Overview

itopia CloudApps Classroom is a fully managed service offering; itopia is responsible for all maintenance and management tasks including: health and availability monitoring, resource scaling, OS and application patching, and security hardening.

This allows school administrators to focus on developing and delivering curriculum for students without needing to worry about technology management complexity or maintenance issues.

Image Management

All OS images for CloudApps Classes are built by the itopia Site Reliability Engineering (SRE) Team and managed centrally. Each image is custom-developed to ensure applications run as expected and the operating environment is as secure as possible. The itopia team performs comprehensive hardening to ensure students don't have access to unnecessary features that may compromise the safety and security of the environment or that provides them with access to unauthorized materials.

CloudApps sessions are non-persistent; each user is assigned a dedicated virtual machine (VM) that exists only for the duration of their session. When a user ends their session, their VM is securely deleted and destroyed.

Patch Management

Each OS image is automatically patched and subjected to preliminary testing before being published. Images are typically refreshed semi-monthly to include the latest OS security patches and updates.

Applications are also regularly patched for "minor" updates, such as security updates or bug fixes. Major version upgrades occur periodically to keep all applications up-to-date, but no set schedule is defined for these updates.

Patches on production are subject to complex testing and validation procedures. itopia regularly performs security reviews of each image (and the CloudApps infrastructure) and introduces new safeguards as necessary.

Monitoring and Auditing

itopia CloudApps infrastructure is monitored by the itopia SRE Team using a variety of tools to ensure healthy, normal operations of all features and components. CloudApps is built on Google Cloud Platform (GCP) in collaboration with Google. itopia leverages multiple GCP solutions to deliver high availability, comprehensive health and security monitoring, and detailed auditing of both administrator and end-user activities.

Access and Change Management

Administrative access to itopia CloudApps environments is tightly controlled and audited. itopia engineers have no meaningful access to customer workloads beyond high-level monitoring; support technicians require explicit authorization from the customer before accessing any customer data or systems.

itopia's internal tracks all configuration data for customer environments and ensures all changes are authorized. All CloudApps Classroom customer environments are routinely audited for configuration compliance and undocumented changes using a variety of automated and manual processes.