Carillion Communications

Cloud Video Interoperability CVI

Cloud Video Interop (CVI) is a solution that enables third-party meeting rooms (VC) and personal video devices (VTCs) join meetings with legacy SIP / h.323 video conferencing systems and provides certified Cloud Interoperability through Pexip for Microsoft Teams.
CVI also unifies existing video conferencing, personal video devices and providers seamlessly.

Features

  • Allows legacy video devices that wouldn’t normally connect, connect
  • Collaboration in Microsoft Teams sharing, calling, messaging, editing, cloud services
  • User centric interface add or remove functionality across an estate
  • Simplified VC at a predictable cost, combining all providers
  • Supports SIP, H.323, HTML5, Lync, Skype for Business, RTMP, WebRTC
  • NCSC safeguard documents in context with 14 Cloud Service Principles
  • Best practices, tools, techniques, making engagements efficient and cost-effective
  • One-Touch Join enables the functionality available in endpoints
  • Consistent user experience whether home based or office
  • Infinitely scalable add or remove services on demand

Benefits

  • Cloud based technology that puts data security and privacy first
  • Simplified VC at a predictable cost
  • Reduction in IT team Interventions through less in room hardware
  • solution enables organizations to provide universal access to videoconferencing
  • Flexibility to be deployed in open/huddle/meeting/or boardrooms
  • Join meetings running on other systems such as Teams /Google
  • Professional support, documentation, helpdesk, IT manuals, API & Policies, downloads
  • Cut lisensing costs host all your VC in the cloud
  • Support for (FEC), downspeeding, bandwidth throttling, packet loss
  • On-premises servers or cloud solutions such as AWS or Azure

Pricing

£1 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at barrieg@carillion.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 7 8 7 6 1 3 3 2 8 8 8 9 2 2

Contact

Carillion Communications Carillion Communications Limited
Telephone: 01628419519
Email: barrieg@carillion.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Pexip integrates legacy video services and removes the requirement for MCU's (Multipoint Control Units) and allows integration with existing SIP and H.323 call control solutions including Cisco UCM, Cisco VCS, Polycom CMA, Polycom DMA, Avaya Aura, Microsoft Lync 2013, Skype for Business and others.
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
All our services and deployments are built around the end user’s specific requirements to ensure clarity and compliance from day 1.
All maintenance is planned and communicated in advance to avoid outages and service disruption. A
ll services are fully supported throughout the lifecycle of the product or contract. User adoption training is part of our service to ensure consistent and rapid adoption.
System requirements
  • End users, room devices require the correct Microsoft teams licensing
  • The CVI service license requirement depends on size of environment

User support

Email or online ticketing support
Email or online ticketing
Support response times
Normal Hours are 09.00 to 17.30 (UK time), Monday to Friday
Weekend hours by arrangement and we offer customers enhanced services too through our Carillion Advantage Service.
User can manage status and priority of support tickets
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Web chat accessibility testing
We often use Teams for live Chat as we can share screens and content this has assistive technology built in. Many of the teams end points also have assistive technology options built in.
Onsite support
Yes, at extra cost
Support levels
All our customers benefit from Microsoft Accredited engineering and support teams on all our projects as standard. We offer Virtual, Onsite, Telephone, Chat, Email, funded head on-site options to suit customer and location specific challenges, such as security, access, location. Our standard maintenance contract period is customer defined per project.
Designed to reflect the realistic requirements for on-site, diagnostic technical help line support for 12 or 36 months.
Many of our customers choose a 36-month contract with the advantage of being able to fix their maintenance cost for a period of 3 years. Carillion Advantage our add on service offers Flexible support with Pre-Booked fixed cost visits and PMV's, Unlimited telephone technical support Response time Based on agreed service level agreement (SLA’s), our response times are typically 8 working hours until an engineer will arrive on-site, however we can quote for a 4 or 8-hour SLA options.
When appropriate, we can even take over maintenance of installations we have not installed ourselves, subject to site survey and equipment check.
This means you benefit from the same outstanding support on critical legacy equipment.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide initial and ongoing training for end users and IT teams to encourage adoption at all levels to enhance the experience within any customer. We provide full detailed, technical documentation for all levels of users and IT requirements.
Full documentation is also available on specific subjects like API management and implementation.
These can be short group sessions or hands on activities to open area 'drop in' surgery type events where end users can come alone or with a colleague to get to know the solution in a relaxed atmosphere.
During the Covid pandemic we have continued hosting a number of virtual training sessions for clients, in the public sector and private. We also provide user guides, in poster or table form along with collateral that can be used in an internal forum or Yammer boards.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data can be extracted in compliance with the NCSC current documentation and 14 principles
End-of-contract process
All end of contract details are provided prior to deployment and procurement depending on which service the customer chooses.

These are available upon request in advance by contacting our team.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are a number of differences between the meeting room solution, a desktop version and the mobile. Whilst the interface is similar to make end users comfortable the back end and functionality have some differences naturally. These can all be shown in a demonstration.
Service interface
Yes
Description of service interface
Real-time overview of your deployment including locations and Conferencing Nodes that are currently deployed and the available capacity and current load on each node
all conferences that are currently taking place, and the nodes on which they are being hosted any conferences or participants that are experiencing call quality issues any error or warning alarms
(during an upgrade process) which nodes are currently being upgraded, which nodes are still waiting to be upgraded, and which are in maintenance mode
Pie charts showing a breakdown of participants by location, protocol, license and conference types being hosted.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The end user points are driven by a number of manufacturers whether you chose a room, a desktop or mobile solution. Each have different assistive technology ratings. We are more than happy to work with any client on choosing the most suitable and flexible for any environment.
API
Yes
What users can and can't do using the API
A comprehensive set of both management and client-side APIs ensure close integration with virtually any relevant third-party application.
APIs can be utilized for many customizations ranging from simple streaming and recording solutions to complete workflow customization and digital health record integration. If you want to include Pexip in your organization’s workflows, we have the APIs you need.
Detailed documentation is available covering :
About the management API
Using the API
Configuration API
Status API
History API
Command API
Retrieving and filtering resources
Extracting and analyzing call data
Using the API with SNMP
Client API
Event Sink API
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The system is truly flexible when it comes to customisation for a clients specific needs. This ranges from the ability to customise the following:
Themes, Images and Prompts
Connect Clients
Corporate branding
Templates for VMR's (Virtual meeting rooms)
Text
Audio Prompts
Splash Screens

All can be locked down or opened according to client IT Policy

Scaling

Independence of resources
CVI is engineered to be infinitely scalable through the network of 14 globally dispersed data centres. You can add capacity and capabilities as your needs change, right from the management dashboard and simultaneously host and manage hundreds of thousands of video conferencing users in real-time.
When you add capacity in a location, it becomes available from the moment you set it up with no additional licensing or further configuration needed.

Analytics

Service usage metrics
Yes
Metrics types
The platform management experience now includes a number of new features and enhancements. The dashboard now provides much more live and historical information, such as:

More participant and conference information
Direct display of errors or warnings
Indication of individual participants or conferences that experience call quality issues
Historical data for troubleshooting and platform analysis
There are lots of other enhancements, such as further improved certificate management, enhanced upgrade processes for large-scale deployments, and reduced network traffic between nodes all displayed in a number of graphical/table formats depending on client choice.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft and Pexip

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
You have the right to access the information we have about you at any time, as well as request the personal data we store about you is deleted, modified, or exported for portability reasons. For accessing, modifying, or exporting your personal information, or to request that we delete your personal data, please submit request.
The request will be processed and completed in compliance with our privacy notice, terms of service, our business relationship and any data privacy laws applicable in your country.
If the processing is based on your consent, you may also withdraw your consent at any time.
Data export formats
  • CSV
  • Other
Other data export formats
Specific requests for certain formats can be made pdf/word etc
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
The service is accredited by ISO/IEC 27001:2013, Joint Interoperability Test Command (JITC) certification, ability to support Health Insurance Portability and Accountability Act (HIPAA) compliance, Federal Information Processing Standard (FIPS) 140-2 compliance, Section 508 compliance, and General Data Protection Regulation (GDPR) compliance. It also shows organizations that Pexip has developed a robust Information Security Management Policy to protect data using a set of technological, physical, and organisational measures, and has processes in place to adhere to those standards every day.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
The self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that communication is secure and kept private even if it crosses the internet. Customers can run the entire meeting platform on-premises, in a private cloud of their choice, or using a hybrid between the two, benefitting from the security measures they already have in place as well as those implemented by their cloud provider. Self-hosted solutions also allow customers to ensure they meet any compliance requirements on data storage and privacy GDPR (EU Regulation 2016/679)
ISO/IEC 27001:2013 certification
(DoD) (JITC)
(FIPS) 140-2
(HIPAA)
SOC2/SSAE16 data centers

Availability and resilience

Guaranteed availability
SLA's are customer specific depending on deployment we are happy to discuss these as they all differ eg: Self Hosting can be on-premises in a secure data center, in the cloud, or a combination of both, and supports automatic bursting to the cloud deployed in:

Microsoft Azure, (AWS), (GCP), Private or government cloud platforms and more, so all require proper assessment prior to SLA agreement.
Customers should be sufficiently confident that the availability commitments of the service, including their ability to recover from outages, meets their business needs. Our service is designed and built with multiple layers of resilience and redundancy.
Dual power supplies, redundant power feeds
Dual network cards, dual network feeds
Dual power suppliers
By employing these N+1 redundancy within each data centre, and employing data centre failover in the event of a localised issue, we maintain high-availability services on a global scale.
In relation to on-prem deployments, the customer owns the data, the access and determines the deployment locations.
Approach to resilience
Pexip is designed for multiple layers of resilience and redundancy. Companies and service providers should consider which situations they want to protect against. All options can be combined, and this is typically a consideration of cost versus benefit, and how much downtime can be tolerated in a worst case scenario.

The main levels of resilience redundancy and our associated recommendations are described below.

Hardware and physical considerations
Dual hot swap power supplies for each server connected to different power circuits, optionally with UPS or backup power.
Dual network cards in each server, connected to dual switches (VMware NIC Teaming). Switches are connected to redundant routers, allowing for any component in the network path to fail. Consider if the data center is robust if the fiber cable to the data center is cut.
Redundant storage, either by adding a hardware RAID controller and operate two disks in RAID 1 (mirror) or by using redundant external SAN solutions.
Redundant servers — we recommend that service providers deploy n+1 to always allow for one physical server to be unavailable.
Redundant datacenters — consider providing Pexip Infinity from multiple data centers (either multiple data centers in one region or in various international regions).
Outage reporting
Dashboard and API are available.
When there are active alarms, incidents or outages on your deployment, a flashing blue triangle appears at the top right of each page of the Administrator interface. To view details of the current alarms.

Alarms remain in place for as long as the issue exists. After the issue has been resolved (for example, if a conference ends, therefore freeing up licenses) the associated alarm will automatically disappear from the Alarms page.
Multiple instances of the same type of alarm can be raised. For example if two Conferencing Nodes are not correctly synchronized to an NTP server, you will see an alarm for each node.
You can select individual alarms and view the associated documentation for suggested causes and resolutions.
The History & Logs > Alarm History page shows the details of all historic alarms including the severity level, and the time the alarm was raised and lowered.
The interface includes a series of graphs that can be used to monitor the status, outages and performance of the platform. You can view and edit the default graphs, create your own graphs, and change the order in which the various graphs appear.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
Microsoft’s cloud platform, Azure. Azure also make it easy to leverage Office 365’s single sign-on without the need for authentication, making the sign-in process as simple as possible for specific clients.
We can provide different user roles available in the system including guests and hosts introducing additional security measures such as encrypted meeting room IDs and invitation information so meeting locations couldn’t be guessed or formulated easily. With this solution, no unwanted guests are able to join meetings. After Pexip passed a third-party security check, it was rolled out for a much broader group of services.
Access restrictions in management interfaces and support channels
The NCSC explains five administrative models for secure service administration:
dedicated devices on a segregated network;
dedicated devices for community service administration;
dedicated devices for multiple community service administration;
service administration via bastion hosts; and direct service administration.
Pexip meets the criteria “dedicated devices for multiple community service administration”. Access to the administrative interface operates on a least permissions model. When a user logs into the admin portal, they can only see their organization or any organization listed as children under their parent organization; they are not permitted to see any parent organization or other child organizations of their parent.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Description of management access authentication
Self-managed solution gives your IT team total control of managing your network with a choice of authentication options. You retain full ownership of your data - we can’t view or access it. Software updates are also available to you as soon as they’re ready. Management access also offers:
Intuitive IT management dashboards & tools
Ability to manage your network infrastructure, meeting platform & video conferencing endpoints in one place
Add, delete and configure users, plus integrate with Active Directory for easy user management
Deploy a range of APIs for custom deep integration

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DNV/GL
ISO/IEC 27001 accreditation date
18/03/2020
What the ISO/IEC 27001 doesn’t cover
Pexip has formalized internal information security best practices and implemented the practices from the ISO/IEC 27001:2103 standard, exceptions are available upon request. We have formalised a management review of the information security management system and its performance, meets the requirements of relevant regulatory, contractual, and other legal obligations. Is committed to meeting regulatory compliance with international laws and demonstrates worldwide recognition of excellence by employing an international framework with specific codes of practice.
We are committed to proactively testing both our software solution and service to ensure they do not introduce any attack vectors to our customers’ networks.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • U.S. Department of Defense (JITC)
  • Federal Information Processing Standard (FIPS) 140-2 his
  • Health Insurance Portability and Accountability Act (HIPAA)
  • SOC2
  • SSAE16
  • GDPR (EU Regulation 2016/679) compliance

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Pexip’s leadership team is actively committed to the assurance of providing a secure environment that protects and preserves the confidentiality, integrity, authenticity, availability and reliability of information and the service. In regard to a governance framework, Pexip has implemented the ISO/IEC 27001:2013 framework, applying controls from ISO/IEC 27002:2013 as well as numerous controls from NIST SP 800-53r4.
Information security activities are directed by the Chief Information Security Officer (CISO), coordinated by the Security and Compliance Group, and supported by process owners and information asset owners throughout the business.
The company tracks its contractual requirements and regulatory requirements within its ISMS, including regulations such as the GDPR (Regulation EU 2016/679), the Data Protection Act of 2018,
and many others.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes made are controlled to, business processes, information processing facilities and systems that affect information security:
Identification/recording of significant changes
Planning and testing of changes
Assessment of the potential impacts, including information security impacts of such changes
Formal approval procedure for proposed changes
Verification that information security requirements have been met
Communication of change details to all relevant persons
Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events
Provisions of an emergency change process to enable quick and controlled implementation.
When changes are made, an audit log containing all relevant information is retained.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Established the roles and responsibilities associated with technical vulnerability management, including monitoring, risk assessment, patching, asset tracking. Resources are used to identify relevant technical vulnerabilities and to maintain awareness and updated based on changes in the inventory or when other newer or useful resources are found.
Timeline identified to react to notifications. When vulnerabilities are identified, actions include; patching vulnerable systems/applying controls. Depending upon urgency of a vulnerability, the action taken should be carried out according to the controls related to change management or by following information security incident response procedures. An audit log is kept for all procedures .
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Proactive monitoring event logs include the following:
user IDs
system activities
dates, times/details of key events log-on log-off
Device identity /location /system identifier
Records of successful and rejected attempts;
Records of successful/ rejected data other attempts
changes to configuration
Use of privileges
Use of system utilities and applications
files accessed and type
network addresses / protocols
Alarms raised by control system
Activation/ de-activation of protection systems/ anti-virus system/ intrusion detection systems
Records of transactions executed by users in applications
Event logging sets the foundation for automated monitoring systems, capable of generating consolidated reports and alerts on system security.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident management ensures a consistent /effective approach to the management of information security incidents, including communication on security events/ weaknesses. The following are practices in accordance with ISO/IEC 27002:2013 A.16.
Incident response planning and preparation;
Monitoring, detecting, analysing /reporting of information security events/ incidents;
Logging incident management activities;
Forensic evidence;
Escalation, controlled recovery from an incident/ communication to internal /external people/ organisations.
Response to incidents is taken in accordance with ISMS documented procedures. When appropriate, evidence is collected as soon as possible after the occurrence. A forensic analysis is conducted when appropriate. All involved response activities are logged for analysis.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We offer a 15 day trial for specific user devices and can discuss room or larger trials as required. This is a wholly flexible and user defined trial to allow a proper assessment of the benefits of CVI and the solution in your own environment.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at barrieg@carillion.com. Tell them what format you need. It will help if you say what assistive technology you use.