24X7 mANAGED SERVICES
Guardian keeps your
identity platform
running
Guardian is Midships' 24x7 managed service for Ping Identity, Keycloak, and Icebreaker. We handle production incidents, proactive monitoring, and platform housekeeping — so your team focuses on business outcomes, not operational overhead.
// GUARDIAN - PLATFORM STATUS
All systems operational
Ping AIS (PingAM / PingDS / PingIDM)
Monitored
Ping AIC (PingOne)
Monitored
Keycloak / RHBK
Monitored
Icebreaker — AI Governance
-
Monitored
24x7
Coverage
Custom
SLA per client
P1
Incident priority
L4
Support in licence
What Guardian Is
Managed operations. Not just support.
Guardian is not a helpdesk. It is a managed operations service — Midships takes responsibility for the health and availability of your Ping, Keycloak, and Icebreaker platforms in production.
The focus is on production incidents and platform housekeeping. When something goes wrong in your live identity environment, Guardian responds — not after a ticket is raised, but because monitoring detected it first. Housekeeping covers the routine operational tasks that accumulate over time and, if ignored, become incidents.
For clients who need more, Guardian can be extended to include enhancements and change requests — making it a fully managed continuous service rather than a break/fix operation.
Level 4 support — where Midships code requires a fix — is included in the product or accelerator licence fee. Guardian is not required for that.
Production incident response
24x7 monitoring with alert-based response. Midships detects, triages, and resolves production incidents — including communications and follow-up. You are not the first to know.
Platform housekeeping
Routine operational tasks — certificate renewals, capacity reviews, log hygiene, configuration drift checks, patch assessment, and audit readiness. Managed proactively, not reactively.
Upgrades and patching
Version upgrades, security patches, and configuration changes delivered using zero-downtime procedures. Tested in lower environments first, rehearsed before production.
Monitoring and observability
Advanced observability, alert correlation, and AI-assisted triage across the full identity service stack — not just the platform, but the journeys and integrations that depend on it.
Enhancements — on request
Guardian can be scoped to include journey enhancements, configuration changes, and new integrations. Available on client request — extending Guardian from a managed operations service to a continuous delivery partnership.
Standard Coverage
What every Guardian engagement includes
Guardian is scoped per client — but these capabilities are standard across all engagements.
Proactive monitoring
Continuous observability across the platform stack. Alert correlation reduces noise and ensures the right engineers act on the right signals.
Health, capacity, and security signal monitoring
Pattern-based alerting — PagerDuty and Twilio integration
Smart escalation routing to the right team
Incident management
Full lifecycle incident ownership — detection, triage, resolution, and post-incident review. Midships manages the incident, not just the ticket.
Alert-to-resolution ownership
Client communications during incidents
Client communications during incidents
Security and compliance
Security monitoring, patch assessment, and audit readiness maintained continuously — not only at audit time.
Security event monitoring and alerting
Patch and vulnerability assessment
Audit-ready documentation and runbooks
Platform housekeeping
The routine operational tasks that prevent incidents — certificate management, capacity reviews, configuration drift, and log hygiene.
Certificate renewal and rotation
Capacity and performance reviews
Configuration drift detection and correction
Upgrades and patching
Zero-downtime upgrade delivery — tested in lower environments, rehearsed, then executed in production without service windows.
Version upgrades and security patches
Pre-production rehearsal and rollback testing
Zero-downtime execution in production
Documentation and runbooks
Configuration, runbooks, and operational documentation kept current and audit-ready — so your team is not dependent on Midships for operational knowledge.
Up-to-date runbooks for all platforms
Change log and configuration history
DR procedures and evidence packs
What Is and Is Not in Guardian
Three layers of support — clearly separated
Midships provides three distinct layers of support. Understanding which layer covers what prevents confusion when something needs attention.
Level 4 Product Support
Where Midships code — in an Accelerator or in Icebreaker — has a defect that requires a fix, that fix is covered by the product licence. Guardian is not required for this.
Accelerator code defects and bug fixes
Icebreaker product defects and patches
Covered regardless of Guardian engagement
Managed Operations
Production incidents, platform housekeeping, monitoring, upgrades, and patching. Midships takes operational responsibility for platform availability and health.
24x7 production incident response
Proactive monitoring and housekeeping
Zero-downtime upgrades and patching
Security and audit readiness
Enhancements and Change
On client request, Guardian can be scoped to include journey enhancements, new integrations, and configuration changes — a continuous delivery partnership alongside managed operations.
Journey enhancements and new flows
New application and system integrations
Configuration changes and policy updates
Available on request — scoped per client
Guardian vs vendor support
The recommended combination — vendor support handles platform defects; Guardian handles everything else.
Guardian + Vendor Support
Complementary?
Upgrades
Alerting
Incident detection
Scope
Service model
Reactive — you raise a ticket, they respond
Platform vendor product defects only
You detect and report the incident
Basic or manual
Guidance only — your team executes
-
✓ Guardian works alongside vendor support — they are not alternatives
✓ Midships owns delivery — tested, rehearsed, zero downtime
✓ Pattern-based with smart escalation via PagerDuty and Twilio
✓ Midships detects via continuous monitoring — often before users are affected
✓ Full identity service — platform, journeys, integrations, and infrastructure
✓ Proactive — Midships detects and acts before you know there is a problem
Midships Guardian
Vendor support (e.g. Ping Elite)
Factor
Platforms Covered
One service. Four platforms.
Guardian covers the full Midships product and service stack — Ping AIS, Ping AIC, Keycloak, and Icebreaker — under a single managed service engagement.
PingAM, PingIDM, PingDS, PingAuthorize
Full managed operations for the Ping Advanced Identity Services stack on Kubernetes — monitoring, incident response, upgrades, and housekeeping for the complete on-premise or private cloud deployment.
24x7 monitoring across PingAM, PingIDM, PingDS, PingAuthorize
Zero-downtime upgrades — blue/green, canary, rolling
Multi-region HA monitoring and DR evidence
Kubernetes infrastructure health and capacity
Security event monitoring and SIEM integration
PingOne Advanced Identity Cloud
Managed operations for the PingOne AIC SaaS platform — tenant health, journey monitoring, integration reliability, and the operational overhead that AIC customers typically carry internally.
Tenant health and journey availability monitoring
PingOne Protect and Verify performance monitoring
AIC-to-AIS failover readiness and testing
Integration layer monitoring and incident response
Configuration drift detection and correction
Keycloak and Red Hat Build of Keycloak
Full managed operations for enterprise Keycloak on Kubernetes — covering the operational complexity that standard Keycloak deployments leave unresolved, including HA, upgrades, and security.
HA and multi-cluster health monitoring
Zero-downtime version upgrades
Database backup, PITR, and DR testing
Security hardening maintenance
Authentication flow and journey monitoring
AI Governance — Runtime Operations
Managed operations for Icebreaker in production — ensuring the AI governance control plane is available, performing, and generating accurate audit evidence across all governed agent sessions.
Governance engine availability and latency monitoring
Policy store and registry health
Audit trail integrity and evidence readiness
Integration with IAM and PEP monitoring
Alert on governance decision anomalies
How to Engage
Three engagement paths
Guardian works whether Midships deployed your platform or not. We can take over an existing deployment, continue managing a platform we built, or build and run a new one from scratch.
01
Post-deployment handover
Midships deploys your platform — using an Accelerator or through a consulting engagement — then hands it over to Guardian for ongoing managed operations. The same team that built it runs it. No knowledge transfer gap.
02
Takeover of existing deployment
Your Ping, Keycloak, or Icebreaker platform is already running and you want to hand operations to a specialist team. Midships conducts a platform assessment, documents the environment, and transitions into managed operations with a defined handover period.
03
Greenfield — build and run
Midships designs, deploys, and then operates the platform from day one. You never need to staff an internal IAM operations team. Midships is your IAM operations function — accountable for availability, security, and continuous improvement.
SLA model
Guardian operates on 24x7 coverage as standard. SLAs — including response time, resolution time, and availability targets — are agreed per client based on platform criticality and regulatory context. There is no off-the-shelf SLA tier. Every Guardian engagement is structured to meet the specific requirements of the client's environment and obligations.
Frequently Asked Questions
Guardian — common questions
What is Guardian?
Guardian is Midships' 24x7 managed service for Ping Identity (AIS and AIC), Keycloak, and Icebreaker. It covers production incident response, proactive monitoring, platform housekeeping, and zero-downtime upgrades. It can optionally be extended to include enhancements and change on client request.
Is Level 4 support included in Guardian?
No — and this is intentional. Level 4 support, which covers defects in Midships' own code (Accelerators and Icebreaker), is included in the product licence fee regardless of whether a client has Guardian. Guardian is not required for code-level fixes to Midships products. Guardian covers operational management of the running platform.
What SLAs does Guardian offer?
Guardian provides 24x7 coverage as standard. Response time, resolution time, and availability SLAs are agreed per client based on platform criticality and regulatory context. There are no fixed off-the-shelf tiers — SLAs are structured to meet each client's specific requirements and obligations. Contact sales@midships.io to discuss your requirements.
Can Guardian take over a platform Midships did not deploy?
Yes. Guardian can take over operational responsibility for an existing Ping, Keycloak, or Icebreaker deployment regardless of who deployed it. Midships conducts a platform assessment, documents the current state, and transitions into managed operations with a defined handover period. The time required depends on the complexity of the existing environment.
Does Guardian include enhancements and new development?
Not in the standard scope, but it can be. On client request, Guardian can be extended to include journey enhancements, new application integrations, and configuration changes — making it a continuous delivery partnership alongside managed operations. This is scoped and agreed per client.
How is Guardian different from Ping Elite Support?
Ping Elite Support is valuable and covers product defects at the vendor level — Midships recommends clients maintain it. Guardian is complementary, not an alternative. Ping Elite fixes platform bugs. Guardian manages everything else: monitoring, incident response, upgrades, housekeeping, and availability. Together they provide comprehensive coverage.
Does Guardian cover Icebreaker operations?
Yes. Guardian covers Icebreaker runtime operations — monitoring the governance engine, policy store, and registry availability; ensuring audit trails are intact; alerting on decision anomalies; and maintaining integration health with the IAM and PEP layers. For enterprises deploying agentic AI in regulated environments, operational reliability of the governance layer is as critical as the identity platform itself.
How do we start with Guardian?
Contact sales@midships.io. Midships will scope the engagement based on your platform, environment, and operational requirements — whether that is a post-deployment handover, a takeover of an existing deployment, or a greenfield build-and-run. SLAs and scope are agreed before engagement begins.