Feature - eramba SaaS

We have struggled for a long time with the decision of making eramba hosted in some way, although we have used automation for many years for development, testing, demo, etc we are now thinking on hosting eramba for our customers.

We are completing the archietcture and main components in the coming weeks and will be offering trials for free to our customers and their friends. if you have interest in participating in this trial please write your interest here along any question.

We have drafted this document that explains how the infrastructure works:

3 Likes

This looks exciting - I remember a year or three back there was a hosting option that was advertised on the website but that seems to be gone now - I presume this is a resurrection of this?

The other food for thought here is that depending on the audience you’re selling to (the larger the company, the more likely), they will want some form of verification that you’re actually following your Security and Privacy Standards - specifically, I would expect large prospects to ask for and/or require you to go through a SOC 2 audit (or ISO 27001) in order to do business with them for cloud hosting.

Well, its still in “frankenstein” state right now, but we are getting close , we use better technology than that older setup to scale this automatically without human intervention.

This is very true and we have this type of issues (they send us extensive questionaries, etc), we do plan to hit a soc2 or iso27001 certification this year for eramba as a whole, i think i know a guy that can do those soc2 reports :slight_smile:

I hope self hosted will remain an option with an equal level of support. I would hate to see our relationship end.

dead, fired or in chains - the only likely conditions under which the TGZ will be put away!
Esteban

1 Like

we are getting closer here - does anyone have a license for unlimited pentest scans that can be triggered against a host ? commercial product, we are not so much interested in the application testing, the point here is more towards the infrastructure (the linux running below the saas).

We use acunetix for the application alone and our license is pretty limited and we now found out we can not point our scans to a different host than the one we purchased the license to.

if anyone here is ok to help we would greatly appreaciate

Pen test or vulnerability scanning? The latter may give you the result you want, and there’s a free option (running an OpenVAS VM) and a paid option in AWS (AWS Inspector).

I might be able to help, if you need a Vuln Scan, I have access to a Rapid7-Nexpose, that I use to scan some of our external vendor (with their approval, of course), from a basic scan to full scan with credentials. If that is what you need I check for the forms. Depending where the system is hosted, they might have some authorisation forms to complete as well.

This solution will be definitely interesting for my organization. As of now we will put Eramba in a container in GCP. Please consider integration with major IDaaS such as Okta. Who uses SaaS, IaaS and such typically uses IDaaS.

Thanks

SOC1 or 2 needs to be approved by a CPA. I did many of these reports when working for one of the big four.

We are really interested in Eramba as a Service. Is there any progress on this one?

It works! we can put you in at no cost if you want , so as long you understand you are part of a beta-testing program. Contact support@eramba.org

Well the new website is out and sharing the news that SaaS will SOON be available, we will roll out the service as per the following plan:

  • Community users will be the first to test the service (for free) during two months starting in August until October, if during that timeline nothing tragic happens we will roll out the service publicly. From that point in time the service must be paid (in the range of EUR 100 / Month) to be used (TC will be available later on).

Since during these two months anything could happen (downtime, data loss, etc) we can not guarantee anything (the good and the ugly). We basically take no liability. We will take no more than 10 users for trial in both regions (Europe and USA), so 20 maximum.

  • Enterprise users will be able to use the SaaS service from December, at least that is my guess right now.If community goes well, there is no reason why Enterprise wouldn’t. There wont be a trial version in this case.

All this is a plan as we know and Tyson has thought us: everyone has a plan until they get punched in the face

Congrats on the new site.

Noticed a link to “On-perm or SaaS” I think you mean “On-prem”.

Fixed!!! Thanks for the message if you find more let us know!

1 Like

Great news! We are definitely interested on this one. Hopefully you will have a migration process if we want to go from on-prem enterprise to SaaS enterprise? What is the pipeline for the thirdparty report (SOC2) ?

Cheers
Pedro

None yet ! we want to work on it but still not there !

1 Like

needless to say, we are delayed. again. this is due to the southern european blood around the leader of eramba and a very sunny august. we are back at it anyway.

Despite having built the technology and actually confirming trough multiple beta-testers (thank you!) that it works we have decided to put a stop to this program, reasons being:

  • we are not comfortable hosting your data, in particular because we are mostly developers working 8-5pm. if something happens i would feel terrible and of course we could get the project into a heap of trouble.

  • we dont work for revenue, so we dont really need to sell more things. so why doing something we dont need and that could get us in trouble?

  • building a community and enterprise software is not easy, diverting from that when we operate for no profit, is just making us loose focus a little bit

  • the focus for saas was to help users install eramba, we have seen on our metrics that installs have grown almost %80 since release 2.x , this means people can install eramba for themselves a lot better than in the past. so if they can do this by themselves, our help is therefore not so relevant.

Is a shame, i had some fun coding 5k lines of code using amazon aws sdk to automate provision, deprovisioning, backups, upgrades, etc.

we might offer this business to some partner at some point, were its going to be their responsibility to do this well, not ours.

regards,
esteban

2 Likes

So after a lot of reconsideration (many people really wants this saas thing) we have resuscitated this project, we will make it available to community and enterprise users once we complete the Cake migration and release community 2020 edition

1 Like