Bramble Hub Limited

Bramble Hub zsah - Hosted Cloud Services

Cloud services providing Infrastructure, IT platforms, applications and software services - with full UK 24/7 support. Can work in partnership with your own IT systems and teams and / or with third party Cloud service providers.

Features

• Managed public, private and hybrid PAAS and IAAS cloud solutions
• World class UK data centres (tier 3/4), 99.99% availability
• 24/7 managed service from UK based support team
• Fully scalable server and networking solutions covering all technologies
• Full connectivity solutions including leased and dedicated lines, LAN/WAN extensions
• ISO9001 / ISO 27001 / Cyber Essentials accredited services
• Technology accredited team including VM Ware, Microsoft, Cisco, CCNA, HP
• Full range of customised SLAs and response times
• Remote access: mobile solutions; Genesys, Avaya; SkypeforBusiness (Lync), etc
• Technologies provided include Windows, Linux, SQL, Intel, AMD etc

Benefits

• UK based 24/7 support provides availability and incident management
• Reliable, easy to reach, rapid incident response and support
• Rapid resolution of issues and technical support
• Scalable solutions tailored to your requirements; optimised cost
• Maximise efficient use of computer resources; low carbon footprint
• Database services and support to maximise efficiency and resilience
• Disaster recovery options to reduce risks to your operations
• Legacy technologies support and migration – mitigate risks and costs
• Technology refresh / asset management – reduced costs / OPEX
• All industry technologies supported to reduce need for migrations

£55.00 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@bramblehub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

461453219113207

Contact

Neil Simpson
+44 (0) 2077350030
contact@bramblehub.co.uk

Service scope

• Service constraints: Services have no constraints - zsah can tailor all services to specific requirements, including working alongside other IT systems and infrastructure, including AWS, Azure and others. Services are fully scalable and are supported 24/7. We can work with AWS, Azure and also we can manage the AWS and Azure platforms.
• System requirements:
  • No specific system requirements; can be tailored to any need
  • No minimum requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24/7 support is available. Standard response time is within an hour, and all contracts have agreed SLAs for response times tiered by severity levels.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None to date - planned for 2019
• Onsite support: Yes, at extra cost
• Support levels: Support is based on customer requirements and can be tailored.; Zsah IT engineers provide Level 1, 2, and 3 IT support. ; We provide IT support, hosting queries and service management handling, data backup plans.; Tiered support comes as part of the package. Inclusive on-site support is negotiable depending on frequency. ; We have a team of highly skilled cloud support engineers that hold various vendor certifications including Microsoft, Cisco, VMware, Oracle, Sybase, Prince 2, Scrum.; We provide a dedicated technical account manager along with cloud support engineers, and a support ticket system.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full range of support options available from zsah’s UK support team, from ad-hoc support, technical questions to full implementation and live support (under G Cloud Lot 2). Based on client requirements, they will all have documentation on how to access services such as how to use online ticket support system, others may require onsite or online training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word
  • Microsoft Vision
  • Microsoft Excel
• End-of-contract data extraction: Process agreed as per contract. The client can either extract data themselves or we provide secure transfer of their data.
• End-of-contract process: If a customer decides not to renew the their contract, they send us confirmation in writing. Once we receive notice from the customer and they confirm they have all the data they require. services are switched off such as VM's and storage space.

Using the service

• Web browser interface: Yes
• Using the web interface: Via vRealize automation:; ; VM Deployment - ; Client virtual switch creation - ; Client firewall creation - ; Client storage creation - ; VM XVLAN assignment - ; VM IP address pool
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Internal testing 2018
• API: Yes
• What users can and can't do using the API: Via vR automation:; ; VM Deployment - ; Client virtual switch creation - ; Client firewall creation - ; Client storage creation - ; VM XVLAN assignment - ; VM IP address pool
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: Other
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Clients specifications are allocated according to their requirements. Limits can be placed on resources. If they require any changes, they have to request this via the service desk. Some clients have their own dedicated infrastructure.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Provided depending on the clients' requirements.
  • Metrics cover all aspects of the service
  • Service usage; capacity, etc.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • VM's
  • Databases
  • Configurations
• Backup controls: This is done through managed services. Users can contact the help desk support team and send a request depending on their requirements. Backup schedules agreed as per contract.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: VLAN's, VXLAN's and correctly secured and configured switching/routing devices ensure data privacy. Data encryption is generally not used within the main platform, unless for inter-VLAN communications such as SNMP-to-monitoring devices which would be encrypted. IPSec is also used.

Availability and resilience

• Guaranteed availability: Zsah guarantees 99.99% uptime and availability, 24 hours a day, 365 days per year. Service credits are for Priority 1 and 2 if the SLA is missed as per agreed contract.
• Approach to resilience: Our hosting services are delivered from highly resilient and secure Data Centre facilities located in London, Manchester and Singapore. We own everything else outright from the racks to switches, servers and storage. Out gridz platform is an enterprise cloud platform that we can lift and put anywhere in the world. ; ; Resilience all depends on the clients requirements. Generally, there is redundant hardware such as servers, switches, clustering for hardware servers, automatic failover for VM's, High Availability, vMotion. Further details available on request.
• Outage reporting: Outages are reported to customers via dashboard, email, phone and twitter.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised users can access management interfaces and support channels using strong passwords via SSL. Access details restricted and stored in an encrypted password application. Only authorised users have access to that application.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Exova BM Trada
• ISO/IEC 27001 accreditation date: 20/07/2016
• What the ISO/IEC 27001 doesn’t cover: Everything is covered in the ISO/IEC 27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Zsah's information security policy and process is aligned with ISO/IEC 27001:2013.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components are configured as per clients requirements and are monitored regularly. If changes are required, the client requests a change via a Change Request. Once reviewed and approved by Zsah change management, the changes are then implemented.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability and Penetration testing. Patches can be deployed as soon as a threat is identified. We have signed up to various vendors and third party organisations who send out regular alerts. We also have a regular patching schedule every 2 months.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We ensure that your business and daily operations run smoothly via our support team. This means that we consistently monitor the network to ensure everything is running without any problems and should a problem arise then we can address it before users are affected.; ; Our monitoring is constant over 24 hours throughout the year. If issues arise the zsah support team are contactable at any time to resolve problems on the system.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an incident management procedure which is aligned to ISO/IEC 27001: 2013. ; ; Pre-defined processes for common events depend on the type of incident, whether it is an incident or not. Events that are classified as incidents include malware infections, excessive spam, information system failures, Denial of loss of service. ; ; Users report to the Information Security Management representative and then an appropriate action is taken quickly after discussed with management.; ; A thorough review is carried out and all findings are detailed in a report.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: This is via VLAN's, VXLAN's. Firewalls are availble as shared or dedicated, physical or virtual.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The primary data centre from which zsah hosts its Cloud Services is Telehouse North2, which has won awards for its energy efficiency, achieved through a number of methods, including an innovative cooling system delivering market leading power usage efficiency figures. In 2017, the Data Centre was awarded Data Centre Energy Efficiency Project of the Year.

Pricing

• Price: £55.00 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@bramblehub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.