Envision Digital

EnOS

EnOS AIoT operating system, enables enterprises and cities to accelerate digital transformation. Built on open standards, its design incorporates Envision's best practices and expertise based on vertical domains (renewables, batteries, grids, buildings, cities and EVs), ensuring secure connectivity across an open ecosystem, to help organisations innovate faster.

Features

  • Device Management, Connectivity, Lifecycle management, Asset Hierarchy Management, Dynamic Alerts
  • Digital Twin, Modelling, Data Analysis, Device Monitoring and Performance Optimisation
  • IoT, Data Asset Management, Storage Management, Stream Analytics, Data Governance
  • Internet of Things, Energy, Time Series, Data Insights, Sustainable, Renewable
  • Data Analytics, Integration, Development, Reporting, Machine Learning, Artificial Intelligence
  • Common Data Service, Algorithm, IDE, Integrated Development Environment, Open Source
  • Application Enablement, Deployment, User Management, Scalable, Secure, API, Single Sign-On
  • API Management, Performance reporting, Continuous monitoring, Automated scaling, Alarms, Reports
  • Identity Management, Cyber Security, Access Management, Role Based Authentication, Authorisation
  • Secure Data Access, High Performance, Data Lake, Operational Data Store

Benefits

  • Plug-and-Play, Standarisation, Easy Integration, Low Cost, Low Latency, Device Library
  • Built on open standards, accelerate digital transformation, open source, Net-Zero
  • Easy Integration of IoT sensors, devices, platforms and control systems
  • Manage vast amounts of IoT, Sustainable and Renewable, Infrastructure Data
  • Business Insights: Unleashes the synergy of data form different systems
  • Rapid application development, High Productivity Toolset, Low Cost, Version Control
  • Data monetisation, Data as an asset, cloud intelligence, data trends
  • Reduced IoT data Ownership Cost, Cost Optimisation, Cost Reduction
  • Data visualisation, Dynamic Dashboards, Real-time metrics, Alarm categorisation, Flexible HMI
  • Iaas Agnostic, Hybrid Deployment, Public Cloud, Container, Microservices, Scalability, Modularity

Pricing

£837.10 to £3,328,413 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim.naylor@envision-digital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 6 6 1 4 5 0 7 8 2 1 3 5 2 2

Contact

Envision Digital Tim Naylor
Telephone: 07770571020
Email: tim.naylor@envision-digital.com

Service scope

Service constraints
Refer to Section 8 in Annex 2 - GENERAL CONDITIONS OF SOFTWARE - SOFTWARE AS A SERVICE (SaaS) – for further information.

Envision Digital guarantees the System shall be available with the following terms:
-maintenance windows be coordinated with Customer.
-Envision not responsible for System non-availability due solely to defects or deficiencies in Customer’s systems.
-Scheduled Hours defined as total hours minus the hours of Scheduled Outage per month.  The Basic Period is 24x7.

Regular system maintenance will be carried out on the second Tuesday of each calendar month between 00:00 hours and 06:00 hours local time.
System requirements
Symantec Antivirus

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 (Critical): 0.5 hours. Severe Business Impact. Critical production problem affecting one or many Users. IT Solution loss/corruption.

P2 (High): 2 hour. Significant Loss of Functionality. Major feature impacted, or significant degradation of performance is known. Persistent problem affecting one or many Users and/or major features. No reasonable solution is available.

P3 (Medium): 12 hours. Minor Impact. IT Solution performance problem or bug affecting some (not all) Users. Short-term solution available, but not expandable.

P4 (Low): 24 hours. No operational impact. Requested information on application, navigation, installation or configuration capabilities; bug affecting a small number of Users.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We currently have three support levels:
L1 level Support is available 24 x 7 x 365.
L2 and L3 level support do not include Weekends and Public holidays unless it is a P1 (Critical) issue, in which case the ticket will also be escalated to the management team.

Response times are dependable on priority:
P1 (Critical): 0.5 hours;
P2 (High): 2 hour;
P3 (Medium): 12 hours;
P4 (Low): 24 hours.

Bug-fixes and software updates that could affect the performance of the service are scheduled during out of office hours and following strict procedures to avoid any downtimes.

The point of conctact for customers is the Account Manager.

Product support documentation is available, in addition to a WiKi page that has full information about the service. Documentation can be provided in several formats.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We have implemented an exhaustive training program which provides a detailed understanding of how EnOS and our apps work. Some of the trainings provided are: EnOS Overview and Introduction, Device Management, Data Management and Analytics and Application Development among others.

Training is an optional service, and is discussed with each customer during contract stage. All the training provided by Envision Digital can be given at the customer's premises, at Envision Digital's offices or remotely, depending on contract terms.

In addition, Envision Digital puts a lot of attention on our online Documentation and Tutorials. Our easily accessible online Documentation Centre (wiki) contains information about the platform, its usage and plenty of training material such as How-To videos, tutorials, GitHub resources and a discussion blog.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Once a contract is terminated or has reach its end, Envision Digital will provide the customer with the following:
a. a copy of its data in a machine-readable format;
b. a list of all open source software used during the duration of the Services;
c. further information and exit assistance as reasonably requested by the Customer to assist transfer of the Services to an alternative service provider. Such exit assistance shall be borne by the Customer on a cost-only basis.

In addition, for the extraction of data, Envision Digital provides a “Data Export” tool capability that allows the customers to retrieve their data on demand during the course of the contract’s life. Envision Digital also agrees to extract, return or erase Customer’s data at any time during the course of the contract if requested by the customer. All data extracted will be provided in machine-readable format no later than thirty (30) working days following the customer’s request or termination of the contract. Envision Digital will destroy all Customer’s data, upon written instructions from the Customer or upon the termination of the contract, within ninety (90) calendar days following written instructions from Customer.
End-of-contract process
Envision Digital’s Term and Termination conditions are detailed in our “Annex 2 - GENERAL CONDITIONS OF SOFTWARE - SOFTWARE AS A SERVICE (SaaS)”.

Envision will, at Customers cost, make available to Customer a file of the Customer data within 90 days of termination, if Customer so requests at the time of termination. Customer agrees and acknowledges that Envision has no obligation to retain the Customer data, and may delete such Customer data, after 90 days of termination. Envision in its sole discretion may terminate all the Customer’s passwords and the Customer’s account if Customer breaches or otherwise fails to comply with the Envision Digital PaaS Agreement.

Using the service

Web browser interface
Yes
Using the web interface
The EnOS Management Console is a web-based graphical interface for users to access the full range of capabilities of EnOS. Areas such as Device Management (Connectivity, Digital Twin Modelling, Device Lifecycle, etc), Data Asset Management (Storage Management, Time-series data insights, Data Governance Management, etc), Data Analytics (Data Integration, Data Reports, Machine learning, etc), Application Enablement (API Management, Common Data Service, HMI Graph tool, etc) and Security Management among others are all accesible through the EnOS Management Console.

EnOS enables users to access and use resources on EnOS Cloud by managing the access permission in an organisation. An organisation in EnOS has a space and resources that are isolated from other organisations. The space of each organisation is named organisation unit (OU). To register an organisation the user needs to contact Envision Digital’s Account Manager and provide the following information: Organisation basics (name, address, industry, country, etc) and Organisation Owner (username, mobile phone, and email).

When the organisation information is reviewed and approved, the system will create the OU owner account and send the account and password to the OU owner’s email. The OU owner can log in to the EnOS Management Console to complete the configuration of the OU.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Being a cloud based service, EnOS is accessible with any web browser (best experienced with Chrome and IE11 (latest versions)).

All functions of EnOS are provided in the EnOS Management Console for the user to access through a user-friendly graphical interface. These functionalities can also be accessed through APIs.
The EnOS Management Console is a web-based graphical interface for the user to interact with the resources in EnOS. The console enables the user to use the functions, such as Asset Management, Data Analytics, Resource Management, etc. that EnOS provides via a web browser.

In addition, we also offer the EnOS Application Portal, to enhance the experience of customers using multiple applications. It is a centralised access management and login portal for multiple applications registered and developed based on EnOS. The EnOS Application Portal provides a One Product experience for enterprise and organisation users with centralised and hierarchical management of applications based on users, roles, organisation structure, applications, and asset permissions.
Web interface accessibility testing
None
API
Yes
What users can and can't do using the API
EnOS provides APIs for developers to add, delete, modify and retrieve resources such as models, devices and assets on the cloud for application development. Secure access to the APIs by adopting a variety of authentication and authorisation techniques.

API services:
Connection Service: Device connectivity and device management on EnOS, including product and device creation and management.
Model Service: Search and get the details of the models in the organisation.
Asset Service: Create, manage, and update assets in an organisation.
Alert Service: Search and manage asset alerts.
Asset Tree Service: Create, manage, update, and search assets trees in an organisation.
TSDB Data Service: Access to the stored asset data.
TSDB Policy Service: Access to TSDB storage configuration information.
IAM Service: Manage user account lifecycles, authenticate user identities, control the access rights to the resources in EnOS.
Application Portal Service: Get information about users, assets, and applications to configure permissions on the EnOS Application Portal.
Prediction Model Service: Get the prediction results of the deployed machine learning algorithm model.
Batch Processing Service: Data integration, data development, data operation, and maintenance services required for big data analysis.
Data Federation Service: Data reading and writing services for multi-source heterogeneous data storage systems.
API automation tools
Ansible
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Customers are assigned independent resources inside the EnOS instance and therefore are not limited nor experience delays due to other Organisation Units (OU). Inside each OU, EnOS support horizontal auto-scaling mechanism to support different user demands.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Sensitive data is encrypted, before being put into files or databases, with unique keys provided by the customers or generated by EnOS. Decryption happens automatically when data is retrieved through the data service APIs.
Within EnOS, data from customers is stored separately/ segmentally. Data segmentation is established in all underlying components of EnOS. All files, tables and other types of data are secured by access control, even when data from different clients is stored physically in a single cluster. Only authorised users may access data with audit-enabled API calls/ command tools.
EnOS can provide dedicated storage for clients if required.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Databases
Backup controls
Envision Digital follows an exhaustive Disaster Recovery process that contemplates regular backups. These backups are performed periodically and cover all of Envision Digital's services.

Virtual Machine level backups happen every day, and include a three day period. RDS level backup is based on redo-log, and includes a 15 days period.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
To ensure secure connections from devices and end-users to the EnOS portal TLS is applied for data transmissions, which uses public-key cryptography to prevent eavesdropping, tampering and forgery.
Devices and end-users establish secure communication sessions to API endpoints that EnOS services provide. HTTPS is used for accessing REST APIs.
For the TLS data channel between devices/edges and EnOS cloud, X.509 certificate-based bidirectional authentication is adopted, all data is encrypted during transmission.
EnOS IoT Hub uses certificates to authenticate devices and edge clients. EnOS supports certificates issued by public CA and EnOS certificate service.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
The network of EnOS is secured by applying network zones for segmentation. The different functional modules of EnOS are deployed in separated network zones with explicitly added rules, allowing only permitted network traffic.
Firewalls and other boundary devices, are in place to inspect session states and control communications at the network's external boundary and at key internal boundaries within the network. These boundary devices employ firewall and routing rules, security policies and configurations to monitor and regulate the information flow.
Network policies are established on each managed interface, which manage and enforce the flow of traffic through managed interfaces automatically.

Availability and resilience

Guaranteed availability
EnOS Service Availability shall be at least 99%. In the event that Availability is not achieved, the server operation fee shall be reduced according to the table below.

Availability Percent / Service Credit of monthly invoice:
Above 99% -> Within agreed service level; No Credit.
99% to 95% -> Five Percent (5%).
95% to 90% -> Ten Percent (10%).
90% or less -> Twenty Percent (20%).

The SLA for EnOS Enterprise Data Platform and any applicable Service Levels do not apply to any of the following performance or availability issues:
-That result from system maintenance performed after an advance notification by Envision to the customer, including cutover, fix, upgrade, and simulated failure drills.
- Caused by loss or leakage of data or password due to improper maintenance or confidentiality control practices of the customer.
- Due to negligence of the customer or any operations authorised by the customer.
- That result from failure to adhere to the documentation or recommendations of Envision products by the customer.
-Due to force majeure.
Envision Digital has SLAs goals for each of its services, for example:
- Stream Processing Service 99.9%
- TSDB Service 99.9%
- Dataflow Service 99.9%
- Data Archiving Service 99.9%
Approach to resilience
For EnOS Public Cloud we use Microsoft Azure datacentres located in France.

In addition, we have implemented high availability measures such as Hadoop triple copy data redundancy, K8S docker health check and auto-recovery, Kafka redundant cluster, MySQL replicator, Redis cluster, Mongo cluster and micro-service architecture (among others) to ensure robust, high availability for our customers.

The Azure approach to trust is based on the five foundational principles - Security, Compliance, Privacy, Resilience and Intellectual Property (IP) protection. For further information on Resilliance please see https://azure.microsoft.com/mediahandler/files/resourcefiles/resilience-in-azure-whitepaper/Resilience%20in%20Azure.pdf
Outage reporting
Envision Digital has implemented and developed a robust and exhaustive Disaster Recovery Solution. The solution includes several levels of planning for any foreseeable accident or disaster, such as a mistake during maintenance, software/hardware failure of the different systems, network crash, data centre power outage and even large-scale urban blackouts on entire cities or regions.
In addition, Envision Digital’s Disaster Recovery solution follows Microsoft Azure’s High-Availability best practices. This include the use of Azure Machine Images, VM Backups, seamless re-routing of public IP addresses between instances and load balancing among others. Our EnOS Public Cloud hosted on Azure keeps your data in dual physical locations concurrently. In each of these locations, Azure constantly maintains three healthy replicas of your data.
Envision Digital’s dedicated Disaster Recovery Team (DRT), is comprised of the following departments, with each having responsibilities specific to their role: Disaster Recovery Solution Department, Application Development Department, Implementation Department, Operations Department, QA Department and Security & Audit Department

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
IAM service provides different authentication methods for different account types. User account is required to access the EnOS Portal with valid credential (user identifier and password). Strong password with required complexity enforced by security policy managed by OU administrators. Multi-factor authentication is available as a configurable security option. Service accounts use access keys (i.e. digital signatures) to perform authentication with EnOS. EnOS implemented OAuth 2.0 to support SSO with external applications.
Access restrictions in management interfaces and support channels
EnOS adopts Role-Based-Access-Control (RBAC), a policy neutral access control mechanism for roles and privileges. Access control rule is defined as a 3-tuples in the form of role-permission-resource. The resource includes the following digital assets:
Applications, User Interface , APIs, Data, Reports, Alerts.
IAM allows administrators to define access control rules to grant privileges/permissions of resources to accounts through the IAM portal. Accounts with proper privileges granted may access the corresponding resources via EnOS Portal. Access control validation is performed by IAM service access attempts. Success and failure attempts are recorded by IAM logging feature for auditing and abnormality detection purposes.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
11/05/2018
What the ISO/IEC 27001 doesn’t cover
Nothing, certification covers all elements of the service.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Infocomm Media Development Authority of Singapore (IMDA)
  • ISO/IEC 27001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NIST Special Publication 800-series;
OECD framework;
CIS benchmarks;
FIPS 140-2NERC CIP;
MTCS Level 3;
Accreditation by Infocom Media Development Authority of Singapore (IMDA).
Information security policies and processes
Envision has enterprise-grade information security practices in place and manages some of the world's most secure energy and smart city infrastructure. Envision enforces a Supplier Code of conduct to ensure good governance and sustainability practices are maintained. Envision's head of Information Security reports to our International President, who reports to our Executive Director, who reports to our Group CEO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Routine, emergency and configuration changes to EnOS cloud instances and edges are authorised, logged, tested, approved and documented in accordance with industry norms of similar systems. EnOS cloud updates ensures minimum impact to the customer and their use of the services. Service provider will communicate with clients ahead of time, via email, or through the dashboard when a service is likely to be adversely affected.
Operation team maintains and operates a configuration management framework for change management. Through centralised and automated change management process, EnOS is able to achieve its goals of high availability, reusability, scalability, security, and disaster recovery.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Envision Digital leverages our relationship with our parent company to notify us of potential threats against Envision Digital and its customers. In addition, for Private clouds, we offer customers the flexibility to deploy their own solutions to notify them of threats.
For Envision Digital's owned instances, we will get security patches deployed as soon as the patch is ready based on the severity of security issue. For customer owned instance, deployment time will be in normal maintenance window, for serious security issue, we will get patch ready ASAP, and work with customer to determine deployment time.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
How you identify potential compromises? We review our logs often to detect anomalous activity.
How you respond when you find a potential compromise? Envision Security will deploy resources to contain the incident and then work to eradicate and recover.
How quickly you respond to incidents? Responding to threats and incidents take utmost priority. Envision will treat incidents as it does product issues in terms or priority.
Incident management type
Supplier-defined controls
Incident management approach
Envision has an Incident Handling Process document following the guidelines of ISO27001. It's purpose is to standardise the process of incident handling & response (or IHR), define the composition and responsibilities of the IHR team, and help staff to raise awareness of what a “Real” or “Reportable” Incident is.
Examples of incidents and their categorisation are provided and also a 5-level classification, with Level 0 being ""No impact"" and Level 4 "" Very Significant"".
Several other topics are included and explained in detail such as Process flow, Incident Discovery, Employee Responsibility, Containment, Communication, Disaster Recovery and Business Continuity, etc.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
Separation between users has many levels: on the IaaS layer, virtualization is provided by our IaaS provider (Microsoft Azure). For IoT PaaS level, EnOS provide some application level separation method based on IAM (Authentication, Authorisation, Audit). We also make use of software such as VMWare and KVM Hypervisor.
How shared infrastructure is kept separate
EnOS applies the identity and access management (IAM) scheme to support multi-tenancy, where each tenant in EnOS is managed as an organisational unit. Data that belongs to different organisations is securely segregated and can only be accessed by users that are registered to the organisation.
EnOS’ built-in IAM scheme provides capabilities of identity management: authentication, authorisation, and auditing.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
For the UK and Europe, Envision Digital uses Microsoft Azure datacentres in France which complies with the EU Code of Conduct for Energy Efficient Datacentres. Microsoft design their IT with efficiency in mind, including faster, more efficient chips that do more using less energy and makes use of open source development. They have also invested in sustainable datacentre design and operations, achieving economies of scale and maximizing the efficiency of their datacentre infrastructure. In addition, their datacentres are powered by renewable energy.

Pricing

Price
£837.10 to £3,328,413 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim.naylor@envision-digital.com. Tell them what format you need. It will help if you say what assistive technology you use.