Navisite Europe Ltd

Managed Amazon Workspaces

Empower your people to work from home on any device that connects to the internet with Navisite’s Managed Windows Virtual Desktop (WVD) solution. WVD uses Microsoft’s Virtual Desktop Infrastructure (VDI) to run your desktop and applications on the Microsoft® Azure® cloud.

Features

• Scale on demand
• Deploy desktops in any AWS Region
• Centralized management of desktops and end-point devices
• Tight integration with M365, SharePoint and other Applications
• Managed On-boarding and Migration
• Bundles for Windows 7, Windows 10 or Amazon Linux 2
• Automated provisioning and management tools
• Diagnostics for troubleshooting
• Connect to any device via native applications or HTML5
• Secure reverse connection

Benefits

• Assistance in the Design and Implementation of the environment
• Migration and help with Security, Active Directory and Application Integration
• Proof-of-Concept and Trials
• Trust routine management and maintenance to Navisite’s experts
• Gold Pattern Creation, Optimization and Administration
• Approved Peripheral Device Connectivity for greater end point security
• Desktop management, patching and endpoint security available
• Profile Management, Management Security Groups and GPO
• Cost Optimization for AWS resources
• Self-Service, Co-Managed and Fully Managed offerings

£6 to £12 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at smcavan@navisite.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

430847787381308

Contact

Sean McAvan
0800 6122933
smcavan@navisite.com

Service scope

• Service constraints: We would recommend any specific compliance requirements be discussed as part of any initial inquiries (e.g. PCI, GDPR, HIPAA).; Minimum of 50 Desktops.
• System requirements:
  • We offer various templates for Windows
  • Customers may import their own images and templates
  • We can supply OS and Software licenses
  • Clients can use their own licenses

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We don't have a guaranteed response time for questions but do publish and offer an SLA against response times for incidents. Response times are the same 24x7x365
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: 15 Minute Response to Urgent Tickets; Service Manager and Account Manager; 24x7x365 Technical Support Avialble by Email, Portal or Phone; Infrastructure and Network Monitoring; Application Monitoring and Support; Enhanced Security Services (IDS, IPS, FIM, Log Management); Managed OS (Patching and Support); Compliance Support and Professional Services; Solution and Platform Design Services; Migration Support and Project Management; Database Administration Services; Physical Remote Hands Support; Backup and Restore; Managed Business Continuity
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide managed on-boarding with design, migration and build services.; ; For self-service clients we provide Enterprise Center training and provide Administrator training sample materials.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can export desktop/server images and backup files. Or our support teams can copy data to media and ship these to the end user
• End-of-contract process: At the end of the contract users can export their own data and desktop images. For an additional cost Navisite can copy images and data to media and ship that media to the client. As part of this exit procedure we can also provide service documentation and arrange for secure erasure of all client data.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can use our Proximity portal to view real-time information on their solutions.; They can create custom reports and views; They can create and manage service tickets; For self-service clients they can use the portal to create and manage their infrastructure and network; The portal can integrate NaviCloud, Hybrid environments and some 3rd party cloud platforms - MS office 365 and Azure
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Available via a secure web portal that can be accessed from any browser
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Each user environment is built for that user on dedicated hardware.; ; We manage capacity on the platforms, adding additional resource when required.
• Usage notifications: Yes
• Usage reporting: Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Application monitoring (synthetic transactions and custom monitors)
  • Security Monitoring and Log Review
  • Database Monitoring
  • Backup Monitoring
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The DaaS platform employs encrypted storage. ; Navisite will perform encrypted backups on any Navisite-controlled system that requires backup.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Gold Pattern Backup and Recovery
  • OS/MS Pattern Backup and Recovery
  • Files
• Backup controls: Managed backup services are available including validation of backup jobs and test restores. ; ; Dedicated backup solutions can be provided, including archive to psychical media and secure offsite storage.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Navisite administrators logging into the DaaS platform will use encrypted sessions.; The DaaS platform employs encrypted storage. ; Navisite will perform encrypted backups on any Navisite-controlled system that requires backup.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: We use segregated VLANS and deliver dedicated network segments for each customer.

Availability and resilience

• Guaranteed availability: Service Availability for DaaS is 99.9%; Service Credits for an Uptime of:; 99.9% or higher - None; 99.0% - 99.89% - 2%; 98.99% - 97.0% - 7%; 96.99% - 96.0% - 12%; 95.99% - 95.0% - 25%; Up-time of less than 95% - 50%
• Approach to resilience: We have multiple cloud nodes, in geographically diverse locations, connected by a resilient fibre ring.; All Datacentre's are minimum Tier III; At the platform level all elements are designed for high-availability and are available across 3 of Navisite's datacenters
• Outage reporting: We report outages via our secure portal, email and we contact clients via telephone during any significant service disruption.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Segregated bastion hosts with individual, randomized passwords generated uniquely for each session. Full access logs are kept for 12 months. Access controls are externally audited. Remote admin access is further secured using two-factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe(UK) Ltd
• ISO/IEC 27001 accreditation date: 13/12/2017
• What the ISO/IEC 27001 doesn’t cover: Source Code (VMware responsible)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NQA
• PCI DSS accreditation date: 31/11/2016
• What the PCI DSS doesn’t cover: Certification is for physical location and physical security controls. However we do design and manage PCI compliant solutions for our clients, adding enhanced logical security controls and working with our clients QSA to help them pass audit at additional cost.
• Other security certifications: Yes
• Any other security certifications:
  • SSAE16 SOC 1
  • SSAE 16 SOC 2
  • ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SSAE-16
• Information security policies and processes: Physical Security is certified to ISO27001 & SSAE16 - additionally our Woking site is a UK Government List-X rated facility. SSAE16 controls are audited annually by Ernst and Young; ISO controls are audited bi-annually ; ; Logical security follows SSAE16. Policies and process are audited annually by Ernst and Young. We include policies for securing networks infrastructure and applications; policies for managing people (staff and contractors/ sub-contractors) and for securing human access to systems and data. Policies that cover the the encryption, storage and transmission of client data. Policies that deal with how we respond to security incidents.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Following ITIL; Naviste supports Service Requests and Requests for Change, with the latter triggering the Change Management Process. All changes require review and approval. The approval level varies depending on the risk and impact of the change. This can be from technical peer review through to full CMRB review and sign-off. Changes can be initiated by both NaviSite and the customer and all chnages that might impact a client environment, require customer notification and approval. Client requested Changes are validated only after the appropriate authorisation in writing is received from a Customer contact with the Signatory role.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Navisite deploy network-based security solutions , which include intrusion protection, vulnerability management, and compliance automation to help protect networks from threats that bypass perimeter, desktop, and server defenses. For vulnerability management we use we use 3rd party IDS tools, combined with integrated vulnerability scanning. Threat signatures are assessed against a variety of "known threat" databases. Patches maybe part of regular scheduled work; or could be as a result of a discovered vulnerability, dealt with via our emergency maintenance policies.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Navisite use a variety of 3rd party tools to detect and mitigate network based threats; to aggregate and review log files; File Integrity Monitoring to review changes made to client systems and Application level monitoring and remediation to mitigate attempts to inject or change web code. our SLA for response to an urgent incident is 15 minutes. If a threat is to a specific to a single client, we will work in collaboratively to remediate. If a vulnerability poses a threat to other clients; Navisite may act to remediate unilaterally; following our emergency maintenance procedures.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Navisite follows ITIL based processes for incident management. Incidents are categorized by severity of impact; escalations in categorization can be requested by the end-user. Severe incidents are responded to within 15 minutes; a client telephone bridge is opened and incident manager appointed who co-ordinates resources in trouble-shooting. Client communication may be constant via the open bridge, or at regular intervals agreed with the client. Root Cause Analysis and Remediation detail are delivered to the client in a formal Incident Analysis Report; typically delivered within 48 hours after resolution.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Dedicated hardware is in place to host the VDIs per customer.; Separate containers, separate VLANs; individual virtual or physical firewalls and separate LUNs for each client.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our Datacentres are ISO 50001 Energy Management System compliant and follow the below guidelines:; ; 1. Airflow Management (segregation of air masses - blanking panels, identification & fixing of leaks, closing cable access holes in floors, hot/cold aisle configuration, hot/cold aisle containment systems, etc.); 2. Cooling System Efficiency (installation of VSDs to CRAC/CRAH fans & pumps, utilisation of free cooling, optimisation of data floor & chilled water temperatures, addressing customer temperature SLAs, etc.); 3. Capital Plant Replacement (Energy efficient Chillers & free cooling solutions, energy efficient CRACs/CRAHs, modular & efficient UPS, LED lighting and generally utilising best available technology, etc.)

Pricing

• Price: £6 to £12 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free Proof Of Concept is available with the following restrictions:; Up to 5 standard desktops can be included.; Trial length is 30 days.; ; Paid Pilots are available as well as an additional option. The cost of the Pilot can be credited towards the costs of a Production environment.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at smcavan@navisite.com. Tell them what format you need. It will help if you say what assistive technology you use.