Containerised Portability Platform (Droplet Computing)
The Containerised Portability Platform (Droplet Computing) transforms application delivery: removing the dependency between the application, the platform and the device. Application containers can be deployed via Cloud or installed locally. Legacy applications can run securely on legacy or modern multiplatform devices, regardless of native OS, without a constant internet connection.
- Deliver applications across multi-platform devices, online and offline;
- Port legacy or bespoke applications away from obsolete, out-of-support OS;
- Port applications independently of native OS and OS vendor timetables;
- Run applications in native format, consistently across device platforms;
- Run and access applications without needing constant internet connection;
- Move containerised applications seamlessly between device platforms;
- Containers render applications invisible to the underlying OS;
- Containers ‘invisible’ to penetration;
- Container runs 'image' (including legacy application) securely, on current OS;
- Containerised applications granted secured access to local or networked resources.
- Manage and control legacy estate decommissioning and content migration;
- Reduce disruption and effort of maintaining and supporting legacy estate;
- Containerised applications are controlled, secured, portable and governable;
- Applications released from underlying hardware, OS and connectivity constraints;
- Protect, control and safeguard legacy applications, desktops and platforms;
- Only run approved applications within containers on local device;
- Container ‘invisibility’ secures against OS vulnerabilities, improves compliance;
- Containers run locally, minimising infrastructure requirement and cost;
- Volume savings from decommissioning large legacy infrastructure estates;
- No user learning curve, application unchanged whatever the device.
£6.02 to £11.03 per licence per month
- Education pricing available
- Free trial available
4 4 3 3 7 5 1 4 0 0 0 0 1 5 1
020 8538 9898
|Service constraints||Device Platform OS currently supported are Windows XP, MacOS, and Linux. (Windows 7 is expected shortly, with IoS and Android subsequently). If your platform is not listed here, please ask (as other older platforms such as OS2, have been supported, by negotiation). If the device in scope does not have a browser then a local install can be done it may be possible to use WEBDAV or a client app depending upon the hosting to be used.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Support is available Monday to Friday, 9am-5pm (normal working hours), with 24/7 availability to log incidents. During normal working hours, responses will be within 1 hour.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Via the browser.|
|Web chat accessibility testing||We use standard technologies in common usage.|
|Onsite support||Yes, at extra cost|
Support levels during normal working hours are:
Level 1 (Critical Service Incident), response typically within 1 hour;
Level 2 (Non-Critical Service Incident) - response typically within 4 hours;
Level 3 (Minor Support Request) - response typically within 8 hours.
Basic service support includes access to an account manager and access to technical support.
Support requests and escalation (if required) will be managed by the Incorvus Account Manager, acting as a single point of contact.
Individually-customised Support Contracts to meet the specific requirements and policies of the customer are available by negotiation.
Support fees are per project, and the standard fees are 17.5% of the total licensing value and period (i.e. 'n' seats over 'n' years). Every license must be supported by a standard support contract for the life of the licence.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||For end users, there is little, if ANY learning curve, since applications will run consistently (as they previously did) no matter what the platform or device. Using the local interface, users simply launch and run the Droplet Application locally in order to access their legacy applications in the usual way. Incorvus also offers training for administrators and superusers. Incorvus can provide additional user training, on-site support and site-specific user documentation by separate negotiation.|
|Other documentation formats||
|End-of-contract data extraction||The data is ALWAYS resident locally on the Client's device - before, during and after contract. Users can therefore extract their own data at any time.|
The contract provides licence entitlement to deploy, manage and run a G-Cloud 11 Containerised Portability Platform (Droplet Computing) Container for a single operating system (choice of Windows, MacOS or Linux) on a single device,
Services associated with this entitlement such as installation, image creation, provision to Client's preferred or own cloud, training, updating, database manipulation or data extraction are not included, and are covered separately under a linked G Cloud support service offering.
Using the service
|Web browser interface||Yes|
|Using the web interface||Users can use the web interface to access their Droplet Computing entitlement and executable (and subsequent updates), and to download generated images.|
|Web interface accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web interface accessibility testing||The interface relies on technology already in common usage.|
|Command line interface||No|
|Independence of resources||
The service operates primarily on the customer's own local device, with minimal impact. Typically, only the initial image file is sizeable and downloading this is a one-time operation.
The number of deployable instances can be increased to any required number by purchase of additional user licences, subject to the Client's limitations on licencing of the legacy software by the original vendor.
|Infrastructure or application metrics||Yes|
|Metrics types||Number of active instances|
|Reporting types||Regular reports|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Droplet Computing|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||Data throughout resides on the customer's local devices. In addition, our service provides additional protection to data at rest through addressing vulnerabilities in obsolete, out-of-support or unpatched operating systems and old or bespoke applications. The container renders applications invisibly to the OS, and is itself 'invisible' to penetration.|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Image files can be ported to other devices or platforms whenever clients wish.
If the hosting is the client's own, or they have commissioned a third party's, then backup control and responsibility passes to those entities.
|Datacentre setup||Single datacentre|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Other protection between networks||Client may use a VPN or other highly-secure method to access the cloud-deployed images, according to their prevailing policy, but this is not mandatory. The connection to the Cloud portal hosting the Container images is secured using https:// as standard.|
|Data protection within supplier network||
|Other protection within supplier network||
Protection of connection to the Private Cloud hosting the Containerised portability platform (Droplet Computing) container images is subject to the Client's own policies and procedures.
Access control to the hosting Data Centre is via Fortinet HA Firewalls.
Availability and resilience
The uptime/availability of the service is determined by the third-party hosting provider (which we currently understand to be 100% for Network, Hardware and Host Operating systems) or by the client's own preferred or private cloud in the event that the client opts to use those.
We would expect to cascade down any downtime reparations to the end customer.
|Approach to resilience||
This service will only use datacentres and hosting providers that are approved by the UK Public Sector (e.g. on relevant G Cloud or other Goverment frameworks), or nominated by the client themselves.
Alternative delivery methods of Container images can be employed in the event of web service unavailability.
|Outage reporting||Email alerts.|
Identity and authentication
|Other user authentication||The method of authentication may be subject to the capability of the client's preferred cloud or environment. 2FA is also possible in environments which support it.|
|Access restrictions in management interfaces and support channels||This will use the same methods as User Authentication: username/password or 2FA plus user privilege restrictions as appropriate.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Description of management access authentication||This would use the same methods as User Authentication: username/password or 2FA plus user privilege restrictions as appropriate.|
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Solutions and services aim to minimise security issues, and therefore the need for governance. In this instance, the data never leaves the client's local device.
Our own systems use 2FA and our emails are encrypted whilst in transit. Remote devices are also capable of shut down, should they get lost or stolen.
The management regularly discuss security, privacy and data protection issues and their governance.
|Information security policies and processes||
We are not ISO2700 compliant but we do follow its principles.
We have the following policies: Modern anti-Slavery policy; Data Privacy and Protection (formerly DPA, now GPDR and e-Privacy) policies; Change controls; Access controls; Information Protection and Security controls; Equal Opportunities policy; Incident Management and Escalation policy; Supplier security procedures; Data Control and Destruction policy; and associated policy and procedure auditing.
All polices are audited at least once annually and discussed regularly by Directors.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||TBA|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||TBA|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||TBA|
|Incident management type||Supplier-defined controls|
|Incident management approach||Users may discuss issues (phone, email, chat) or report incidents (via a ticketing system) as detailed previously. Escalation processes depend on the urgency of the issue or incident, and again, are detailed previously. Incident reports based on ticketing logs can be provided by negotiation.|
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Hyper-V|
|How shared infrastructure is kept separate||
This would depend on customer requirements as customers have the option to select their own preferred cloud.
Otherwise, we segregate customers using virtualisation but we do not provide a virtual machine. A virtual machine could be negotiated by request in which case segregation would be via use of cloud nodes comprising large numbers of Xeon dedicated servers with Hyper-V as the hypervisor.
|Description of energy efficient datacentres||
This service does not include datacentre provisioning, however it will use cloud infrastructure that is either the client's own, or will comply with this Code of Conduct.
The use of this service itself is energy efficient as it enables legacy infrastructure estate to be decommissioned or reduced.
|Price||£6.02 to £11.03 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
A free trial is available upon request.
A demonstration facility will be available.