standard part of Kiapo Private Clouds at an additional per-person add-on fee, Kiapo VOICE includes:

Advanced PBX Services

• Call Forwarding, Call Parking, and Call Transfer (blind or attended)
• Find Me / Follow Me functionality
• Customizable IVR (Interactive Voice Response) and Auto-Attendant systems
• Ring Groups for simultaneous or sequential ringing
• Do Not Disturb (DND) settings

Voicemail Solutions

• Voicemail-to-Email with automatic transcription
• Visual Voicemail accessible via web interface or softphone

Conferencing Capabilities

• Multi-party audio conference calls with PIN protection
• Integration with video conferencing platforms

Call Recording and Monitoring

• On-demand and automatic call recording options
• Call Monitoring features (Whisper/Barge/Monitor) for supervisors

Caller ID and Call Screening

• Customizable outgoing Caller ID
• Call screening and number blacklisting features

Mobility Features

• Mobile softphone integration
• Simultaneous ring across multiple devices

Call Center Functionalities

• Advanced call queueing with estimated wait times and queue callback options
• Agent login/logout and skill-based call distribution
• Real-time call analytics and custom reporting

Collaboration Tools

• Integration with Slack and Zoom for enhanced team communication
• Individual voice portals for managing calls, voicemails, and faxes

Advanced Call Control

• Hot desking support
• API-based call control for custom integrations and automations

Voice and Video Conferencing

• High-quality audio and video conferencing solutions
• Screen sharing and collaborative tools

Fax Services

• Virtual fax capabilities with email integration

Security and Compliance

• Encrypted voice communications

Optimized VoIP Networks

• Separate VoIP networks optimized for voice traffic
• QoS implementation to ensure call quality

Custom Call Flows

• Ability to create custom call flows and ring groups to adapt to most business situations
• Flexible routing options to accommodate complex organizational structures

Kiapo VOICE leverages the scalability and reliability of the Kazoo platform, built from standards-based, open source software and deployed across 4 regional data centers within the US, ensuring high-quality voice services suitable for businesses of all sizes. The service is fully integrated with the Kiapo Private Clouds infrastructure, providing a seamless communication experience across all devices and locations.

This comprehensive voice solution is designed to enhance productivity, improve customer interactions, and provide the flexibility needed in today's dynamic business environment.

Security Services

• Firewall configuration and management
• Intrusion detection and prevention systems (IDS/IPS) ($$)
• Virtual private network (VPN) setup and management
• Multi-factor authentication implementation
• Incident response and mitigation
• Security information and event management (SIEM)
• Monitoring of network traffic patterns and anomaly detection
• Regular security assessments and penetration testing of network infrastructure
• Secure configuration and management of split horizon DNS services including onsite caching servers
• Network-level encryption for data in transit, including implementation of TLS 1.3 where applicable
• Implementation of network access control (NAC) solutions
• Monitoring and mitigation of DDoS attacks (to the extent that is both reasonable and possible)

Compliance and Governance

• Assistance with regulatory compliance ( $$ e.g., HIPAA, PCI DSS, GDPR, CCPA)
• Assistance with implementation of governance policies ($$)
• Assistance with regular compliance audits and reporting ($$)
• Data retention and archiving policies
• Regular review and update of network security policies and access control lists (ACLs)
• Compliance with best practices and industry standards
• Regular security awareness training for network administrators and users

Note: Kiapo Private Clouds assists organizations in understanding the laws and regulations that they must follow to protect information, and guides them through compliance via the risk assessment and risk management processes.

Disaster Recovery and Business Continuity

Our disaster recovery and business continuity services ensure that your organization can effectively respond to disruptions, maintaining essential functions during emergencies. Many of these services require certain resourses that may or may not be present initially.   Key features include:

• Development and implementation of comprehensive disaster recovery plans ($$)
• Regular DR testing and validation ($$ limited to architectural components that allow for it)
• Failover and failback procedures
• Limited business continuity consulting
• Snapshot management: 4 times daily snapshots of DFS volumes, kept for 30 days
• Daily backups to separate storage
• Off-site archiving every 3 months (in conjunction with client for disk swapping and off-site storage)
• High availability and fault tolerance configurations
• Rapid recovery capabilities to meet competitive service level agreements (SLAs)

Note: Development and implementation of DR plans may be available at an additional per-hour charge. The disaster recovery plan should be a subset of your organization's business continuity plan (BCP) and not a standalone document.

Training and Documentation

• Creation and maintenance of documentation for infrastructure
• Regular updates on new features and best practices
• Training staff with industry best practices to maintain compliance
• Kiapo Private Clouds and Kiapo Desktop Support staff are equipped with the latest methods and standards
• Documentation of maintenance activities and system changes
• Regular security awareness training for network administrators and users

Vendor Management

Our vendor management services help you effectively manage relationships with third-party vendors, ensuring compliance and minimizing risks. Key features include:

• Comprehensive vendor due diligence processes
• Risk assessments for potential and current vendors
• Contract management and review ($$)
• Ongoing monitoring of vendor performance and compliance ($$)
• Vendor offboarding procedures ($$)
• Assistance with vendor selection based on specific client needs and compliance requirements($$)

Note: Our vendor management services are limited in scope to those vendors which supply infrastructure components such as Software, Hardware, and WAN Services designed to help you maintain successful, long-term vendor relationships while mitigating associated risks.