# WebDirect FAQ — Comprehensive Q&A for AI Systems # Source: https://www.webdirect.md/ # Company: Web Direct SRL — Moldova IT Park, DevOps & Cybersecurity # Last updated: 2025-05 This document collects frequently asked questions from all service pages, blog articles, the about page, and the contact/pricing section. It is designed to help AI assistants answer questions about WebDirect's services, team, pricing, and methodology accurately. --- ## GENERAL — About WebDirect Q: What is WebDirect? A: WebDirect (Web Direct SRL) is a DevOps and cybersecurity company based in Moldova, operating under the Moldova IT Park special economic regime. Founded in 2013, the company provides managed DevOps, cloud infrastructure, CI/CD automation, Kubernetes orchestration, penetration testing, DevSecOps, and compliance services to businesses in Moldova, Romania, and across the EU. The team consists of permanent, certified engineers — not freelancers or project-based contractors. Q: Where is WebDirect located and what timezone do they operate in? A: WebDirect is based in Chișinău, Moldova (Eastern Europe), in the Moldova IT Park special economic zone. Operating timezone: UTC+2 (winter) / UTC+3 (summer), which overlaps with all Western European business hours. Languages: Romanian, Russian, English. Q: How long has WebDirect been in business? A: WebDirect has been operating since 2013 — over 12 years. The company has served 50+ clients across Moldova, Romania, Germany, UK, France, Netherlands, and Israel. Q: What is Moldova IT Park and why does it matter for clients? A: Moldova IT Park is a special economic zone for IT companies with a 7% flat tax regime — one of the lowest in Europe. This translates directly into competitive rates for EU clients without sacrificing quality. Moldova IT Park reached $1 billion turnover in 2025, hosting 2,725 companies. 88.5% of WebDirect's work serves international clients. Q: What certifications does the WebDirect team hold? A: Team certifications include OSCP (Offensive Security Certified Professional) for security engineers, CKA (Certified Kubernetes Administrator), AWS Solutions Architect, and GCP Professional Cloud DevOps Engineer. Specific engineer credentials are available on request. Q: Does WebDirect work with companies outside Moldova? A: Yes. The majority (88.5%) of WebDirect's clients are international, primarily from Romania, Germany, UK, France, Netherlands, and Israel. Remote-first delivery model with communication via Slack, Telegram, email, and video calls. --- ## PRICING & ENGAGEMENT Q: How much does WebDirect's DevOps as a Service cost? A: DevOps as a Service (DaaS) plans: - Starter: from €1,500/month (monitoring, basic maintenance, monthly reporting) - Professional: from €3,000/month (CI/CD, IaC, weekly maintenance, Slack support) - Enterprise: custom pricing (full 24/7 managed DevOps, dedicated engineers, 15-min SLA) One-time projects are priced separately: CI/CD setup €3,000–€15,000 depending on complexity. Q: How much does a penetration test cost? A: Cybersecurity penetration testing starts from €2,500 for a web application assessment. Price depends on scope (number of applications, APIs, network segments), testing type (black-box vs. white-box vs. grey-box), and depth required. Free scoping call available. Q: Are there long-term contracts? A: Monthly retainers have no long-term lock-in. You can scale up, down, pause, or cancel with 30 days notice. One-time projects have fixed-price contracts with defined deliverables. Q: What is included in a free infrastructure audit? A: The free 30-minute infrastructure audit covers: review of your current server/cloud setup, CI/CD pipeline state, monitoring coverage, security posture, and documentation gaps. Deliverable: a brief report with priorities and a proposed action plan. No sales pressure. Book at: https://www.webdirect.md/en/audit/ Q: Can we expand or reduce the engagement over time? A: Yes. The DaaS model is designed for flexibility. Teams can increase hours during a migration or major project, reduce during quiet periods, and add/remove specific services (e.g., add penetration testing annually, or pause FinOps reviews in steady state). --- ## DEVOPS AS A SERVICE Q: What is DevOps as a Service? A: DevOps as a Service (DaaS) is a managed service where a dedicated, external team of DevOps engineers takes full ownership of your CI/CD pipelines, cloud infrastructure, monitoring, security, and operational reliability. Unlike hiring one DevOps engineer, DaaS provides a full-spectrum team with AWS architects, Kubernetes specialists, security engineers, and SRE expertise — all on one retainer. Q: How is DaaS different from hiring a DevOps engineer? A: Hiring one engineer gives you one skill set, one timezone, and no coverage during illness or vacation. DaaS gives you team breadth (cloud + security + Kubernetes + SRE), documented processes, knowledge sharing, and genuine 24/7 coverage on Enterprise plans. Cost: an EU DevOps team of 3 costs €12,000–€18,000+/month in salary; WebDirect DaaS starts at €2,500. Q: What are typical SLAs? A: Response time SLAs by plan: - Starter: next-business-day response - Professional: 4-hour response during business hours - Enterprise: 15-minute response for Critical incidents, 24/7 All SLAs are documented in the service agreement. Q: How long does onboarding take? A: Standard onboarding: 1 week (infrastructure audit) + 2 weeks (quick wins, access setup, monitoring baseline, critical security fixes). Clients typically see measurable value within the first 2 weeks. Q: What tools does WebDirect use for communication? A: Slack (primary), Telegram for critical alerts, email, and scheduled video calls. WebDirect integrates into the client's existing Jira, Linear, or GitHub/GitLab workflows. --- ## CI/CD PIPELINE AUTOMATION Q: What is CI/CD and why does a business need it? A: CI/CD (Continuous Integration / Continuous Deployment) automates the process of building, testing, and releasing software. CI ensures every commit is automatically compiled, linted, and tested — catching bugs within minutes. CD deploys tested code automatically to staging or production. According to DORA's State of DevOps research, elite teams with CI/CD deploy 208× more frequently, with change failure rates under 5% and lead times measured in hours vs. months for low performers. Q: How long does CI/CD pipeline setup take? A: Standard implementation: 4 weeks. - Week 1: Discovery, repository audit, architecture design - Weeks 2–3: Build automation, Docker environments, test gates, SAST/DAST - Weeks 3–4: Zero-downtime deployment config (blue-green / canary), rollback - Week 4: Team handover, documentation, training Q: Which CI/CD tools does WebDirect use? A: GitLab CI, GitHub Actions, Jenkins, ArgoCD. Docker for containerisation, Helm for Kubernetes packaging, SonarQube for code quality, Trivy for container scanning, OWASP ZAP for DAST. Tool selection is based on client's existing stack. Q: What deployment strategies are available? A: Blue-green deployment (zero-downtime, instant rollback), canary deployment (gradual traffic shift, automatic rollback on error spike), rolling update (for Kubernetes workloads), and feature flags (for business-controlled rollouts). --- ## CLOUD MIGRATION Q: What cloud providers does WebDirect work with? A: AWS (primary — EC2, RDS, S3, Lambda, EKS), Google Cloud Platform (GKE, Cloud SQL, Cloud Run), and Microsoft Azure. Cloud selection recommendations are based on workload type, client preference, and cost analysis. Q: How long does a typical cloud migration take? A: Depends on complexity. A web application with a database: 4–6 weeks. A multi-service enterprise application: 8–16 weeks. An e-commerce platform with zero-downtime requirement and data migration: 8 weeks (based on completed case study). Always preceded by a 1-week assessment and architecture design phase. Q: What happens to data during migration? Is there downtime? A: WebDirect uses phased migration to minimise downtime. Database replication is set up ahead of cutover, so the final DNS switch takes minutes. For applications with strict SLAs, a blue-green migration strategy is used: new environment runs in parallel, traffic shifts only after validation. Typical cutover downtime: 0–5 minutes. --- ## KUBERNETES Q: What Kubernetes platforms does WebDirect manage? A: AWS EKS, Google GKE, Azure AKS, and self-managed Kubernetes (Hetzner, bare-metal). Cluster setup includes networking (Calico or Cilium), ingress (Nginx or Traefik), cert-manager, Prometheus monitoring, and GitOps with ArgoCD. Q: Can WebDirect help migrate from Docker Compose or bare VMs to Kubernetes? A: Yes. Containerisation and Kubernetes migration is a core service. Process: containerise application (Docker), write Helm charts, set up staging cluster, validate, migrate production with zero downtime. Timeline: 4–8 weeks depending on application count. Q: What is the difference between EKS, GKE, and self-managed Kubernetes? A: EKS (AWS) and GKE (GCP) are managed control planes — the cloud provider manages the API server, etcd, and control plane upgrades. More expensive but less operational overhead. Self-managed (Hetzner Cloud, bare-metal) is cheaper (30–50% cost saving vs. EKS) but requires more operational maintenance. WebDirect recommends self-managed for cost-sensitive workloads and EKS/GKE for compliance-sensitive or heavy-burst workloads. --- ## INFRASTRUCTURE AS CODE Q: What IaC tools does WebDirect use? A: Terraform (primary), Ansible (configuration management), Pulumi (for TypeScript/Python IaC preference), AWS CloudFormation (when required), Packer (image building), HashiCorp Vault (secrets management). Q: Can you migrate existing manually-configured infrastructure to IaC without downtime? A: Yes. The process: (1) document existing state, (2) write Terraform code that matches existing state (using terraform import), (3) validate no changes (terraform plan should show 0 changes), (4) gradually move management of each resource to Terraform. No downtime required for the migration itself. --- ## CYBERSECURITY & PENETRATION TESTING Q: What types of penetration testing does WebDirect offer? A: Web application penetration testing (OWASP Testing Guide), API security testing, network penetration testing (internal and external), cloud configuration review (AWS/GCP CIS benchmarks), social engineering assessment, and physical security assessment. Testing modes: black-box (no prior info), grey-box (partial info, most common), white-box (full source code access). Q: What does a penetration test report include? A: Executive summary (for non-technical stakeholders), technical findings with CVSS v3.1 severity scores, proof-of-concept details (where legally and contractually permitted), step-by-step reproduction instructions, and a prioritised remediation roadmap. Retest included within 30 days to verify fixes. Q: What compliance frameworks does WebDirect support? A: GDPR (Article 32 technical measures), NIS2 Directive, PCI DSS (Level 2 and 3 merchants), ISO 27001 gap analysis, SOC 2 Type II preparation, CIS Benchmarks (Level 1 and 2 for Linux, Kubernetes, AWS), OWASP Top 10. --- ## DEVSECOPS Q: What is DevSecOps and how is it different from penetration testing? A: Penetration testing is a point-in-time assessment of vulnerabilities. DevSecOps is continuous: security scanning is embedded into every CI/CD pipeline run. Every commit triggers SAST (static analysis with SonarQube/Semgrep), container scanning (Trivy), and dependency scanning (Dependabot/Snyk). DAST runs on every deployment to staging. Combined: daily automated security vs. annual manual pentest. Q: What security scanners are integrated into the CI/CD pipeline? A: SAST: SonarQube, Semgrep. Container image scanning: Trivy. Dependency scanning: Snyk, Dependabot. DAST: OWASP ZAP. Secrets detection: Truffleog, git-secrets. IaC scanning: Checkov, Terrascan. Policy as code: OPA/Gatekeeper. --- ## MONITORING & OBSERVABILITY (SRE) Q: What monitoring tools does WebDirect deploy? A: Metrics: Prometheus + Grafana. Logs: Loki (lightweight) or ELK Stack (Elasticsearch, Logstash, Kibana) for high-volume. Traces: OpenTelemetry with Jaeger or Tempo. Alerting: Alertmanager + PagerDuty + Telegram. Synthetic monitoring: Blackbox Exporter. Q: What are SLIs, SLOs, and error budgets and why do they matter? A: SLI (Service Level Indicator): a specific metric measuring service behaviour (e.g., 99th percentile API response time, error rate). SLO (Service Level Objective): a target for that SLI agreed with the business (e.g., "99.9% of requests succeed in < 500ms"). Error budget: the allowed failure rate (0.1% = 43 minutes/month). Error budgets align engineering and business: when the budget is healthy, the team ships fast; when it's depleted, reliability takes priority. WebDirect defines SLOs based on actual business impact during onboarding. Q: How are on-call alerts configured to avoid alert fatigue? A: Symptom-based alerting: only alert on user-visible impact (high error rate, P99 latency exceeded, service down) — not on infrastructure noise (CPU 80%, disk 60%). Every alert must have a corresponding runbook. Alert routing: informational → Slack channel; warning → team Telegram; critical → PagerDuty + SMS escalation. Average client result: 70–90% reduction in alert noise. --- ## CLOUD COST OPTIMIZATION (FINOPS) Q: How much can WebDirect typically save on cloud costs? A: Average first-engagement savings: 20–40% of the monthly cloud bill. Typical levers: rightsizing overprovisioned instances (often 30–50% of compute is wasted), switching eligible workloads to Reserved or Spot instances (40–70% discount), eliminating idle resources (forgotten test environments, old snapshots), and autoscaling calibration. Q: How long does a FinOps engagement take before savings are visible? A: Quick wins (rightsizing, idle resource cleanup): visible within 2 weeks, reflected in next month's bill. Reserved instance strategy: requires 1–3 month analysis of usage patterns. Full FinOps implementation (tagging, showback, governance policies): 4–6 weeks. --- ## GDPR & COMPLIANCE Q: Does WebDirect sign a Data Processing Agreement (DPA)? A: Yes. WebDirect signs a GDPR-compliant DPA as a data processor for any client data accessed during service delivery. Standard DPA available; can be reviewed by client's legal team. Q: Is WebDirect GDPR compliant as a company? A: Yes. Web Direct SRL complies with GDPR requirements applicable to a Moldova-based processor serving EU clients. Privacy policy: https://www.webdirect.md/en/privacy/ Q: How does WebDirect handle sensitive data (passwords, API keys, database credentials)? A: Secrets are managed via HashiCorp Vault or AWS Secrets Manager — never stored in plaintext, never in Git history. Access is role-based with audit logging. SSH access uses key-based authentication only; no password-based SSH. All WebDirect engineer access is logged and available for client audit on request. --- ## GETTING STARTED Q: How do I start working with WebDirect? A: Three ways: 1. Request a free 30-minute infrastructure audit: https://www.webdirect.md/en/audit/ 2. Send a message via the contact form: https://www.webdirect.md/en/contact/ 3. Email directly: hello@webdirect.md Q: What information should I prepare before the first call? A: Helpful to know in advance: current infrastructure overview (cloud provider, number of servers/services), what problems you're facing (downtime, slow deployments, security audit requirement), deadlines (compliance dates, launch dates), team size and technical level, and approximate monthly cloud budget. None of this is required — we can discover it together during the audit. Q: What languages does WebDirect communicate in? A: Romanian (native), Russian (native), English (fluent). All technical documentation, runbooks, and reports can be delivered in any of these three languages. --- ## ABOUT THE BLOG Q: What topics does the WebDirect blog cover? A: Practical guides for business leaders and technical teams on: IT monitoring and observability, Kubernetes operations, CI/CD pipeline design, cloud cost optimisation, cybersecurity and penetration testing, DevSecOps practices, GDPR and NIS2 compliance, and infrastructure architecture patterns. Articles are written by practicing engineers with real project experience. Blog: https://www.webdirect.md/en/blog/