Sota Solutions Ltd

SotaCLOUD - Infrastructure as a Service (IaaS)

SotaCLOUD – Infrastructure as a Service (Iaas) provides all the technical and cost benefits of a cloud infrastructure that is secure, resilient and professionally managed. The compute and storage platform, data centre environment and core network, are all owned, managed and supported by Sota and are located in the UK.

Features

  • Virtual servers and physical servers
  • ISO27001 certified
  • Highly flexible servers tailored to you
  • 24x7x365 server support available
  • 99.95% available SLA backed hardware and network
  • Private cloud, Public cloud and Hybrid cloud
  • Firewall management
  • Disater Recovery -On premise or cloud to cloud
  • Backup Service -On premise or cloud to cloud

Benefits

  • Reduce costs
  • Fully supported platform
  • UK based service and support
  • Eliminate capital and operating expenses related to data centre operations
  • Flexible configurations of cpu, memory and storage

Pricing

£37.50 per virtual machine per month

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

1 3 9 2 6 4 7 7 7 1 6 0 7 3 3

Contact

Sota Solutions Ltd

Sales Enquiries

01795 413500

tenders@sota.co.uk

Service scope

Service constraints
The service is limited to hardware and Windows management only, and does not include customer application support. This can be provided through our other serivces.
System requirements
Software must run on Windows

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLAs vary depending on severity and service
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support includes a 99.9% service uptime promise and ticketing responses 08:00 - 18:00 Monday and Friday (not weekends). We provide an additional tier of support, allowing customers to specify SLA requirements and ensuring 24/7/365 monitoring and response. This service costs an additional £250 + VAT per month, per server procured. You will have a dedicated support team, including an account manager, as standard.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our Account Management team will work with the customer to ensure the right service is procured and implemented.

Our ticketing system can also be used to assist people with our service.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
This entirely depends on the application, and could be anything from an entire VM snapshot exported and delivered to the customer, to database and code dumps provided in an archive format. We would work with the customer to ensure they get the data they need, in the format they need it, within reason.
End-of-contract process
At the end of the contract any data the customer requires exporting is exported and delivered, then the server(s) are shut down.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
As part of our ISO 27001 certified service management system, we regularly carry out usage and resource checks. We ensure the system is always working within generous limits, so even a significant customer spike in usage would not affect other customers. We also use a system to automatically smooth out resource usage by seamlessly migrating guest servers between hypervisors as load requires.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Databases
Backup controls
Backups are managed by Sota following instruction from the customer
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Contact Sota for details.
Data protection within supplier network
Other
Other protection within supplier network
Contact Sota for details.

Availability and resilience

Guaranteed availability
We provide 99.95% uptime on our private cloud for virtual hardware and network connectivity. Should we fail to deliver, customers may request a service credit from their account manager.
Approach to resilience
We have no single point of failure anywhere in our systems, from datacentre fibre connections through to firewalls, cabling and switching. Everything is at least doubled. We use resilient Dell SANs to provide the disks for our virtual servers, which is highly available and connected over a resilient fibre-optic network to our hypervisors. Our virtualisation technology automatically moves guests to a new hypervisor seamlessly and without a break in service, should a host machine fail. We also have datacentre level DoS protection running to mitigate DoS attempts in real time.
Outage reporting
We will correspond by email with customers in the event of a serious incident.

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
All accounts are dedicated to individual users, and username and password is a minimum requirement.
Access restriction testing frequency
Never
Management access authentication
Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
12/10/2016
What the ISO/IEC 27001 doesn’t cover
All aspects of the business are in scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are ISO 27001 certified by the British Standards Institute. We have many checks and balances in place within our normal working processes in order to ensure policies are adhered to. Reporting to management occurs through monthly committee meetings, which are attended by the board of directors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Every change goes through peer review, is requested in a ticket, checked for error and impact, as well as implications to wider security, before being accepted. Only senior staff may accept changes on a day to day basis.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to all available security mailing lists for the software we use. We maintain a patching schedule which ensures every server is patched not less than every 3 weeks. In the event of a serious security flaw a security incident is raised, inline with our ISO 27001 policy, and is then used to track the mitigating steps. This is done as quickly as possible, outside of the standard 3 week patching cycle, and customer security contacts are kept informed of progress by their account manager via email.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our monitoring and management processes are closely aligned to our ISO27001 accredited Information Security Management System (ISMS). Incidents are responded to based on their priority rating following ITIL defined classification.
Incident management type
Supplier-defined controls
Incident management approach
We have an ISO 27001 certified incident management process which we follow in the event of an actual or possible threat to our service. Customers may report incidents to us either via their ticketing system, by email to their account manager or, if anonymity is required, via our website contact form. Reports can be provided on request in PDF form by email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
If required, we can provide different subnets and even different hypervisor clusters for different customers. Total separation is possible if necessary.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Sota has two of its own Data Centres, operating at the Kent Science Park in Sittingbourne, and energy efficiency and energy management is of significant important to both the Sota Board and our Customers:
• As an Operator, Collocation Provider and Managed Service Provider, Sota is committed to the 2019 Best Practice Guidelines for the EU Code of Conduct on Data Centre Energy Efficiency (currently v10.1.0, published in 2018) and to contributing towards the targets in the reduction of energy.
• Where existing equipment and services are running, Sota is committed to reducing energy consumption where possible, recognising that certain savings can only be made as and when new equipment and services are deployed: In 2018, Sota was able to achieve savings of more than 8% across its secondary data centre.
• When considering new equipment and services, Sota evaluates both the cost of acquisition and the cost of operation, generally over a 5-10 year term and energy consumption, energy efficiency and potential energy reduction is at the forefront of decisions made.
• In particular, Sota is fully aligned to the areas of responsibility as defined within the Code.

Pricing

Price
£37.50 per virtual machine per month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑