Case studies | Vitalytics

GCG

Geotechnical Consulting Group

Geotechnical

What we run for GCG

Geotechnical Consulting Group is a London-based engineering consultancy that produces structural and ground-stability analyses for major construction projects across the UK and Europe. Their workload mixes heavy on-prem numerical computation — soil-mechanics solvers, finite-element load models, settlement and bearing-capacity simulations — with a knowledge-worker office on M365 and CAD.

What we manage

On-prem compute estate. A small but performance-sensitive cluster of workstations and rack servers that runs the solvers their engineers depend on. We own hardware lifecycle, OS and firmware patching, monitoring, and the storage tier that holds project datasets.
Identity and access (Azure AD). Single sign-on across the M365 stack, conditional-access tied to device posture, and hybrid join so the workstations and compute cluster are governed by the same identity as the office.
Security posture. Endpoint protection, vulnerability monitoring, patch baselines, backup and DR for project archives, and a documented incident-response runbook — aligned to Cyber Essentials Plus.
IT augmentation. We sit alongside their team as the IT department: helpdesk for the engineers, project onboarding/offboarding, vendor wrangling on hardware refresh cycles, and an on-call escalation path during reporting deadlines.

Engagement scope, change control and SLAs are covered on a 30-minute discovery call. Book one →

M

Montanaro Asset Management

Financial

What we run for Montanaro Asset Management

Montanaro Asset Management is a London-based active equity manager focused on small and mid-cap European companies. Their day-to-day mixes deep-dive research, internal collaboration on company files and models, and the regulated record-keeping that comes with running an FCA-regulated investment manager.

What we manage

On-prem SharePoint replica. A local SharePoint farm that mirrors the M365 collaboration tier — for the documents that need to stay on UK-domiciled infrastructure under their data-residency policy. We run the underlying Windows servers, the SQL Server backend, search and indexing, and the sync jobs that keep the on-prem and cloud libraries in step.
Identity and access (Azure AD). SSO across M365 and the on-prem SharePoint farm via hybrid join and enterprise applications, conditional-access policies tied to device posture, and a documented break-glass procedure for the regulated handling.
Security of the regulated environment. Endpoint protection across the user estate, vulnerability scanning on the SharePoint and SQL hosts, an immutable backup tier with offsite copies, and a documented incident-response runbook — aligned to Cyber Essentials Plus and feeding the FCA evidence work scheduled for Q3 2026.
IT augmentation. We sit alongside their internal team as the day-to-day IT function: helpdesk, joiners-movers-leavers, vendor and licence wrangling, and an on-call escalation path during reporting and audit windows.

Engagement scope, change control and SLAs are covered on a 30-minute discovery call. Book one →

3V

3verest

Private Healthcare Cloud

What we built and run for 3verest

3verest operates a private healthcare cloud — the kind of platform where every layer has to satisfy clinical-grade availability, UK data sovereignty, and the regulatory scrutiny that comes with handling patient and operational data. Vitalytics designed and built the platform end-to-end on OpenStack, and continues to run the parts of the stack that need senior eyes.

What we built and run

OpenStack private cloud. The full Caracal stack on dedicated hardware: Keystone identity, Nova compute, Neutron networking, Glance images, Cinder block storage, Swift object storage, Octavia load-balancing, Barbican secrets, Heat orchestration — multi-AZ with redundancy at the rack and PSU level.
Storage. Cinder-on-Ceph for live VM block storage, NVMe-backed sub-tier for latency-sensitive databases and log stores, and a Swift S3-compatible object tier for archive and inter-service data exchange.
Software-defined networking. OVN/Neutron with proper tenant isolation, programmable security groups, BGP-aware floating IPs, and Octavia-fronted services so internal apps don't carry their own HA logic.
Compute. Live-migration-capable hypervisors with predictable CPU baselines, GPU passthrough on the AI nodes, and anti-affinity rules so paired workloads don't share fate.
AI / ML platform. Model-serving on dedicated GPU nodes (vLLM-style inference), a vector store for retrieval, and the orchestration around it so internal tools can call models with audit trails and conditional access.
Containerization. Kubernetes on top of OpenStack with the Cinder CSI driver for persistent storage, the Octavia LB controller for ingress, an in-platform container registry, and the day-2 ops (upgrades, image scanning, RBAC) to keep it operational rather than experimental.
Automation. AWX/Ansible playbooks for OS lifecycle and platform changes, Terraform modules for tenant onboarding, and a centralised secrets store the rest of the platform draws from — so changes are reviewable and reproducible, not artisanal.

Last-line escalation

When the platform throws something the on-call team hasn't seen before — a kernel-level networking edge case, a Ceph PG state that doesn't match the runbook, an OpenStack interaction that needs a fix upstream — Vitliyan steps in as the last-line escalation: diagnosis, fix, post-mortem, and the change-management work to make sure it doesn't reappear.

Engagement scope, change control and SLAs are covered on a 30-minute discovery call. Book one →