blocz IO Ltd

Virtual Data Centre (VDC)

Virtual Data Centre (VDC) from blocz is a fully managed and self serve Infrastructure as a Service (IaaS) Private Cloud solution. Providing multiple levels of security that adhere to Cloud Security Principles by design, it is a flexible, automated and scalable cloud computing platform.

Features

  • Cloud environments that are secure by design
  • Self service and fully managed options
  • Dedicated hardware and POD solutions available
  • Web based GUI and API with user role management
  • Network segregation of Internet, WAN and LAN with SD-WAN
  • Accessed via Private, Internet and VPN connectivity
  • Tools for backup, recovery and Disaster Recovery (DR)
  • kubernetes containers
  • Customers are segmented by a physical layer
  • Advanced firewall and threat protection for security and accreditation

Benefits

  • 5G ready
  • Government List-X standard UK data centre
  • Tier 3 equivalent with N+1 for critical systems data centres
  • Managed and maintained by operatives in the UK 24x7
  • Management of services via Web GUI or API's
  • CAPEX and OPEX financial models
  • Scalable resources to meet growth and budget
  • GDPR compliant
  • 24x7 advance support options
  • Free trial available

Pricing

£14.00 a virtual machine a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@blocz.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 4 2 4 7 6 2 9 3 0 2 2 6 5 9

Contact

blocz IO Ltd G-Cloud Team
Telephone: 020 3026 8930
Email: gcloud@blocz.io

Service scope

Service constraints
Blocz provides planned maintenance routines that it publishes to the customer adhering to a schedule for minimal effect . There are no other physical constraints.
System requirements
  • Flexibility allow customers to use their own software or BYOL
  • Imports from other virtual systems include VMWare, Hyper-V & KVM
  • Managed solutions provide OS (Windows or Linux), antivirus and patching

User support

Email or online ticketing support
Email or online ticketing
Support response times
Blocz operates a 24x7x365 NOC/SOC for all of our services. This can be reached via email, phone or other methods provided at the time.

P1 (Critical) < 1 hour
P2 (Major) < 4 hours
P3 (Minor) < 8 hours
P4 (Requests) < 2 days
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The blocz Cloud platform provides a 24x7x365 maintenance and management service. Remote monitoring and management for customers is provided on a fixed costs basis. Service level agreements can be provided up to 99.99%.

Service management, technical management and cloud engineers can be provided depending on customer scope.

Our NOC/SOC is measured for customer satisfaction, response times and accuracy of records and reporting.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once signed up to the services there are tutorials built into the management interface. Links to online support documentation is also provided.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have control and access to their data. Data can be extracted using stand tools or we can assist with data migration at an additional cost. Please see our SFIA card.
End-of-contract process
At the end of the contract all virtual servers, instances and services are disabled. After 30-days this will be fully delete from our systems and data will not longer be available for retrieval.

Using the service

Web browser interface
Yes
Using the web interface
Blocz will provide a web portal to gain access to an extensive range of management and reporting tools. This includes:

Procure compute resources
Manage enterprise users
Create, stop, pause & remove virtual machines
Build virtual applications
Add firewalls, load balancers and VPN
Manage backups and restoration
Create alarms and monitoring
Add virtual machine templates
Access support documentation
View event logs and analytics
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Each customer users is required to go through a secure log in process in order to access system tools. Once logged in the user will be able to use the navigation menu to access each feature. Dedicated 2FA can also be provided.
Web interface accessibility testing
Blocz has not tested with assisted users but would be happy to take feature requests for future development builds.
API
Yes
What users can and can't do using the API
Secure access to API's and plugin's are made available on a commercial basis.
API automation tools
  • Ansible
  • Terraform
  • Puppet
  • Other
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Details in documentation due to scale.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
The blocz platform provides the ability to hard set resources per customer so that they do not effect other users of the system. A powerful metering feature also allows us to monitor and control the system resources with automated resource placing. Where high demand or separation is required blocz can provide dedicated hardware.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • OS specific
  • Application specific
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Encryption of all physical media where required.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual machines
  • File level
  • Microsoft Exchange
  • Microsoft SQL, PostgreSQL, MySQL & Oracle
  • Microsoft Office 365 accounts, sharepoint & onedrive
Backup controls
Blocz will work with the customer to build a backup solution that meets their DR, RTO and RPO targets as well as being GDPR compliant. Servers and data can be backed up with different schedules and retention policies. Continuous data protection (CDP) or real-time back ups can also be implemented for demanding environments. Backup and recovery can be self or fully managed with built in Ransomware Protection.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks
SD-WAN solutions and segregate of data via network layer 2 VLAN's & firewalls.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Dedicated segmentation.

Availability and resilience

Guaranteed availability
SLA's are defined by the customers requirements and solution can be designed by blocz to 99.999%.
Approach to resilience
Blocz uses multiple data centres connected via low latency, high capacity networks to ensure high levels of resilience. Each data centre is designed and operated to be List-X or Tier 3 equivalent with N+1 on all critical system or better. The blocz NOC/SOC monitors the services 24x7. Solutions can be built to span a number of data centres to provide resilience and geolocation protection.
Outage reporting
Outages can be reported via the email, phone or our on-line helpdesk. The customer will be notified of any known emergency maintenance and a helpdesk ticket will be raised to track the event.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Management services are secured by a mixture of VPN access, firewalls, named individuals and 2-factor authentication.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Biometric authentication
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
Expected Q3 2020
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We maintain an information security management system designed to meet the requirements of ISO 27001 in pursuit of its primary objectives, the purpose and the context of the organisation.
Policy Aims
To ensure effective implementation of this policy we will:
1. Make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the business management system.
2. Comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
3. Provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met.
4. Ensure that all employees are made aware of their individual obligations in respect of this information security policy.
5. Maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.

Senior management will review this policy annually and publish to all staff.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration management processes and systems ensure the composite assets of the service are recorded and their configurations known. Standard ITIL change management process is followed: Request for Change, Assess and Authorise or Reject, Build, Test, Scheduling, Implementation, Review and Close.
Potential security impact is reviewed under the Assessment section following manufacturer or developer recommendations.
Vulnerability management type
Undisclosed
Vulnerability management approach
Comprehensive risk assessment for all critical and operational risk are based on industry best practices. These programs includes:

1. Threat management
2. Patch management
3. An antivirus and ransomeware strategy
4. User security policies
Protective monitoring type
Undisclosed
Protective monitoring approach
Our Cloud and Network services are monitored in real-time for for issues that may rise from threats and hardware & software faults. Once an alert is raise the NOC/SOC team will allocate it a priority and it is then dealt within the hours of hours of operation at priority level.
Incident management type
Undisclosed
Incident management approach
All incidents are managed via our help desk. User incident reporting is available email and phone 24 hours a day 7 days a week. In the event that blocz needs to raise and incident with the user then it will make contact via the registered email address.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
The VMware hypervisors provide isolation between customer resources as well as separate Networks, VLAN's and VPN's managed by our certified engineers.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Power from renewable sources
Building heat-exchange technologies and immersive liquid cooled IT.

Pricing

Price
£14.00 a virtual machine a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 days as standard to 90 days as extended depending on requirements.
Link to free trial
https://www.blocz.io/contact/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@blocz.io. Tell them what format you need. It will help if you say what assistive technology you use.