Incorvus Ltd

Containerised Portability Platform (Droplet Computing)

The Containerised Portability Platform (Droplet Computing) transforms application delivery: removing the dependency between the application, the platform and the device. Application containers can be deployed via Cloud or installed locally. Legacy applications can run securely on legacy or modern multiplatform devices, regardless of native OS, without a constant internet connection.

Features

  • Deliver applications across multi-platform devices, online and offline;
  • Port legacy or bespoke applications away from obsolete, out-of-support OS;
  • Port applications independently of native OS and OS vendor timetables;
  • Run applications in native format, consistently across device platforms;
  • Run and access applications without needing constant internet connection;
  • Move containerised applications seamlessly between device platforms;
  • Containers render applications invisible to the underlying OS;
  • Containers ‘invisible’ to penetration;
  • Container runs 'image' (including legacy application) securely, on current OS;
  • Containerised applications granted secured access to local or networked resources.

Benefits

  • Manage and control legacy estate decommissioning and content migration;
  • Reduce disruption and effort of maintaining and supporting legacy estate;
  • Containerised applications are controlled, secured, portable and governable;
  • Applications released from underlying hardware, OS and connectivity constraints;
  • Protect, control and safeguard legacy applications, desktops and platforms;
  • Only run approved applications within containers on local device;
  • Container ‘invisibility’ secures against OS vulnerabilities, improves compliance;
  • Containers run locally, minimising infrastructure requirement and cost;
  • Volume savings from decommissioning large legacy infrastructure estates;
  • No user learning curve, application unchanged whatever the device.

Pricing

£6.02 to £11.03 per licence per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

443375140000151

Incorvus Ltd

Suzanne Jozefowicz

020 8538 9898

gcloud@incorvus.com

Service scope

Service scope
Service constraints Device Platform OS currently supported are Windows XP, MacOS, and Linux. (Windows 7 is expected shortly, with IoS and Android subsequently). If your platform is not listed here, please ask (as other older platforms such as OS2, have been supported, by negotiation). If the device in scope does not have a browser then a local install can be done it may be possible to use WEBDAV or a client app depending upon the hosting to be used.
System requirements
  • Applications in scope should have relevant software licences;
  • Target device has capacity to run applications in scope;
  • Devices in scope must have a browser;
  • Clients may opt to use their own/preferred private cloud.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is available Monday to Friday, 9am-5pm (normal working hours), with 24/7 availability to log incidents. During normal working hours, responses will be within 1 hour.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via the browser.
Web chat accessibility testing We use standard technologies in common usage.
Onsite support Yes, at extra cost
Support levels Support levels during normal working hours are:
Level 1 (Critical Service Incident), response typically within 1 hour;
Level 2 (Non-Critical Service Incident) - response typically within 4 hours;
Level 3 (Minor Support Request) - response typically within 8 hours.
Basic service support includes access to an account manager and access to technical support.
Support requests and escalation (if required) will be managed by the Incorvus Account Manager, acting as a single point of contact.
Individually-customised Support Contracts to meet the specific requirements and policies of the customer are available by negotiation.
Support fees are per project, and the standard fees are 17.5% of the total licensing value and period (i.e. 'n' seats over 'n' years). Every license must be supported by a standard support contract for the life of the licence.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For end users, there is little, if ANY learning curve, since applications will run consistently (as they previously did) no matter what the platform or device. Using the local interface, users simply launch and run the Droplet Application locally in order to access their legacy applications in the usual way. Incorvus also offers training for administrators and superusers. Incorvus can provide additional user training, on-site support and site-specific user documentation by separate negotiation.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • DOCX
  • Other formats present locally on the customer's device.
End-of-contract data extraction The data is ALWAYS resident locally on the Client's device - before, during and after contract. Users can therefore extract their own data at any time.
End-of-contract process The contract provides licence entitlement to deploy, manage and run a G-Cloud 11 Containerised Portability Platform (Droplet Computing) Container for a single operating system (choice of Windows, MacOS or Linux) on a single device,
Services associated with this entitlement such as installation, image creation, provision to Client's preferred or own cloud, training, updating, database manipulation or data extraction are not included, and are covered separately under a linked G Cloud support service offering.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can use the web interface to access their Droplet Computing entitlement and executable (and subsequent updates), and to download generated images.
Web interface accessibility standard WCAG 2.1 AA or EN 301 549
Web interface accessibility testing The interface relies on technology already in common usage.
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources The service operates primarily on the customer's own local device, with minimal impact. Typically, only the initial image file is sizeable and downloading this is a one-time operation.
The number of deployable instances can be increased to any required number by purchase of additional user licences, subject to the Client's limitations on licencing of the legacy software by the original vendor.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Number of active instances
Reporting types Regular reports

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Droplet Computing

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Data throughout resides on the customer's local devices. In addition, our service provides additional protection to data at rest through addressing vulnerabilities in obsolete, out-of-support or unpatched operating systems and old or bespoke applications. The container renders applications invisibly to the OS, and is itself 'invisible' to penetration.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Image files created during the process are securely backed up;
  • Generic backups of the hosted environment are run daily.
Backup controls Image files can be ported to other devices or platforms whenever clients wish.
If the hosting is the client's own, or they have commissioned a third party's, then backup control and responsibility passes to those entities.
Datacentre setup Single datacentre
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Client may use a VPN or other highly-secure method to access the cloud-deployed images, according to their prevailing policy, but this is not mandatory. The connection to the Cloud portal hosting the Container images is secured using https:// as standard.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Protection of connection to the Private Cloud hosting the Containerised portability platform (Droplet Computing) container images is subject to the Client's own policies and procedures.
Access control to the hosting Data Centre is via Fortinet HA Firewalls.

Availability and resilience

Availability and resilience
Guaranteed availability The uptime/availability of the service is determined by the third-party hosting provider (which we currently understand to be 100% for Network, Hardware and Host Operating systems) or by the client's own preferred or private cloud in the event that the client opts to use those.
We would expect to cascade down any downtime reparations to the end customer.
Approach to resilience This service will only use datacentres and hosting providers that are approved by the UK Public Sector (e.g. on relevant G Cloud or other Goverment frameworks), or nominated by the client themselves.
Alternative delivery methods of Container images can be employed in the event of web service unavailability.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication The method of authentication may be subject to the capability of the client's preferred cloud or environment. 2FA is also possible in environments which support it.
Access restrictions in management interfaces and support channels This will use the same methods as User Authentication: username/password or 2FA plus user privilege restrictions as appropriate.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication This would use the same methods as User Authentication: username/password or 2FA plus user privilege restrictions as appropriate.
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Solutions and services aim to minimise security issues, and therefore the need for governance. In this instance, the data never leaves the client's local device.
Our own systems use 2FA and our emails are encrypted whilst in transit. Remote devices are also capable of shut down, should they get lost or stolen.
The management regularly discuss security, privacy and data protection issues and their governance.
Information security policies and processes We are not ISO2700 compliant but we do follow its principles.
We have the following policies: Modern anti-Slavery policy; Data Privacy and Protection (formerly DPA, now GPDR and e-Privacy) policies; Change controls; Access controls; Information Protection and Security controls; Equal Opportunities policy; Incident Management and Escalation policy; Supplier security procedures; Data Control and Destruction policy; and associated policy and procedure auditing.

All polices are audited at least once annually and discussed regularly by Directors.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach TBA
Vulnerability management type Supplier-defined controls
Vulnerability management approach TBA
Protective monitoring type Supplier-defined controls
Protective monitoring approach TBA
Incident management type Supplier-defined controls
Incident management approach Users may discuss issues (phone, email, chat) or report incidents (via a ticketing system) as detailed previously. Escalation processes depend on the urgency of the issue or incident, and again, are detailed previously. Incident reports based on ticketing logs can be provided by negotiation.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate This would depend on customer requirements as customers have the option to select their own preferred cloud.
Otherwise, we segregate customers using virtualisation but we do not provide a virtual machine. A virtual machine could be negotiated by request in which case segregation would be via use of cloud nodes comprising large numbers of Xeon dedicated servers with Hyper-V as the hypervisor.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres This service does not include datacentre provisioning, however it will use cloud infrastructure that is either the client's own, or will comply with this Code of Conduct.
The use of this service itself is energy efficient as it enables legacy infrastructure estate to be decommissioned or reduced.

Pricing

Pricing
Price £6.02 to £11.03 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial is available upon request.
A demonstration facility will be available.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑