Software Box Limited (SBL)

SBL Horizon Cloud

Horizon Cloud delivers cloud-hosted or on-premises virtual desktops and applications from an easy-to-use cloud-hosted management control plane.


  • Desktops and applications delivered from the public cloud or on-premises
  • Fully-managed virtual desktop and application infrastructure
  • 99.9% guaranteed uptime service level agreement
  • Remote access
  • Production Level Support for Infrastructure
  • Global data center locations
  • Automated updates delivered to cloud-hosted control plane


  • Access Windows desktops and applications from any device and location
  • Improve productivity by getting desktops up and running in minutes
  • Simplify IT management with easy to use management console


£1.63 per user per month

  • Education pricing available

Service documents

G-Cloud 10


Software Box Limited (SBL)

Danielle Connor

01347 812100

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Horizon Cloud supports 4 desktop configurations plus Hosted Apps Servers. The desktop specifications are:
- Value (1 vCPU, 2GB RAM, 30GB Storage)
- Professional (2 vCPU, 4GB RAM, 60 GB Storage)
- Premium (4 vCPU, 8GB RAM, 120GB Storage)
- Performance (8 vCPU, 16GB RAM, 240GB Storage)
- Hosted Apps Server (8 vCPU, 16GB RAM, 240GB Storage)

Additional installation requirements are available here:"
System requirements
  • Buyer must provide all OS licensing on their own
  • Buyer must provide anti-virus system licensing on their own

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Weekdays 8-5
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels - Horizon Cloud provides 24/7/365 coverage for severity 1 incidents and unlimited online support requests for all support levels
- We offer the following levels of support: Basic, Production and Mission Critical
- Basic: Core 12/5 support and unlimited support requests via phone and online
- Production: Core 12/5 support, faster severity 1 response target, direct access to level two resources and unlimited support requests via phone and online
- Mission Critical: Core 12/5 support, additional weekend support hours for severity two issues, unlimited designated customer contacts, designated support account manager and support reviews, direct access to level two resources
-- As part of Mission Critical Support, your VMware Support Account Manager (SAM) is your designated resource to help keep your mobility environment up and running 24x7"
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For IT Admins, extensive training and support is provided to ensure a successful deployment. This training is conducted by a dedicated deployment team with support from our solution architecture group.

Customers are responsible for training their end users in how to use the View clients. Documentation is available on though the clients are very simple to use.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users have a variety of ways to extract the data via 3rd party tools such as Data Backup, File Shares or by using USB Drive Redirection or Client Drive Redirection to copy files from the VDI Desktop to an on-prem location.
End-of-contract process Full termination of the Horizon Cloud service due to contract expiration, termination, cancellation, or any other cause will result in permanent loss of access to the environments, discontinuation of account services, and a deletion of such environments, configurations and data according to VMware’s internal data retention policy. Data from a terminated Service will not be retained by VMware beyond termination date. Prior to terminating the Horizon Cloud service we would recommend that all data be removed by the customer from the desktops and platform. VMware take no responsibility for backing up or retaining customer data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Horizon Cloud supports mobile access with the use of the Horizon Client or HTML 5 from a supported browser. Features specific for mobile devices such as easy navigation and access to program and user's files called unity touch, external keyboards, native gestures, onscreen keyboard and external monitor support.
Accessibility standards None or don’t know
Description of accessibility Horizon View Client for Windows used by end users to access desktops have some accessibility capabilities as described in the following link:
Accessibility testing Horizon View Client for Windows used by end users to access desktops have some accessibility capabilities as described in the following link:
What users can and can't do using the API Yes - Horizon Cloud customers can use administrative credentials to programmatically (via REST API) instruct any action that is available via the Horizon Cloud Administration Console. That includes but is not limited to provisioning and changing pools, entitling users to pools, and extracting reporting information.

Documentation is available upon request.
There is no test environment for the API.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment No
Customisation available No


Independence of resources The Horizon Cloud Services platform is delivered through a single-tenant private cloud with dedicated computing servers, layer-2 network isolation for workload traffic and dedicated storage volumes


Service usage metrics Yes
Metrics types Yes, through a Customer Dashboard, Activity Reports and through REST API.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold VMware

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Physical access control currently.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data using USB Drive Redirection or Client Drive Redirection which is part of Horizon Cloud
Users have a variety of ways to extract the data via 3rd party tools such as Data Backup, File Shares or by using USB Drive Redirection or Client Drive Redirection to copy files from the VDI Desktop to an on-prem location.
Data export formats
  • CSV
  • Other
Other data export formats
  • Hvexport.bat
  • Hvexport.jar
  • ImgUploadSvc.conf
  • Readme.txt
  • PDF
  • Excel
Data import formats Other
Other data import formats
  • Hvexport.bat
  • Hvexport.jar
  • ImgUploadSvc.conf
  • Readme.txt

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network - Virtual desktop session security depends on the remoting protocol in use (RDP, PCoIP / Blast,)
-- RDP: Use RDP 6 or higher for encrypted sessions to avert man-in-the-middle attacks on virtual desktop sessions.
-- PCoIP/Blast: Encrypted sessions by default.
-- Each of these remote display protocols has embedded controls and channels to allow the administrator to provide policy based redirection of end user peripherals such as USB drives, printers or clipboard.

Availability and resilience

Availability and resilience
Guaranteed availability - 99.9% SLA
- Additional information is available here:
Approach to resilience - The Horizon Cloud Service is designed for high availability through dedicated hardware and services per tenant. More information is available on request.
- The Horizon Cloud service has a 99.9% uptime
Outage reporting - Up-to-date service uptime and maintenance information is available here:
- Customers can optionally subscribe to updates

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels - VMware Support does not have access to the Horizon Cloud Administration Console, your desktops, applications or user data.
- VMware implements least privilege and multifactor access controls for supporting the hosted environment.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • PCI-DSS 3.2 Level 1
  • SOC 2 Type 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach - We model our security framework using the NIST SP 800-53 and ISO 27001 guidelines.
- We have an Information Security Governance Committee (ISGC) that is chaired by members of senior management and representatives from our Information Security, IT Operations, HR, Marketing, Facilities and Legal teams.
Information security policies and processes - Our Information Security Program is modeled using industry best practices and regulatory standards, including NIST SP 800-53 and ISO 27001. We maintain our own Information Security Program and Policies to protect customer data hosted in our systems and perform annual reviews and audits of our program to ensure the integrity of our hosted offering.
-- The VMware Information Security team manages the enforcement, development, and maintenance of information security policies and standards to ensure VMware Information Assets are preserved in a security environment, in accordance with generally accepted best practices, focusing on VMware business and risk objectives. The VMware Information Security Team is responsible for updating policies as threats and technologies change, initiating and managing periodic reviews of the information security policies and standards, as well as evaluating exceptions to information security policy and standards.
-- Our Information Security team oversees organizational compliance while team leads in conjunction with IT and HR teams help enforce department-level compliance.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach - Our Change Management process for updating the solution is executed according to our standard internal change management policy. The process involves completion and submission of change control forms, review and analysis of the change by the appropriate operations teams and scheduling of the update or change according to its severity level. All changes undergo our standard testing and validation process. If for any reason a change is unsuccessful or does not pass the required testing phases, our teams execute a fallback plan as documented in the change control form.
Vulnerability management type Supplier-defined controls
Vulnerability management approach - VMware has a Vulnerability Management program backed by approved and tested policies and procedures. Vulnerability scans are performed regularly on internal and external systems. System and application owners are required to address critical and high vulnerabilities with a plan of corrective action within 5 days of vulnerability discovery. Other vulnerabilities need to be addressed with a plan of corrective action within a reasonable period of time. Risk analysis and acceptance are performed on vulnerabilities to confirm the vulnerability, and to determine the appropriate means of addressing the vulnerability.
Protective monitoring type Supplier-defined controls
Protective monitoring approach - Our cloud support staff have configured the system to notify IT personnel if the central processing unit (CPU) utilization is too high, disk space limited, memory issues, key service failures, bandwidth utilization, power consumption, or other performance items.
- IT Operations has subscriptions to pertinent vendor security and bug-tracking mailing lists.
- After analyzing the severity and impact, network, utility and security equipment is patched or upgraded.
Incident management type Supplier-defined controls
Incident management approach - In the unlikely event of an incident, we follow a formal Incident Management Plan that is maintained as part of our Information Security Program. Incidents and breaches are reported to the appropriate Cloud Operations team for categorization and resolution, and issues are escalated to senior management according to a pre-defined protocol (e.g., if the incident is categorized as "Urgent"). Alerts, responses and resolutions are tracked through to completion, and a post mortem report is prepared for review by internal stakeholders and our Information Security Governance Committee.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.63 per user per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑