itopia Labs is a fully managed service offering; itopia is responsible for all maintenance and management tasks including: health and availability monitoring, resource scaling, OS and application patching, and security hardening.
This allows school administrators to focus on developing and delivering curriculum for students, without needing to worry about technology management complexity or maintenance issues.
All OS images for Labs Classes are built by the itopia Site Reliability Engineering (SRE) Team and managed centrally. Each image is custom-developed to ensure applications run as expected and the operating environment is as secure as possible. The Labs team performs comprehensive hardening to ensure students don't have access to unnecessary features that may compromise the safety and security of the Labs operating environment or that provides them with access to unauthorized materials.
Labs sessions are non-persistent; each user is assigned a dedicated virtual machine (VM) that exists only for the duration of their session. When a user ends their session, their VM is securely deleted and destroyed.
Each OS image is automatically patched and subjected to preliminary testing before being published. Images are typically refreshed semi-monthly to include the latest OS security patches and updates.
Applications are also regularly patched for "minor" updates such as security updates or bugfixes. Major version upgrades occur periodically to keep all applications up-to-date, but no set schedule is defined for these updates.
Patches on production are subject to complex testing and validation procedures. itopia regularly performs security reviews of each image (and the Labs infrastructure) and introduces new safeguards as necessary.
Monitoring and Auditing
itopia Labs infrastructure is monitored by the itopia SRE Team using a variety of tools to ensure healthy, normal operations of all features and components. itopia Labs is built on Google Cloud Platform (GCP) in collaboration with Google. Labs leverages multiple GCP solutions to deliver high availability, comprehensive health and security monitoring, and detailed auditing of both administrator and end-user activities.
Access and Change Management
Administrative access to itopia Labs environments is tightly controlled and audited. itopia engineers have no meaningful access to customer workloads beyond high-level monitoring; support technicians require explicit authorization by the customer before accessing any customer data or systems.
itopia's internal tracks all configuration data for customer environments and ensures all changes are authorized. All Labs customer environments are routinely audited for configuration compliance and undocumented changes using a variety of automated and manual processes.