SotaCLOUD - Infrastructure as a Service (IaaS)
SotaCLOUD – Infrastructure as a Service (Iaas) provides all the technical and cost benefits of a cloud infrastructure that is secure, resilient and professionally managed. The compute and storage platform, data centre environment and core network, are all owned, managed and supported by Sota and are located in the UK.
Features
- Virtual servers and physical servers
- ISO27001 certified
- Highly flexible servers tailored to you
- 24x7x365 server support available
- 99.95% available SLA backed hardware and network
- Private cloud, Public cloud and Hybrid cloud
- Firewall management
- Disater Recovery -On premise or cloud to cloud
- Backup Service -On premise or cloud to cloud
Benefits
- Reduce costs
- Fully supported platform
- UK based service and support
- Eliminate capital and operating expenses related to data centre operations
- Flexible configurations of cpu, memory and storage
Pricing
£37.50 a virtual machine a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
4 6 0 9 1 6 9 5 0 1 8 9 0 5 7
Contact
Sota Solutions Ltd
Sales Enquiries
Telephone: 01795 413500
Email: tenders@sota.co.uk
Service scope
- Service constraints
- The service is limited to hardware and Windows management only, and does not include customer application support. This can be provided through our other serivces.
- System requirements
- Software must run on Windows
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response varies according to SLA. There is additional cost associated with weekend response.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Standard support includes a 99.9% service uptime promise and ticketing responses 08:00 - 18:00 Monday and Friday (not weekends). We provide an additional tier of support, allowing customers to specify SLA requirements and ensuring 24/7/365 monitoring and response. This service costs an additional £250 + VAT per month, per server procured. You will have a dedicated support team, including an account manager, as standard.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Our Account Management team will work with the customer to ensure the right service is procured and implemented.
Our ticketing system can also be used to assist people with our service. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- This entirely depends on the application, and could be anything from an entire VM snapshot exported and delivered to the customer, to database and code dumps provided in an archive format. We would work with the customer to ensure they get the data they need, in the format they need it, within reason.
- End-of-contract process
- At the end of the contract any data the customer requires exporting is exported and delivered, then the server(s) are shut down.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Manual
- Independence of resources
- As part of our ISO 27001 certified service management system, we regularly carry out usage and resource checks. We ensure the system is always working within generous limits, so even a significant customer spike in usage would not affect other customers. We also use a system to automatically smooth out resource usage by seamlessly migrating guest servers between hypervisors as load requires.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Memory
- Network
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Virtual Machines
- Databases
- Backup controls
- Backups are managed by Sota following instruction from the customer
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- Contact Sota for details.
- Data protection within supplier network
- Other
- Other protection within supplier network
- Contact Sota for details.
Availability and resilience
- Guaranteed availability
- We provide 99.95% uptime on our private cloud for virtual hardware and network connectivity. Should we fail to deliver, customers may request a service credit from their account manager.
- Approach to resilience
- We have no single point of failure anywhere in our systems, from datacentre fibre connections through to firewalls, cabling and switching. Everything is at least doubled. We use resilient Dell SANs to provide the disks for our virtual servers, which is highly available and connected over a resilient fibre-optic network to our hypervisors. Our virtualisation technology automatically moves guests to a new hypervisor seamlessly and without a break in service, should a host machine fail. We also have datacentre level DoS protection running to mitigate DoS attempts in real time.
- Outage reporting
- We will correspond by email with customers in the event of a serious incident.
Identity and authentication
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- All accounts are dedicated to individual users, and username and password is a minimum requirement.
- Access restriction testing frequency
- Never
- Management access authentication
- Username or password
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 12/10/2016
- What the ISO/IEC 27001 doesn’t cover
- All aspects of the business are in scope.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We are ISO 27001 certified by the British Standards Institute. We have many checks and balances in place within our normal working processes in order to ensure policies are adhered to. Reporting to management occurs through monthly committee meetings, which are attended by the board of directors.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Every change goes through peer review, is requested in a ticket, checked for error and impact, as well as implications to wider security, before being accepted. Only senior staff may accept changes on a day to day basis.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We subscribe to all available security mailing lists for the software we use. We maintain a patching schedule which ensures every server is patched not less than every 3 weeks. In the event of a serious security flaw a security incident is raised, inline with our ISO 27001 policy, and is then used to track the mitigating steps. This is done as quickly as possible, outside of the standard 3 week patching cycle, and customer security contacts are kept informed of progress by their account manager via email.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our monitoring and management processes are closely aligned to our ISO27001 accredited Information Security Management System (ISMS). Incidents are responded to based on their priority rating following ITIL defined classification.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have an ISO 27001 certified incident management process which we follow in the event of an actual or possible threat to our service. Customers may report incidents to us either via their ticketing system, by email to their account manager or, if anonymity is required, via our website contact form. Reports can be provided on request in PDF form by email.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Hyper-V
- How shared infrastructure is kept separate
- If required, we can provide different subnets and even different hypervisor clusters for different customers. Total separation is possible if necessary.
Energy efficiency
- Energy-efficient datacentres
- No
Pricing
- Price
- £37.50 a virtual machine a month
- Discount for educational organisations
- Yes
- Free trial available
- No