Softcat Limited

Arcserve Business Continuity Cloud (BaaS & DRaaS)

The only sovereign direct-to-cloud backup and disaster recovery as a service (BaaS & DRaaS) offering comprehensive data protection with consumer-grade usability– we can support environments with laptops, desktop and appliances or ones without any hardware on-premises. Scalable and flexible BaaS and DRaaS for always-on continuity with industry-best RTOs and RPOs

Features

  • No hardware
  • Direct to Cloud
  • Secure Cloud Connectivity
  • Near-Zero Data Loss
  • Support physical and virtual environments
  • Windows & Linux
  • Centralised Management
  • Multiple Recovery Options
  • Complete failback and failover options
  • 27/7/365 Helpdesk Support

Benefits

  • Failback from the Arcserve Cloud to the onpremise environment.
  • Leverage different optimised VPN options- securely connect to recovered environment
  • View backup and recovery activity reports- Your account, multiple tenants
  • After initial full-backup, only changed data will send to cloud.
  • Agent creates complete server image, including OS/files/directories, and applications
  • Local install agent replicates data in its native file format
  • Anywhere, anytime recovery with sub 15 minute RPO
  • Hassle-free management
  • Risk mitigation for business critical applications
  • Reliable high performance technology with positive ROI

Pricing

£1144 per unit

Service documents

G-Cloud 11

163893149632623

Softcat Limited

Charles Harrison

01612725766

psitq@softcat.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Bare metal recovery is not supported
System requirements
  • Recommended bandwidth, 1Mbs upload
  • Windows Server 2003 (older agent) to 2019
  • Windows workstation XP (older agent) to 10
  • Web browser
  • Internet connection using SSL (port 443)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2hr response to email tickets
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Web chat accessibility testing NA
Onsite support No
Support levels "Cloud Direct support team provides L1 and L2, additionally engineering if often involved. L1 Engineer makes the first contact with the customer. L1 Engineer reviews the customer environment, understand the problem, defines the scope of the reported issue and starts investigating. L1 Engineer gets necessary logs related to the problem, analyse the logs, narrow down the issue and provides resolution to the customer for most of the cases opened.

L2 Engineer is a product expert who is proficient in real time log analysis and advanced debugging. They apply advanced debugging techniques to narrow down a specific problem. If a problem reported is complex based on analysis done by L1, L2 engineer is involved . If need be, L2 Engineer contacts engineering team to address complex issues. In case, an issue is referred to engineering for further investigation, L2 engineer serves as the face of support, helping engineering with necessary details of the issue, verify if the solution recommended by engineering can resolve the actual issue and collaborate with the customer."
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Our platform has been designed to be user friendly, enabling a user to easily provision a back up policy and recover it. However, we can provide full training on how to use the platform effectively along with an online knowledge base with manuals, how to go guides and frequently answered questions.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users have up to 30 extra day to download their data using the Agent, performing a simple "restore". Alternatively we can offer a 'physical' extraction onto approved media which we can send by courier to the customer.
End-of-contract process In the event of termination of this Agreement for any reason during the Standard Term, Arcserve will: (i) make not less than a commercially reasonable effort to provide Customer access to all Customer Data stored on the Arcserve equipment for up to 30 days (or such longer period as mutually agreed to by the parties, and unless specifically requested to delete Customer Data sooner); and (ii) use commercially reasonable efforts to transfer, at Customer’s sole expense, such Customer Data to Customer or Customer’s designated service provider. Notwithstanding any terms to the contrary in this Agreement, after such period, Arcserve will have the right (but not the obligation) to destroy all such Customer Data. Notwithstanding any terms to the contrary in this Agreement, if Arcserve receives a notice from Customer requesting the deletion of Customer Data during the Trial Term or the Standard Term, Arcserve will use commercially reasonable efforts to promptly delete such Customer Data

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices No
Service interface Yes
Description of service interface A web portal is accessible from everywhere in the world. It provides acces to the customer instance via a web browser.
Accessibility standards None or don’t know
Description of accessibility A web portal is accessible from everywhere in the world. It provides acces to the customer instance via a web browser.
Accessibility testing NA
API Yes
What users can and can't do using the API Users could use our API for integrating PSA (ConnectWise and Autotask), additionally some API could be shared to generate reports.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users could customise the access portal with their logo, they can have customised emails and even branding the Agent using their own colour palette.

Scaling

Scaling
Independence of resources Every user has one or more volumes, each of them logically separated and accessible uniquely by that user.

Analytics

Analytics
Service usage metrics Yes
Metrics types Daily digest are sent every day to clearly state on previous day backup status. Additional reports (backup, restore, data transfer, account activity) could be configured. Each report can be customized, selecting all or part of the protected systems, frequency and users who will receive them (even if not registered in the portal account).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Arcserve

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users are able to download data directly from the portal to whatever on premise device (having an Internet connection). Additionally entire restore points or just single files could be easily retrieved using the restore wizard in the portal, so the destination needs to have the Agent installed on it.
Data export formats Other
Other data export formats
  • Original format of data
  • Windows image task is converted into a .vhdx
Data import formats Other
Other data import formats Original Format

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network "There are several layers of encryption that we use. At the Highest level we have the ""site master key"" This key is kept in our secured safe and access to that safe is given to our CTO and CEO.
The next level down we have encryption keys for customer volumes. These keys are kept in an encrypted volume and which is unlocked by the site master key. The site master key is rotated on a regular basis.
Arcserve Cloud Direct follows RBAC ( Role Based Access Control ) and this is strictly enforced by the Arcserve Security Committee.

Availability and resilience

Availability and resilience
Guaranteed availability Our cloud colocation offers 99.99999% of availability. If we fail to meet our obligations for service levels, we provide “service credits” which equals the pro-rated amount a monthly payment equivalent to the amount of downtime not achieved within the SLA. This Service Credit may be applied to the next months service invoice. https://s28241.pcdn.co/wp-content/uploads/2018/06/Service-Level-Standards-062618.pdf
Approach to resilience Information available on Request
Outage reporting Daily Digest email and reports alerts could easily provide immediate information of the status of backups. Additionally accessing the protal will provide a detailed view on the systems. For planned outages we give prior notice directly via email to the end user at least 2 weeks in advance.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Arcserve implement a VPN/Firewall and user authentication to restrict access to cloud instances. Multi-tenancy is included to create multiple sub-archives for separate departments, divisions or countries. Username and password are unique to each user, so their authentication restirct acess to portal and actions they can do in the portal (different roles are configurable)
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Available upon request
ISO/IEC 27001 accreditation date Available upon request
What the ISO/IEC 27001 doesn’t cover Available upon request
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Available upon request
PCI DSS accreditation date Available upon request
What the PCI DSS doesn’t cover Available upon request
Other security certifications Yes
Any other security certifications
  • FERPA
  • GDPR

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards ISO 14001:2015
ISO 22301
ISO 50001
ISO 9001:2015
OHSAS 18001
PCI DSS
SOC 1 Type II
SOC 2 Type II
Information security policies and processes We follow the policies and processes in-line with ISO27001.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Proactive monitoring - Cloud Direct has daily monitoring of the site from a third party. The third party ranks issues on a scale of 1–5. Any level 4-5 issues are immediately reviewed and escalated should they be deemed harmful to the site.
Any attack upon the site is captured by our monitoring utilities. These issues are brought to the attention of the NOC and the NOC will then take action. If warranted, the issues will be escalated to the security team for further investigation, if necessary.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have an incident management process in place that the internal team use according to ITIL. This contains customer’s contact list by geographic region. The process for incidents is tested. The customer contact list has been used to notify customers for pending change management windows thus far. We are pleased to say incidents have not occurred against the site since the service began.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £1144 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Cloud Direct can be tested for a limited period (15 days extendible) but with unlimited storage usage in the cloud (unlimited systems and/or volumes).
Link to free trial https://admin.zetta.net/portal/enroll?cloudconsole=0

Service documents

ods document: Pricing document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑