Incorvus Ltd

Containerised Portability Platform (Droplet Computing)

The Containerised Portability Platform (Droplet Computing) transforms application delivery: removing the dependency between the application, the platform and the device. Application containers can be deployed via Cloud or installed locally. Legacy applications can run securely on legacy or modern multiplatform devices, regardless of native OS, without a constant internet connection.

Features

  • Deliver applications across multi-platform devices, online and offline;
  • Port legacy or bespoke applications away from obsolete, out-of-support OS;
  • Port applications independently of native OS and OS vendor timetables;
  • Run applications in native format, consistently across device platforms;
  • Run and access applications without needing constant internet connection;
  • Move containerised applications seamlessly between device platforms;
  • Containers render applications invisible to the underlying OS;
  • Containers ‘invisible’ to penetration;
  • Container runs 'image' (including legacy application) securely, on current OS;
  • Containerised applications granted secured access to local or networked resources.

Benefits

  • Manage and control legacy estate decommissioning and content migration;
  • Reduce disruption and effort of maintaining and supporting legacy estate;
  • Containerised applications are controlled, secured, portable and governable;
  • Applications released from underlying hardware, OS and connectivity constraints;
  • Protect, control and safeguard legacy applications, desktops and platforms;
  • Only run approved applications within containers on local device;
  • Container ‘invisibility’ secures against OS vulnerabilities, improves compliance;
  • Containers run locally, minimising infrastructure requirement and cost;
  • Volume savings from decommissioning large legacy infrastructure estates;
  • No user learning curve, application unchanged whatever the device.

Pricing

£6.02 to £11.03 per licence per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

4 4 3 3 7 5 1 4 0 0 0 0 1 5 1

Contact

Incorvus Ltd

Suzanne Jozefowicz

020 8538 9898

gcloud@incorvus.com

Service scope

Service constraints
Device Platform OS currently supported are Windows XP, MacOS, and Linux. (Windows 7 is expected shortly, with IoS and Android subsequently). If your platform is not listed here, please ask (as other older platforms such as OS2, have been supported, by negotiation). If the device in scope does not have a browser then a local install can be done it may be possible to use WEBDAV or a client app depending upon the hosting to be used.
System requirements
  • Applications in scope should have relevant software licences;
  • Target device has capacity to run applications in scope;
  • Devices in scope must have a browser;
  • Clients may opt to use their own/preferred private cloud.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is available Monday to Friday, 9am-5pm (normal working hours), with 24/7 availability to log incidents. During normal working hours, responses will be within 1 hour.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via the browser.
Web chat accessibility testing
We use standard technologies in common usage.
Onsite support
Yes, at extra cost
Support levels
Support levels during normal working hours are:
Level 1 (Critical Service Incident), response typically within 1 hour;
Level 2 (Non-Critical Service Incident) - response typically within 4 hours;
Level 3 (Minor Support Request) - response typically within 8 hours.
Basic service support includes access to an account manager and access to technical support.
Support requests and escalation (if required) will be managed by the Incorvus Account Manager, acting as a single point of contact.
Individually-customised Support Contracts to meet the specific requirements and policies of the customer are available by negotiation.
Support fees are per project, and the standard fees are 17.5% of the total licensing value and period (i.e. 'n' seats over 'n' years). Every license must be supported by a standard support contract for the life of the licence.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
For end users, there is little, if ANY learning curve, since applications will run consistently (as they previously did) no matter what the platform or device. Using the local interface, users simply launch and run the Droplet Application locally in order to access their legacy applications in the usual way. Incorvus also offers training for administrators and superusers. Incorvus can provide additional user training, on-site support and site-specific user documentation by separate negotiation.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • DOCX
  • Other formats present locally on the customer's device.
End-of-contract data extraction
The data is ALWAYS resident locally on the Client's device - before, during and after contract. Users can therefore extract their own data at any time.
End-of-contract process
The contract provides licence entitlement to deploy, manage and run a G-Cloud 11 Containerised Portability Platform (Droplet Computing) Container for a single operating system (choice of Windows, MacOS or Linux) on a single device,
Services associated with this entitlement such as installation, image creation, provision to Client's preferred or own cloud, training, updating, database manipulation or data extraction are not included, and are covered separately under a linked G Cloud support service offering.

Using the service

Web browser interface
Yes
Using the web interface
Users can use the web interface to access their Droplet Computing entitlement and executable (and subsequent updates), and to download generated images.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
The interface relies on technology already in common usage.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The service operates primarily on the customer's own local device, with minimal impact. Typically, only the initial image file is sizeable and downloading this is a one-time operation.
The number of deployable instances can be increased to any required number by purchase of additional user licences, subject to the Client's limitations on licencing of the legacy software by the original vendor.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
Number of active instances
Reporting types
Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Droplet Computing

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Data throughout resides on the customer's local devices. In addition, our service provides additional protection to data at rest through addressing vulnerabilities in obsolete, out-of-support or unpatched operating systems and old or bespoke applications. The container renders applications invisibly to the OS, and is itself 'invisible' to penetration.
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Image files created during the process are securely backed up;
  • Generic backups of the hosted environment are run daily.
Backup controls
Image files can be ported to other devices or platforms whenever clients wish.
If the hosting is the client's own, or they have commissioned a third party's, then backup control and responsibility passes to those entities.
Datacentre setup
Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Client may use a VPN or other highly-secure method to access the cloud-deployed images, according to their prevailing policy, but this is not mandatory. The connection to the Cloud portal hosting the Container images is secured using https:// as standard.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Protection of connection to the Private Cloud hosting the Containerised portability platform (Droplet Computing) container images is subject to the Client's own policies and procedures.
Access control to the hosting Data Centre is via Fortinet HA Firewalls.

Availability and resilience

Guaranteed availability
The uptime/availability of the service is determined by the third-party hosting provider (which we currently understand to be 100% for Network, Hardware and Host Operating systems) or by the client's own preferred or private cloud in the event that the client opts to use those.
We would expect to cascade down any downtime reparations to the end customer.
Approach to resilience
This service will only use datacentres and hosting providers that are approved by the UK Public Sector (e.g. on relevant G Cloud or other Goverment frameworks), or nominated by the client themselves.
Alternative delivery methods of Container images can be employed in the event of web service unavailability.
Outage reporting
Email alerts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
The method of authentication may be subject to the capability of the client's preferred cloud or environment. 2FA is also possible in environments which support it.
Access restrictions in management interfaces and support channels
This will use the same methods as User Authentication: username/password or 2FA plus user privilege restrictions as appropriate.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
This would use the same methods as User Authentication: username/password or 2FA plus user privilege restrictions as appropriate.
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Solutions and services aim to minimise security issues, and therefore the need for governance. In this instance, the data never leaves the client's local device.
Our own systems use 2FA and our emails are encrypted whilst in transit. Remote devices are also capable of shut down, should they get lost or stolen.
The management regularly discuss security, privacy and data protection issues and their governance.
Information security policies and processes
We are not ISO2700 compliant but we do follow its principles.
We have the following policies: Modern anti-Slavery policy; Data Privacy and Protection (formerly DPA, now GPDR and e-Privacy) policies; Change controls; Access controls; Information Protection and Security controls; Equal Opportunities policy; Incident Management and Escalation policy; Supplier security procedures; Data Control and Destruction policy; and associated policy and procedure auditing.

All polices are audited at least once annually and discussed regularly by Directors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
TBA
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
TBA
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
TBA
Incident management type
Supplier-defined controls
Incident management approach
Users may discuss issues (phone, email, chat) or report incidents (via a ticketing system) as detailed previously. Escalation processes depend on the urgency of the issue or incident, and again, are detailed previously. Incident reports based on ticketing logs can be provided by negotiation.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
This would depend on customer requirements as customers have the option to select their own preferred cloud.
Otherwise, we segregate customers using virtualisation but we do not provide a virtual machine. A virtual machine could be negotiated by request in which case segregation would be via use of cloud nodes comprising large numbers of Xeon dedicated servers with Hyper-V as the hypervisor.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
This service does not include datacentre provisioning, however it will use cloud infrastructure that is either the client's own, or will comply with this Code of Conduct.
The use of this service itself is energy efficient as it enables legacy infrastructure estate to be decommissioned or reduced.

Pricing

Price
£6.02 to £11.03 per licence per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free trial is available upon request.
A demonstration facility will be available.

Service documents

Return to top ↑