Enterprise Edge - SD-WAN
Interoute Edge Access is an SD-WAN solution which optimises access to all applications in the data centre and the cloud, an overlay network service, building private networks over IP access networks, enabling improved performance for cloud applications, lower network costs and faster service delivery.
Features
- Improved network reliabilitySoftware
- networkingUse of all access circuit investments (no standby)
- Reduce latency impact
- Reduced networking costs
- Improved performance for cloud applications
- Simplified network integration
- Data encrypted inflight using AES256,via private network or internet.
Benefits
- Defined networking
- Hybrid
- SaaS optimisation
- WAN optimisation
- Dynamic path control
- vCPE
- Reduced network costs
- Application intelligent routing
- Bring your own connections
Pricing
£21.54 to £2,429.12 a virtual machine a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
3 2 9 1 3 7 9 0 7 5 2 9 8 3 5
Contact
Interoute Communications Limited
Tony Vesty
Telephone: 0777 2613722
Email: tony.vesty@gtt.net
Service scope
- Service constraints
-
Site bandwidth limited to <2Gbps
Planned maintenance schedule - System requirements
-
- Minimum of one RJ45 access network connection
- Non-filtered Internet access network
- A public /30 subnet for access network
- Physical hosting environment
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Interoute operates to CCS level 4 - 24x7x4 for all services. Our Contact Centre can be reached via email, phone or through our "My Services" web portal which is provided free of charge as part of the solution.
Any request is handled through the Contact Centre and we target responding within 30 minutes, in addition for some services we provide a "live chat" function which is available during office hours only. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
-
Live Chat is available to assist clients with the use of the "My Services" web portal which provides:
· Reporting
· Invoices and CDRs
· User Management
· Search and Filter
· Incidents and Requests
· Orders
· Alarms
· Performance Monitoring
· Secure customer Access
· Service Level Agreements
In addition Live Chat is available to answer user specific queries relating to the product or service purchased. - Web chat accessibility testing
- Whilst Interoute does not have any record of documented testing with assisted users, we own the technology which provides our web chat facility and would therefore be in a position to develop a solution to meet the individual needs of an assisted technology user.
- Onsite support
- Onsite support
- Support levels
- Interoute provide CCS Level 4 - 24x7x4 as standard which is included in our prices.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The service is a managed service, so therefore minimum involvement from the customer is required. A product specialist will be involved in the handover process to ensure the customer gets the maximum benefit from the service.
As part of the service assurance process, a service manager will be allocated and will be responsible for providing training on the "My Services" web portal which acts as the central repository for management information and is the primary communications method between Interoute and the client. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- There is no data to extract as it is a networking service, however, at the end of the contract, Interoute will provide clients with a last version of the CMDB and network audit which includes details of the software versions on the CPE, end of life information and software renewal dates.
- End-of-contract process
-
Interoute understands its obligations and will be fully compliant with clause 42.5 of the Call-Off Terms and the requirements of Schedule 9 Exit Management.
Interoute will act in a professional manner to assist in transitioning services either to a new supplier or back to the customer. Details of the approach will depend upon the final solution and the incoming supplier’s network design and implementation plans. Our approach covers:
Governance
• Establishment of a governance structure defined meetings and attendees, including the Interoute Exit Manager.
• Detailed risk assessment carried out jointly to identify all risks which are likely to occur during the transition.
• Information Provision and Preparation
• Interoute will provide the following information:
o Asset information – based on data held within the CMDB
o Technical Information – based on information and documentation held within Interoute’s network diagrams and CMDB
o Sub-contracts – contract terms/cancellation requirements
o Other Information – details of open faults, problems and inflight change requests
Agreed Exit Plan
• Interoute will provide an Exit Plan, proposing a methodology for orderly transition of service.
• The incoming provider’s implementation plan will align with Interoute’s Exit Plan.
• The Exit Plan will be reviewed and updated.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Interoute will provide a client with a URL which provide clients with access to the “My Services” web portal which has an extensive management reporting function. It is positioned as the first line of support and information and provides greater control in managing the relationship with Interoute services and offers:
Reporting
Invoices & CDRs
User Management
Search & Filter
Incidents & Requests
Orders
Alarms
Performance Monitoring
Secure customer Access
Service Level Agreements
Change Management
The portal speeds up communication, efficiently share key information (technical, numbers, results), and:
Increase service control;
Decrease operational management overheads;
Obtain an inside view into system management and performance. - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
-
The Graphical User Interface within "My Services" is adaptive, so that each user is presented with different menu options according to the access privileges and/or services subscribed to. The portal is a browser-based product with a series of reporting screens and fault logging options.
Ease of navigation is central to its design ensuring users can quickly locate their desired function, meeting the user’s requirements with minimal delay.
Each user is required to go through a secure logging process, once successfully logged in, the user is provided with a homepage with customisable preferences options to ensure that the tool matches their individual requirements. From here, the user can select the functions pertinent to their needs. - Web interface accessibility testing
- Whilst Interoute does not have any record of documented testing with assisted users, we own the technology which provides our web chat facility and would therefore be in a position to develop a solution to meet the individual needs of an assisted technology user.
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- No
- Independence of resources
-
Interoute supplies equipment, configurations, security and connects everything to the 24x7 Network Management Centre. Network connections to Interoute data centres and core nodes are provided using secure links with high-capacity bandwidth over fibre connections ensuring minimum latency. The internal network infrastructure of the PoP is built upon a high-speed, fibre based network to ensure high-capacity throughput. This infrastructure uses multiple connections through highly secured network firewalls and routers to deliver full redundancy and optimal traffic delivery.
Each customer is provided with a logically separate VPN over this shared infrastructure resulting in a cost effective but highly secure and reliable network. - Usage notifications
- Yes
- Usage reporting
-
- SMS
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- No
Data-in-transit protection
- Data protection between buyer and supplier networks
- IPsec or TLS VPN gateway
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Availability can vary from 99.99% - 97.0% depending on the options selected and can result in service credits ranging from 10% - 50% of the monthly service charge.
Please see https://www.interoute.com/uk-term and review “Edge Access Service” - Approach to resilience
-
All facilities are connected by Interoute’s privately owned network backbone. Interoute is an international ICT service provider and the owner operator of a global cloud platform and one of Europe’s largest networks. Our advanced fibre optic (70,000 route kilometres) network connects the business hubs of Europe, nearly 200 data centres and colocation facilities to America, Africa, Asia, the Middle East and network partners across the globe. Incorporating 15 of its own data centres and 33 colocation facilities, Interoute serves international enterprises, as well as the world’s major service providers, Internet giants and OTT providers.
All facilities have provisioning for a minimum of 8 hours uninterrupted power supply in event of a main failure. All equipment and alarm cables are fitted with tamper/sabotage warnings. A+B feeds are provided to give the customer power redundancy i.e. if the A feed fails, the B feed takes over. 8A Single feed = 8A usage- 8A A+B feed = 8A usage. This is covered in the Interoute SLA. - Outage reporting
-
All service management information relating to outages are presented to the customer via the "My Services" web portal which provides both statistical and graphical representation during an incident.
Interoute will provide monitoring on circuit utilisation, availability, incident updates and reporting. All information will be available to the customer via “My Services” and through the Customer Service Manager.
My Services” enables customers to monitor core network performance, statistics for SLA measurement and application performance quickly and efficiently from one central location.
Updates to any outages will be provided via the portal, email or phone.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Interoute provide management services via a secure VPN access service which has firewalls at each end ensuring a seperate connection for each client managed.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyds Register LRQA
- ISO/IEC 27001 accreditation date
- 09/10/2006
- What the ISO/IEC 27001 doesn’t cover
- The following controls are not applicable: Access control to program source code Protecting application services transactions
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- QCC Information Security Ltd
- PCI DSS accreditation date
- February 2018
- What the PCI DSS doesn’t cover
- The following controls are not applicable: Access control to program source code Protecting application services transactions
- Other security certifications
- Yes
- Any other security certifications
-
- ISAe 3402
- HMG BPSS
- DBS
- GPG13
- CPNI
- CESG
- SANS Institute
- DPA
- PSN
- ISO 27001, ISO 7799, PCI DSS
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
ISO 270001
ISO 90001
ISAE 3402
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Through the set of integrated management tools used by Interoute, we generate and maintain the CMDB which includes information regarding access, general logs, and application logs. Interoute provides a CMDB to identify, control and record an accurate inventory of CIs.The CMDB will provide an audit trail of all changes and can be downloaded to a .csv file for further manipulation.
Interoute defines changes into three categories, soft, hard and complex. All changes will be agreed with the customer and are assessed for both risk and the potential security implication. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Interoute conducts a comprehensive risk assessment of all critical business and operations risks to our critical operations components, inclusive of risk scenarios based on industry best practice security and continuity threats, vulnerabilities and risks. This risk assessment is maintained by our Security & Governance Group audited annual by internal security professionals and external 3rd parties. The fundamental objective is to define the necessary continuity mitigation controls required to maintain operations and quality with integration into our ITIL and ISO 27001 security controls with defined performance metrics.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Security controls are applied to protect Interoute and the customer;
• Customers accessing our Data Centres must comply with site access procedures and codes of conduct.
• Use of facilities and operations must comply with stated contractual obligation to adhere to Acceptable Use Policy.
• Exchange of information and data will be controlled by contracted confidentiality clauses.
• ISO 27001 security management system protects Confidentiality, Integrity and Availability of internal and customer data.
• Security Incident Management processes report, log, respond and resolve security incidents.
Controls in place protecting security of our internal network and systems includes FW, IDS/IPS, DDOS. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Customers are able to report incidents via phone, email or through the "My Services" web portal. The severity of the incident will be determined by the data captured in the service manual. Real time updates are provided during the lifetime of the ticket and can be accessed via the portal.
Management reports are provided via the portal and can be downloaded by the customer. In addtion the service manager will provide a comprehensive report at the regular service review meetings.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Red Hat Virtualisation
- How shared infrastructure is kept separate
-
Interoute runs multiple VDC zones and also multiple dedicated versions for a variety of large customers. In each case stringent monitoring and controls are applied to ensure the performance provided is not affected by other users on the platform.
Our standard compute service applies a 2Ghz vCPU speed and a standard l contention ratio of just 2:1.
The Interoute fully SSD storage service means that with over 10 times the IO of a spinning disk solution and the ability allocate QoS for critical volumes, Interoute can eliminate storage bottleneck issues commonly encountered on other shared service platforms.
Energy efficiency
- Energy-efficient datacentres
- Yes
Pricing
- Price
- £21.54 to £2,429.12 a virtual machine a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Three months free trial is available.