blocz IO Ltd
Virtual Data Centre (VDC)
Virtual Data Centre (VDC) from blocz is a fully managed and self serve Infrastructure as a Service (IaaS) Private Cloud solution. Providing multiple levels of security that adhere to Cloud Security Principles by design, it is a flexible, automated and scalable cloud computing platform.
Features
- Cloud environments that are secure by design
- Self service and fully managed options
- Dedicated hardware and POD solutions available
- Web based GUI and API with user role management
- Network segregation of Internet, WAN and LAN with SD-WAN
- Accessed via Private, Internet and VPN connectivity
- Tools for backup, recovery and Disaster Recovery (DR)
- kubernetes containers
- Customers are segmented by a physical layer
- Advanced firewall and threat protection for security and accreditation
Benefits
- 5G ready
- Government List-X standard UK data centre
- Tier 3 equivalent with N+1 for critical systems data centres
- Managed and maintained by operatives in the UK 24x7
- Management of services via Web GUI or API's
- CAPEX and OPEX financial models
- Scalable resources to meet growth and budget
- GDPR compliant
- 24x7 advance support options
- Free trial available
Pricing
£14.00 a virtual machine a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at gcloud@blocz.io.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 12
Service ID
1 4 2 4 7 6 2 9 3 0 2 2 6 5 9
Contact
blocz IO Ltd
G-Cloud Team
Telephone: 020 3026 8930
Email: gcloud@blocz.io
Service scope
- Service constraints
- Blocz provides planned maintenance routines that it publishes to the customer adhering to a schedule for minimal effect . There are no other physical constraints.
- System requirements
-
- Flexibility allow customers to use their own software or BYOL
- Imports from other virtual systems include VMWare, Hyper-V & KVM
- Managed solutions provide OS (Windows or Linux), antivirus and patching
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Blocz operates a 24x7x365 NOC/SOC for all of our services. This can be reached via email, phone or other methods provided at the time.
P1 (Critical) < 1 hour
P2 (Major) < 4 hours
P3 (Minor) < 8 hours
P4 (Requests) < 2 days - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
The blocz Cloud platform provides a 24x7x365 maintenance and management service. Remote monitoring and management for customers is provided on a fixed costs basis. Service level agreements can be provided up to 99.99%.
Service management, technical management and cloud engineers can be provided depending on customer scope.
Our NOC/SOC is measured for customer satisfaction, response times and accuracy of records and reporting. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Once signed up to the services there are tutorials built into the management interface. Links to online support documentation is also provided.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Users have control and access to their data. Data can be extracted using stand tools or we can assist with data migration at an additional cost. Please see our SFIA card.
- End-of-contract process
- At the end of the contract all virtual servers, instances and services are disabled. After 30-days this will be fully delete from our systems and data will not longer be available for retrieval.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Blocz will provide a web portal to gain access to an extensive range of management and reporting tools. This includes:
Procure compute resources
Manage enterprise users
Create, stop, pause & remove virtual machines
Build virtual applications
Add firewalls, load balancers and VPN
Manage backups and restoration
Create alarms and monitoring
Add virtual machine templates
Access support documentation
View event logs and analytics - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- Each customer users is required to go through a secure log in process in order to access system tools. Once logged in the user will be able to use the navigation menu to access each feature. Dedicated 2FA can also be provided.
- Web interface accessibility testing
- Blocz has not tested with assisted users but would be happy to take feature requests for future development builds.
- API
- Yes
- What users can and can't do using the API
- Secure access to API's and plugin's are made available on a commercial basis.
- API automation tools
-
- Ansible
- Terraform
- Puppet
- Other
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Details in documentation due to scale.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- The blocz platform provides the ability to hard set resources per customer so that they do not effect other users of the system. A powerful metering feature also allows us to monitor and control the system resources with automated resource placing. Where high demand or separation is required blocz can provide dedicated hardware.
- Usage notifications
- Yes
- Usage reporting
-
- API
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- OS specific
- Application specific
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Scale, obfuscating techniques, or data storage sharding
- Other
- Other data at rest protection approach
- Encryption of all physical media where required.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Virtual machines
- File level
- Microsoft Exchange
- Microsoft SQL, PostgreSQL, MySQL & Oracle
- Microsoft Office 365 accounts, sharepoint & onedrive
- Backup controls
- Blocz will work with the customer to build a backup solution that meets their DR, RTO and RPO targets as well as being GDPR compliant. Servers and data can be backed up with different schedules and retention policies. Continuous data protection (CDP) or real-time back ups can also be implemented for demanding environments. Backup and recovery can be self or fully managed with built in Ransomware Protection.
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Single datacentre with multiple copies
- Single datacentre
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Other
- Other protection between networks
- SD-WAN solutions and segregate of data via network layer 2 VLAN's & firewalls.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Dedicated segmentation.
Availability and resilience
- Guaranteed availability
- SLA's are defined by the customers requirements and solution can be designed by blocz to 99.999%.
- Approach to resilience
- Blocz uses multiple data centres connected via low latency, high capacity networks to ensure high levels of resilience. Each data centre is designed and operated to be List-X or Tier 3 equivalent with N+1 on all critical system or better. The blocz NOC/SOC monitors the services 24x7. Solutions can be built to span a number of data centres to provide resilience and geolocation protection.
- Outage reporting
- Outages can be reported via the email, phone or our on-line helpdesk. The customer will be notified of any known emergency maintenance and a helpdesk ticket will be raised to track the event.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Management services are secured by a mixture of VPN access, firewalls, named individuals and 2-factor authentication.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- Biometric authentication
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- Expected Q3 2020
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We maintain an information security management system designed to meet the requirements of ISO 27001 in pursuit of its primary objectives, the purpose and the context of the organisation.
Policy Aims
To ensure effective implementation of this policy we will:
1. Make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the business management system.
2. Comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
3. Provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met.
4. Ensure that all employees are made aware of their individual obligations in respect of this information security policy.
5. Maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.
Senior management will review this policy annually and publish to all staff.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Our configuration management processes and systems ensure the composite assets of the service are recorded and their configurations known. Standard ITIL change management process is followed: Request for Change, Assess and Authorise or Reject, Build, Test, Scheduling, Implementation, Review and Close.
Potential security impact is reviewed under the Assessment section following manufacturer or developer recommendations. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
Comprehensive risk assessment for all critical and operational risk are based on industry best practices. These programs includes:
1. Threat management
2. Patch management
3. An antivirus and ransomeware strategy
4. User security policies - Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Our Cloud and Network services are monitored in real-time for for issues that may rise from threats and hardware & software faults. Once an alert is raise the NOC/SOC team will allocate it a priority and it is then dealt within the hours of hours of operation at priority level.
- Incident management type
- Undisclosed
- Incident management approach
- All incidents are managed via our help desk. User incident reporting is available email and phone 24 hours a day 7 days a week. In the event that blocz needs to raise and incident with the user then it will make contact via the registered email address.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- The VMware hypervisors provide isolation between customer resources as well as separate Networks, VLAN's and VPN's managed by our certified engineers.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Power from renewable sources
Building heat-exchange technologies and immersive liquid cooled IT.
Pricing
- Price
- £14.00 a virtual machine a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- 30 days as standard to 90 days as extended depending on requirements.
- Link to free trial
- https://www.blocz.io/contact/
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at gcloud@blocz.io.
Tell them what format you need. It will help if you say what assistive technology you use.