UK based public cloud service delivering a CentOS 7 Compute virtual server with 1vCPU's, 2GB Ram and 10GB Storage.
- Built on open standard solution platform
- Simple to deploy and manage
- Scalable and elastic architecture
- Ability to create as many interfaces as needed per instance
- Firewall through port level security groups
- Ability to deploy custom applications
- Ability to add multiple volumes
- Paying only for what you need, when you need it
- Simple portal access to build and configure your solution
- Pay per use with no minimum contract term
- Complete control over your service and technology
- Power to alter your configuration quickly and easily, any time
- Switch the service on and off according to your needs
- Access the portal from any device
- Cost-efficiently accommodates workload fluctuations by controlling your network infrastructure
- Adding and managing users, controlling access rights and assigning privileges
- Deploy services in multiple locations
£0.026 per unit per hour
- Education pricing available
Migration Solutions Holdings Ltd
|Service constraints||MIGSOLV will deliver against the services as described and defined in the Service Name under the predefined service level agreements.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Response to a ticket request is within 30 minutes and response times are the same at weekends as week days (24 hours).|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
MIGSOLV has defined four Priority Levels.
1 - Urgent
Security breach or total loss of service.
2 - High
Service impaired or degraded
3 - Medium
Service change requests, non-urgent tasks
4 - Standard
Non service affecting works
All work windows are 24/7/365
1 - Urgent
First line response - 15 minutes
First line trouble shooting - 15 minutes
Second line Escalation after 30 minutes
Target resolution time - 2 hours
2 - High
First line response - 30 minutes
First line trouble shooting - 1½ hours
Second line Escalation after 2 hours
Target resolution time - 4 hours
3 - Medium
First line response - 30 minutes
First line trouble shooting - 4 hours
Second line Escalation after 4½ hours
Target resolution time - 8 hours
3 - Standard
First line response - 30 minutes
First line trouble shooting - n/a
Second line Escalation after 1 hour
Target resolution time - 1 business day
The cost is included within the agreement.
Support engineers are included.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||MIGSOLV can provide resources to assist with the on an off boarding of a client, although the portal and cloud deployment is designed to be self-servicing, we do offer tutorials and assistance via telephone and email to help with client enquiries during the on and off boarding process, something we recognise as critical to successful cloud migration.|
|End-of-contract data extraction||It is the responsibility of the customer to extract their data at the end of the contract, however, MIGSOLV does not automatically delete services at the end of any contract period. MIGSOLV will assist customers to extract their data to a suitable medium as supplied and requested by the customer.|
|End-of-contract process||MIGSOLV will assist the customer to extract its data at the end of the contract without additional cost. Should an interim technology or data centre solution be required by the customer MIGSOLV would be happy to consider short term contracts ot overcome temporary situations.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
The web interface is avaiable for users to create accounts and set up services, as well as to make changes to their services.
Access to the interface is via secure password log in.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||The interface is accessible via the internet and standard web browsers.|
|Web interface accessibility testing||MIGSOLV is looking at ways to make its services accessible to as a wider user community. MIGSOLV has not yet participtated in any interface testing but this requirement has been noted for future development.|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||
The command line interface is via standard command line tools depending on the chosen installation, Linux, Unix or Windows. Customers can choose their preferred command line tools and text editors.
Scripts have been created that users can ‘copy and paste’ to set up a service through the command line interface. There is also documentation on the use of the command line interface.
Other than application level, user authorisation level and user knowledge there are no limitations on making changes via the command line interface.
|Independence of resources||All systems are monitored as part our capacity management reporting. When a system is more that 70% utilised steps are taken to upgrade the system. Also, as part of the customer commissioning process, a judgement is made on the likely resource use of the intended system.|
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Physical access control complies with the requirements of ISO27001 and the requirements of PCI DSS. Additionally, MIGSOLV 's access control is independently checked by NACTSO.|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Via the online portal users are able to schedule backups from different environments on different schedules.|
|Datacentre setup||Single datacentre|
|Scheduling backups||Users schedule backups through a web interface|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||The MIGSOLV data centre is connected to the JANET network via a secure connection in Telehouse North.|
Availability and resilience
|Guaranteed availability||MIGSOLV has designed its systems to have at least N+1 resilience. The VMWare employed has resilience built in by design. MIGSOLV guarantees availability subject to our terms of service. Customers are encouraged to discuss the level of resilience needed so that we can ensure that the designed solution meets the customer requirements. The design of applications installed can affect he overall system resilience and would be out of MIGSOLV’s control. SLA for availability, and refunds for failure to our obligations are set out in our Master Services Agreement (attached at the end of this service offering).|
|Approach to resilience||This information is available on request.|
|Outage reporting||Outage reporting is via email alert to the Service Desk and via a dashboard that is available to clients. In some circumstances customers may be contacted directly by telephone as per out incident escalation process.|
Identity and authentication
|Other user authentication||Users are authenticated via username and password which meet strict criteria (length and composition).|
|Access restrictions in management interfaces and support channels||
Access is restricted to on-net authorised users, or users with authorised access by VPN. Access is via username or password and access given to users on a ‘need to access’ basis.
External suppliers requiring access to systems connect via a secure VPN connection if off site with dedicated log in credentials to ensure that an audit trail of user access is maintained.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Other|
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Bureau Veritas|
|ISO/IEC 27001 accreditation date||11/09/2012|
|What the ISO/IEC 27001 doesn’t cover||The whole site and systems are covered.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||MIGSOLV Self certified|
|PCI DSS accreditation date||16/7/2016|
|What the PCI DSS doesn’t cover||MIGSOLV does not cover anything not relating to physical security.|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
MIGSOLV's information security policies and processes are built on the requirements of ISO27001:2013.
Our documented policies include:
Computer Usage Policy
Document Classification and Control Policy
Contracts and NDA policy
Data Protection Act Policy
BCP and DR policy
Laptop and Mobile device policy
IS Physical and Logical Environment policy
Security Policy statement
Legal Compliance policy
Hardware and Software policy
Access Control Policy
CCTV Policy and Procedure
Additionally, we have documented processes that include:
Roles and Responsibilities
Building Incident reporting
Starter and leaver processes
Site inductions/toolbox talks
Contact and Escalation process
Health and Safety
MIGSOLV has a fairly flat reporting structure. Staff report to their line manager (e.g. Data Centre/Service Desk Manager, Maintenance Manager etc., who report directly to the Managing Director.
Policies are reviewed as part of the ISO27001:2013 review process. Both Internal audits and external audits (from Bureau Veritas) are carried out to ensure that processes are followed.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Components of our services are tracked via our asset database (CMDB) throughout their lifetime. All new equipment has its details added to the CMDB (including serial number).
Changes are managed via an RFC (request for change). Changes are categorised (e.g. plaanned maintenance, telecoms change, account creation) and depending on the type of change authorisation is sought from the appropriate staff/managers or directors who will approve, reject or seek further information. Change management includes a risk assessment process.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
MIGSOLV takes its vulnerability management seriously and takes a robust approach to minimising any risks.
All staff are trained on the need to be vigilant to social engineering tricks by unannounced visitors, seeming lost memory sticks or scam phone calls.
An external company is used to carry out penetration testing, and patches are tested and installed as required via the change management system.
Information on potential threats is from industry press and the operating system creator’s security bulletins.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||
MIGSOLV takes a proactive approach to system monitoring. MIGSOLV’s service desk is in operation 24/7 and system alarms are continually monitored. Robust procedures, including contact and escalation procedures are in place and regularly reviewed.
When potential compromises are discovered, a plan is made and the severity of the potential compromise guides the approach. In the severest cases a patch will be tested and applied immediately.
|Incident management type||Undisclosed|
|Incident management approach||
All staff have been trained to make notes, including noting timings, so that they can be written up on our incident report form.
An escalation process is in place, and contact details held in a file for all key suppliers and customer contact details.
After the incident has been stabilised, further investigation is carried out to determine the cause, impact and technical details. This includes root cause analysis and a plan to put procedures in place (if possible) to prevent a future occurrence.
Users report incidents via the Service Desk portal or telephone/
Emailed reports are provided to clients.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Red Hat Virtualisation|
|How shared infrastructure is kept separate||
With the VMWare system, a user is an individual authorised to log in to either ESXi or vCenter Server.
ESXi users fall into two categories: those who can access the host through vCenter Server and those who can access by directly logging in to the host from the vSphere Client, a third-party client, or a command shell.
Authorised vCenter Server users
Authorised users for vCenter Server are those included in the Windows domain list that vCenter Server references or are local Windows users on the vCenter Server host.
|Price||£0.026 per unit per hour|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|