Cleva

Integration hub
SaaS Offering
Embark on a transformative digital journey with the Cleva Integration hub
SaaS. Harness the power of innovation to redefine how you take
advantage of software, ensuring your business stays agile, competitive,
and ready for the future.
Introduction

The transition to a SaaS-based environment marks a significant shift in the way companies operate,
offering scalability, flexibility, and streamlined processes that enhance business agility. The Cleva
Integration hub SaaS represents a key step forward in this evolution, designed specifically to meet the
needs of businesses looking to leverage the advantages of SaaS models while maintaining a seamless
connection with their on-premise systems.

This document outlines the comprehensive capabilities of the Cleva Integration hub SaaS offering,
detailing how it provides robust, secure, and scalable solutions for client operations. By integrating
features such as automated updates, high availability, multi-tenant architecture, and security protocols,
the Cleva Integration hub SaaS enables clients to modernise their operations with minimal disruption. This
solution supports continuous integration and deployment, allowing clients to rapidly adopt new features
and improvements.

In addition to outlining the capabilities of the Cleva Integration hub SaaS, this document provides insight
into the journey from on-premise to the SaaS model, highlighting key differences between the two
models, and the support structure in place to ensure a smooth transition.

2
Value Offer

Self-hosted solutions often face significant challenges such as upgrading to the latest capabilities,
managing maintenance costs, addressing security threats, and scaling the platform to meet the
demands of evolving technology. These challenges can hinder the agility and innovation required to keep
pace with optimised technology and infrastructure.

The Cleva Integration hub SaaS offering enables clients to overcome these barriers by providing a SaaS-
based solution that enhances operational agility. It drives innovation through automation, faster updates,
and built-in security, freeing clients from the complexities of infrastructure management.

By adopting the Cleva Integration hub SaaS, clients benefit from reduced technical debt, as the platform
ensures that their technology is always up-to-date and optimised. The architecture also provides
continuous improvements, ensuring that upgrades are seamless and deliver the latest features faster.

Figure 1 – Cleva Integration hub SaaS value offer.

3
Value Offer

Table 1 highlights the key

differences between the current
on-premise and the Cleva
Integration hub SaaS offering,
showcasing enhancements in
infrastructure management,
authentication, update processes,
and testing capabilities.

4
Table 1 – Key differences between on-premise and SaaS.
Capabilities

The Cleva Integration hub SaaS offers a comprehensive set of capabilities designed to optimise
operational efficiency, enhance security, and streamline software management.

In the on-premise model, clients are responsible for managing their own infrastructure, including
installation, updates, and security. The Cleva Integration hub SaaS offering shifts this responsibility to
Cleva, which provides centralised infrastructure management, automated updates, and enhanced
security. Additionally, the Cleva Integration hub SaaS introduces automated processes for continuous
integration, deployment, and regression testing, significantly reducing manual effort and accelerating the
release of new features and updates.

Clients also benefit from built-in infrastructure monitoring and performance tools, offering insights into
system health and performance.

To further illustrate the advantages of transitioning to the Cleva Integration hub SaaS, its key capabilities
are highlighted below.

5
Capabilities

Key Capabilities

Faster software upgrades: the Cleva Integration Security privacy and compliance: the Cleva
hub SaaS streamlined upgrade process enables Integration hub SaaS security framework
quicker adoption of new features and ensures that data privacy and compliance are
improvements. By handling upgrades efficiently, always top priorities. By adhering to industry
clients can stay current with the latest software standards and implementing advanced security
advancements, reducing the risk of falling measures, we provide clients with a secure
behind and ensuring continuous operational environment that safeguards sensitive
excellence and reduce the timeframes required information and meets regulatory requirements.
for implementations.

Monitoring: monitoring tools provide visibility into

Automated regression tests: automating tests system performance and health. This approach
for the Cleva Integration hub SaaS software enables the swift detection and resolution of
enables faster validation, accelerating the issues, ensuring optimal performance and
transition from testing to production. Clients can uninterrupted service delivery. Monthly reports
also take ownership of their test, ensuring that are generated, offering insights into system
their specific needs and configurations are trends, resource utilisation, and any incidents
consistently met. that occurred.

Continuous integration and deployment: integrating continuous integration and deployment into SaaS
environment streamlines the software release process, ensuring that new features and updates are delivered
rapidly and reliably. This approach minimises downtime, allowing clients to benefit from the latest
enhancements with minimal disruption to their operations.
6
Solution
Architecture
The architecture of the Cleva Integration hub SaaS is designed to provide a robust, scalable, and high-
availability environment that seamlessly integrates the on-premise system with the Cleva Integration hub
SaaS.

The core business applications that provide services for operations such as creating policies, managing
claims, and retrieving data, remain on-premise and are connected to the Cleva Integration hub SaaS.

On-premise applications: they interact with the Integration Layer, installed on the on-premise
environment, which ensures that these operations are securely and efficiently communicated with the
Cleva Integration hub SaaS.

Cleva Integration hub SaaS: the Cleva Integration hub SaaS offers a user-friendly interface for managing
the integration processes and monitoring system performance.

Figure 2 – Cleva Integration hub SaaS architecture. 7

Solution
Architecture

Authentication Options

The platform supports multiple authentication methods, including LDAP, integration

with Microsoft365 and local user creation, to cater to different security requirements.
These options ensure that the Cleva Integration hub SaaS can adapt to various
security policies and user management needs, providing flexibility without
compromising on security.

To further enhance security, the platform supports Multi-Factor Authentication (MFA)

with three available methods: FreeOTP, Microsoft Authenticator, and Google
Authenticator.

These MFA options provide an additional layer of security for user authentication,
aligning with modern security standards and ensuring compliance with strict access
control policies.

Figure 3 illustrates the available security options, ranging from integrating existing
on-premise LDAP, Single Sign-On (SSO) with Microsoft 365 or directly managing users
within the SaaS environment through keycloak. Each method is designed to provide
seamless and secure access management while catering to varying levels of
security requirements.

8
Solution
Architecture
▪ LDAP integration: allows the use of
existing LDAP directories for user
authentication, providing a seamless
experience for organisations already
using LDAP.
▪ Microsoft365 integration (SSO):
enables Single Sign-On (SSO) through
the Client’s Microsoft 365 for secure
and convenient access management.
▪ Local user creation: users can be
created directly within the SaaS
environment, managed via the
integrated keycloak identity
management system. Figure 3 – Authentication options.

Disaster and Recovery

The solution also includes a disaster recovery (DR) feature to protect client data and ensure business
continuity. A DR plan is in place to quickly restore operations in the event of a failure. Data is
continuously replicated asynchronously between the primary and secondary systems located in two
geographically distinct sites. This replication process guarantees a copy of the production
environment in a remote DR site, enabling a rapid recovery. This ensures minimal downtime and data
loss, safeguarding business operations.
A Recovery Point Objective (RPO) of less than 30 minutes is supported under normal conditions. In the
event of an incident requiring activation of the DR process, it will be performed with a Recovery Time
Objective (RTO) of 24 hours. 9
Solution
Architecture
Backups
Regular backups of the production environment are performed and stored on physical tapes within an
independent infrastructure. Backup retention policies are aligned with compliance requirements and
operational needs specific to the Cleva Integration hub SaaS.

High availability and scalability

The architecture includes load balancing across
multiple servers, which distributes traffic evenly
and prevents any single point of failure from
affecting the overall system performance. The
critical systems and components are duplicated
to provide redundancy, ensuring that even if one
system fails, another can take over seamlessly.

Scalability is addressed across two key

dimensions: infrastructure and software. At the
infrastructure level, the system supports both
vertical and horizontal scaling:

▪ Vertical scaling allows for increasing the capacity of existing servers by adding more resources (e.g.,
CPU, memory) to handle larger workloads.
▪ Horizontal scaling enables the addition of more servers to distribute workloads across multiple
machines, enhancing system reliability and capacity.
10
Solution
Architecture
At the application level, both vertical and
horizontal scaling are supported, ensuring that
the Cleva Integration hub SaaS can dynamically
adapt to varying loads and user demands.

At the database level, the system supports

vertical scaling, which involves increasing the
capacity of the database server to manage
larger data sets or higher transaction volumes.
This ensures that database operations remain
efficient as data grows over time, without
compromising performance.

For software scalability, the Cleva Integration hub

SaaS leverages using Helm charts and
Kubernetes. These technologies provide
capabilities for managing application instances
and resources within the cluster.

By combining Helm and Kubernetes, the system

can automatically scale software components up
or down based on real-time demands, optimising
resource usage.

11
Solution
Architecture
Performance
To ensure the Cleva Integration hub SaaS is performance compliant under various conditions, a
comprehensive range of tests is conducted across several key areas. These tests are designed to
evaluate system behaviour and responsiveness, ensuring the solution can handle high volumes of
requests, process data efficiently, and recover effectively from any potential disruptions.
Figure 4 shows a breakdown of the key test types used to evaluate the system's performance across
different scenarios, including SaaS operations, end-to-end processes, and recovery assessments.

Figure 4 – Cleva Integration hub SaaS performance tests.

12
Product
Life Cycle

The Cleva Integration hub SaaS is designed to operate

with a shorter release life cycle, allowing for more
frequent updates and faster deployment of new
features. This approach offers several advantages.

Fast delivery: shorter release cycles mean that new features and improvements can be delivered more
quickly and respond rapidly to the client’s needs.

Improved responsiveness: regular updates ensure that the platform remains current, with the latest
enhancements and security patches applied in a timely manner. This responsiveness helps mitigate
risks and maintain high service levels.

Reduced downtime: with frequent, smaller releases, the need for extensive system overhauls is
minimised, reducing the likelihood of significant downtime or disruptions.
13
Product
Life Cycle

Understanding how it works

In the Cleva Integration hub SaaS,
updates are categorised into three
types: major releases, minor releases,
and patch releases. Major releases
introduce significant new features or
architectural changes, while minor
releases focus on improvements and
bug fixes. Patch releases address critical
issues as they arise. Table 2 outlines the
release management strategy within
the Cleva Integration hub SaaS, detailing
the frequency and scope of major,
minor, and patch releases. These
updates ensure that the platform
remains secure and up to date.
Table 2 – Cleva Integration hub SaaS life cycle.

14
Product
Life Cycle

The Cleva Integration hub SaaS is designed to

always run on the latest version. Unlike on-premise
environments, where multiple versions of the
software may coexist, the Cleva Integration hub
SaaS environment ensures that all clients benefit
from the most up-to-date features, security
enhancements, and performance improvements
simultaneously. This uniformity simplifies the
management process and enhances overall
reliability.

Clients can maintain their existing on-premise

versions while benefiting from the latest
Table 3 – Versions compatibility matrix.
enhancements. Table 3 illustrates the alignment
between various on-premise versions of the Cleva
Core and the Cleva Integration hub SaaS.

15
Product
Life Cycle

Life Cycle Process

Cleva employs a structured process that guides clients through each phase of the release and the
SaaS environment. Figure 5 illustrates the key steps of this process and communication channels, from
launch to adoption.

Figure 5 - Cleva Integration hub SaaS release life cycle process.

When Cleva releases a new version of the Integration hub software, clients are informed through the
communications channels defined. The communication will include the installation date and time,
beginning with the test environment.
16
Product
Life Cycle
There are predefined days and timeframes for updates in both testing and production environments.
Updates are first deployed in the testing environment, where they remain available for a set period to allow
validation before moving to production. Table 4 provides a summary of the release types, along with the
corresponding client notification timelines and testing durations within the test environment.

Table 4 – Release life cycle communication.

Special conditions for release timing:

▪ When a minor release coincides with the month of the major release, the minor one will not be released.
▪ The intervention hours are aligned with GMT.
▪ When the scheduled installation date falls on a holiday, the installation is rescheduled to 2 business
days earlier.
▪ When the day following the installation is a holiday, the installation is rescheduled to 1 business day
earlier.
▪ Additionally, holidays in the time zone of the clients using the Cleva Integration hub SaaS environment
will also be considered. 17
Product
Life Cycle

Key Points

Latest version assurance: the Cleva Integration Automation: most updates are performed in
hub SaaS is designed to always run on the the background, minimising the need for
latest version, unlike on-premise environments client involvement and reducing the demand
where multiple versions of the software may for client resources.
coexist.
Flexibility: the Cleva Integration hub SaaS can

Feature toggling: new features are generally be upgraded while allowing on-premise

enabled by default. However, in some applications to remain on different versions,

exceptional cases, there is a need to configure ensuring flexibility and continuity of

them upon client request. In such cases, this operations.

will be clearly highlighted in the feature

documentation to ensure clients are aware of Communication: the dates and hours for

the features requiring specific configuration. updates will be communicated in advance

and published on the different
communication channels. These will first be
Client impact: generally, no on-premise
deployed in the test environment, and after a
changes are required from clients during these
specified period, according to the type of
updates. If any exceptions occur, they will be
release, they will be implemented in the
communicated well in advance.
production environment. More details are
available in the Support chapter.

18
Security, Privacy
and Compliance

At Cleva, we are deeply committed to safeguarding the security and privacy of our clients’ data. Our
approach is built on a foundation of transparency, trust, and adherence to the standards of compliance
with relevant laws, regulations, and industry standards.

The Cleva Integration hub SaaS data is encrypted in transit using the https protocol, ensuring protection
against unauthorised access. It supports multi-tenant access, with data securely isolated at the database
level to protect each client's information. To enhance security, we offer several options for connecting on-
premise environments with the SaaS environment.

Dedicated Link: secure and isolated communication channels.

VPN IPsec: encrypted connections to protect data during transmission.

Public IP with IP Restrictions: controlled access for on-premise integrations, ensuring that only
authorised IP addresses can connect.

As an additional security measure, the Cleva Integration hub SaaS is deployed in production and non-
production environments independently. This segregation ensures that the integrity and security of
production environments are maintained.

19
Security, Privacy
and Compliance

SOC Services and Compliance

To ensure that our platform meets security standards, we have implemented comprehensive SOC
(Security Operations Center) services. These services focus on the continuous monitoring and
management of security incidents across our infrastructure. Our SOC services analyse and report
potential threats, thereby minimising risks to our clients’ data.
Additionally, Cleva is compliant with a wide range of certifications, listed in table 5, demonstrating our
commitment to maintaining industry-leading security practices.

Table 5 - SOC and compliance.

Data Encryption
Client data within the SaaS environment can be encrypted at rest, ensuring that sensitive information
remains protected from unauthorised access. Data in transit is also encrypted in compliance with
industry standards, like the https protocol.

20
Security, Privacy
and Compliance

Data Privacy Key testing methods and security tools

Data privacy is at the core of
Web server scanning: using Nikto to detect outdated software,
the Cleva Integration hub SaaS
priorities. The systems are misconfigurations, and security issues in web servers.

updated with the latest security

patches, providing protection SQL injection detection: SQLMap is used to identify vulnerabilities that
against emerging threats. The could allow attackers to manipulate databases through poorly
data retention policies ensure implemented SQL queries.
that client data is stored only
for as long as necessary to fulfil Token security: token-based tests verify how securely web
operational needs and applications handle session tokens using the Token tool.
compliance requirements, after
which it is securely deleted. Web application vulnerabilities: ZAP identifies flaws such as cross-
Additionally, Cleva employs a site scripting (XSS) and SQL injections through passive scanning.
proactive approach to security,
which includes regular security Dependency vulnerability checks: dependency-check ensures third-
assessments and penetration party libraries used in our system are free from known vulnerabilities.
testing to identify and mitigate
vulnerabilities. These tests help Manual testing: our testers manually assess more complex
ensure that the system vulnerabilities such as business logic errors or authentication
remains secure from potential weaknesses.
threats.
Security headers: we implement Content Security Policy (CSP) and
HTTP Strict Transport Security (HSTS) headers to enhance web
21
security and protect against attacks.
Continuous Integration
and Deployment

Continuous integration and deployment (CI/CD) are

essential for maintaining a competitive edge. With the
Cleva Integration hub SaaS offering, new features and
enhancements are delivered according to the release
plan, ensuring your systems stay up-to-date with the
latest capabilities.

Continuous delivery is at the heart of the Cleva Integration

hub SaaS offer. As new features and enhancements are
released, they are integrated into the production
environment as soon as they pass all stages in the test
environment. This approach ensures that you always have
access to the most current features
and capabilities.

On-premise vs Cleva Integration hub SaaS key differences

When it comes to software updates and new installations, there are distinct differences between on-premise
and the Cleva Integration hub SaaS model. In the SaaS model, Cleva is responsible for providing the
infrastructure and deploying the software, ensuring that both installations and updates benefit from an
integrated health status check feature.
As mentioned before, the Cleva Integration hub SaaS solution leverages Helm charts and Kubernetes to
support software scalability. One key advantage of the Cleva Integration hub SaaS environment is the
automatic deployment of Docker images, with version control ensuring smooth promotion between the test
and production environments. Additionally, the rolling update approach is used for updates, minimising
downtime and ensuring near-zero disruption. 22
Continuous Integration
and Deployment

Cleva Integration hub SaaS CI/CD

The Cleva Integration hub SaaS utilises a fully automated CI/CD pipeline to ensure smooth and efficient
deployments across both the test and production environments. The process begins with the code
managed in Git, which is then packaged into Docker images stored in the Docker Registry.

Using Helm, these deployments are managed within the Kubernetes cluster. The deployment process is
automated by ArgoCD, which continuously synchronises and promotes changes from the test
environment to the production environment according to the release installation schedule, ensuring
minimal downtime and near-zero disruption. This approach ensures that updates are deployed
seamlessly, with version control and health checks throughout the process.

Figure 6 – Cleva Integration hub SaaS CI/CD.

23
Continuous Integration
and Deployment

How to update the Cleva Integration hub SaaS

For minor and patch releases, we employ a
rolling update strategy to ensure a smooth and
uninterrupted transition to the latest software
version. Rolling updates allow for a gradual shift
from the current version to the new version,
minimising downtime and ensuring that the
system remains operational throughout the
update process. This method is resource-
efficient, as it ensures that only parts of the
environment are updated at a time, without
requiring a complete system shutdown.

However, for major updates, other methods

may need to be employed. This is because
major updates often involve structural changes
that might require more comprehensive
installation procedures. In such cases, a
different approach might be taken to ensure Figure 7 - Rolling update.

the stability and integrity of the system.

24
Path to the
SaaS Journey

The path to the Cleva Integration hub SaaS is designed to ensure a smooth transition for both existing
clients migrating from on-premise solutions and new clients setting up for the first time. A key component
on the on-premise side is the Integration Layer, which must be installed whether for a migration or a new
setup. This component is responsible for connecting the on-premise applications to the SaaS environment.
The process is divided into key stages as shown in figure 8.

Figure 8 – Path to the Cleva Integration hub SaaS journey.

Initial Assessment Planning

Evaluation of the current A plan is developed to ensure a
infrastructure and identification seamless transition to the Cleva
of key integration points. This Integration hub SaaS. For current
stage involves understanding clients, this includes identifying
the existing systems, and any activities that outline the steps
specific customisation needs. for configurations, and
For current clients, this includes integrations to the SaaS
assessing the current on- environment. For new clients,
premise setup, while for new this stage involves planning the
clients, it focuses on defining the setup of the SaaS environment,
required SaaS capabilities. including configurations. 25
Path to the
SaaS Journey

Migrate a client
The migration process from an on-premise Cleva Integration hub to the SaaS environment involves several
steps that ensure a smooth transition.

Client configuration on SaaS: configuring the client in the Cleva Integration hub SaaS environment
involves defining security parameters, DNS, authentication integration, and access controls, as well as
ensuring the necessary connectivity prerequisites.

Installation of the integration layer: a critical step in the migration is the installation of the Integration
Layer on-premise, which acts as a bridge between the on-premise applications and the Cleva
Integration hub SaaS.

Deactivation of the on-premise Cleva Integration hub: after the successful migration of the
configurations to the SaaS environment and the installation of the integration layer, the on-premise
Cleva Integration hub is deactivated.

Additionally, the client can decide

between two data migration
options. They may opt for no data
migration, choosing a “fresh start”
in the SaaS environment without
transferring existing data, or they
may choose to migrate their data
to the SaaS environment.

Figure 9 - Steps to migrate to Cleva Integration hub SaaS. 26

Path to the
SaaS Journey

Setup a new client

Setting up a new client on the SaaS
environment includes configuring
security parameters, DNS,
authentication integration, and
access controls. Additionally, there
are connectivity prerequisites on the
on-premise side that must be met to
ensure seamless integration.

Testing and Go Live

To ensure the reliability and security of the Cleva Integration hub SaaS before moving to production,
a comprehensive testing process is conducted. This includes functionality, security, and performance
tests, verifying that the system operates as expected and meets all operational needs.

The testing approach relies on automated tests to handle various stages of validation. The testing
environment remains available, allowing clients to run additional tests, if necessary, especially if
specific features are involved, for which the client is responsible for testing. Furthermore, there are
KPIs established to determine readiness for production deployment.

Different types of tests are performed in both the SaaS testing and production environments, as
indicated in figure 10.

27
Path to the
SaaS Journey
Type of tests conducted

Health status check: verifies if services and

nodes are running properly after the software

installation.

Regression tests: ensure that any new feature or

change doesn’t negatively impact on the
existing functionalities.
Figure 10 – Types of tests per environment.

New features tests: subset of tests that focus Each release type, whether minor or patch,
solely on read operations. They verify if the undergoes different types of testing. For major
system’s essential functionalities are operational releases, the scope of testing may be more
and stable. comprehensive, depending on the structural
changes or significant developments included.
Performance tests: evaluate the system’s
responsiveness by measuring the key All releases must pass a certification process
performance metrics. during the development phase to guarantee
quality before they are moved into production.
Security tests: assess the system’s ability to This process is a standard practice to minimise
resist unauthorised access, data breaches, and risks and ensure the stability and security of the
other vulnerabilities. Cleva Integration hub before moving to the SaaS
environment.

28
Client
Support

Effective and responsive client support is central to the Cleva Integration hub SaaS experience. The
strategy ensures that clients receive consistent and timely assistance across multiple support
channels, tailored to address various operational needs.

Key Changes in client support for Communication channels

the SaaS transition

Centralised deployment and management: with Tools: clients have access to JIRA where they
centralised Cleva software updates, the support can submit tickets and track progress as
teams can manage client environments more defined in the client’s existing support contract.
efficiently, reducing the need for manual
intervention and keeping systems up to date. Phone support: for urgent issues, phone support
is available during business hours as defined in
Reduced downtime and disruption: automated the client’s existing support contract, ensuring
Cleva software updates are applied with quick resolution of critical problems.
minimal impact on client operations,
significantly reducing downtime during Email notifications: important notifications,
installation windows. including maintenance schedules and update
rollouts are communicated via email to keep
Support levels and availability: the SaaS clients informed of any changes or upcoming
infrastructure enables faster response times events.
through centralised monitoring while
maintaining the existing support levels defined
in the client’s support contract, ensuring
29
continuity and reliability.
Client
Support

Service Level Agreement

The SLAs outline specific response and resolution times aligned with the application support terms of
the client’s existing support contract. These agreements ensure clients understand the level of service
and support they can expect.

Infrastructure Maintenance Reports

To ensure the smooth operation of the We provide comprehensive reports following

SaaS environment, a pre-scheduled significant support events as defined in the
maintenance window is defined for client’s existing support contract, as well as
infrastructure activities. This window is reports on SaaS uptime.
set daily from 11:00 PM to 12:00 AM,
aligned with the Portuguese time zone
(GMT or GMT+1).
Any exceptions to this schedule are
communicated well in advance to
minimise disruptions to client
operations. Upon completion of
maintenance activities, a confirmation
email is sent to notify clients that all
services are fully operational.

30
Client
Support

Provided Services

Application
The services offered are defined by the terms of the
client’s existing support contract.

Infrastructure
Service management: manages the SaaS
infrastructure services.

Infrastructure provisioning: provides and hosts the

SaaS infrastructure, covering physical security,
maintenance, and data centre access
management.

Infrastructure management: monitors system

status, resolves hardware issues, manages backups,
supports system usage, installs system updates
and Security Operations Center (SOC).

Application monitoring: monitors and controls Cleva

applications, ensuring critical services run smoothly.

Disaster recovery: provides the infrastructure to

ensure continuity of critical business functions in
case of disaster, with RTO and RPO.
 “
With the Cleva Integration hub SaaS, your
business benefits from continuous updates,
automation and enhanced security, allowing you
to maintain operational and business agility.

Inetum.world ©2025 Cleva Solutions, S.A.

This document contains information owned by Cleva Solutions, S.A.
Unauthorised copy, distribution or dissemination of the information herein constitutes
a violation of Cleva’s policies and intellectual property rights.