Bramble Hub Limited

Bramble Hub zsah - Hosted Cloud Services

Cloud services providing Infrastructure, IT platforms, applications and software services - with full UK 24/7 support. Can work in partnership with your own IT systems and teams and / or with third party Cloud service providers.

Features

  • Managed public, private and hybrid PAAS and IAAS cloud solutions
  • World class UK data centres (tier 3/4), 99.99% availability
  • 24/7 managed service from UK based support team
  • Fully scalable server and networking solutions covering all technologies
  • Full connectivity solutions including leased and dedicated lines, LAN/WAN extensions
  • ISO9001 / ISO 27001 / Cyber Essentials accredited services
  • Technology accredited team including VM Ware, Microsoft, Cisco, CCNA, HP
  • Full range of customised SLAs and response times
  • Remote access: mobile solutions; Genesys, Avaya; SkypeforBusiness (Lync), etc
  • Technologies provided include Windows, Linux, SQL, Intel, AMD etc

Benefits

  • UK based 24/7 support provides availability and incident management
  • Reliable, easy to reach, rapid incident response and support
  • Rapid resolution of issues and technical support
  • Scalable solutions tailored to your requirements; optimised cost
  • Maximise efficient use of computer resources; low carbon footprint
  • Database services and support to maximise efficiency and resilience
  • Disaster recovery options to reduce risks to your operations
  • Legacy technologies support and migration – mitigate risks and costs
  • Technology refresh / asset management – reduced costs / OPEX
  • All industry technologies supported to reduce need for migrations

Pricing

£55.00 a virtual machine a month

Service documents

Framework

G-Cloud 12

Service ID

4 6 1 4 5 3 2 1 9 1 1 3 2 0 7

Contact

Bramble Hub Limited Neil Simpson
Telephone: +44 (0) 2077350030
Email: contact@bramblehub.co.uk

Service scope

Service constraints
Services have no constraints - zsah can tailor all services to specific requirements, including working alongside other IT systems and infrastructure, including AWS, Azure and others. Services are fully scalable and are supported 24/7. We can work with AWS, Azure and also we can manage the AWS and Azure platforms.
System requirements
  • No specific system requirements; can be tailored to any need
  • No minimum requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
24/7 support is available. Standard response time is within an hour, and all contracts have agreed SLAs for response times tiered by severity levels.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
None to date - planned for 2019
Onsite support
Yes, at extra cost
Support levels
Support is based on customer requirements and can be tailored.
Zsah IT engineers provide Level 1, 2, and 3 IT support.
We provide IT support, hosting queries and service management handling, data backup plans.
Tiered support comes as part of the package. Inclusive on-site support is negotiable depending on frequency.
We have a team of highly skilled cloud support engineers that hold various vendor certifications including Microsoft, Cisco, VMware, Oracle, Sybase, Prince 2, Scrum.
We provide a dedicated technical account manager along with cloud support engineers, and a support ticket system.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full range of support options available from zsah’s UK support team, from ad-hoc support, technical questions to full implementation and live support (under G Cloud Lot 2). Based on client requirements, they will all have documentation on how to access services such as how to use online ticket support system, others may require onsite or online training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Vision
  • Microsoft Excel
End-of-contract data extraction
Process agreed as per contract. The client can either extract data themselves or we provide secure transfer of their data.
End-of-contract process
If a customer decides not to renew the their contract, they send us confirmation in writing. Once we receive notice from the customer and they confirm they have all the data they require. services are switched off such as VM's and storage space.

Using the service

Web browser interface
Yes
Using the web interface
Via vRealize automation:

VM Deployment -
Client virtual switch creation -
Client firewall creation -
Client storage creation -
VM XVLAN assignment -
VM IP address pool
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Internal testing 2018
API
Yes
What users can and can't do using the API
Via vR automation:

VM Deployment -
Client virtual switch creation -
Client firewall creation -
Client storage creation -
VM XVLAN assignment -
VM IP address pool
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
Other
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Clients specifications are allocated according to their requirements. Limits can be placed on resources. If they require any changes, they have to request this via the service desk. Some clients have their own dedicated infrastructure.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Provided depending on the clients' requirements.
  • Metrics cover all aspects of the service
  • Service usage; capacity, etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • VM's
  • Databases
  • Configurations
Backup controls
This is done through managed services. Users can contact the help desk support team and send a request depending on their requirements. Backup schedules agreed as per contract.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
VLAN's, VXLAN's and correctly secured and configured switching/routing devices ensure data privacy. Data encryption is generally not used within the main platform, unless for inter-VLAN communications such as SNMP-to-monitoring devices which would be encrypted. IPSec is also used.

Availability and resilience

Guaranteed availability
Zsah guarantees 99.99% uptime and availability, 24 hours a day, 365 days per year. Service credits are for Priority 1 and 2 if the SLA is missed as per agreed contract.
Approach to resilience
Our hosting services are delivered from highly resilient and secure Data Centre facilities located in London, Manchester and Singapore. We own everything else outright from the racks to switches, servers and storage. Out gridz platform is an enterprise cloud platform that we can lift and put anywhere in the world.

Resilience all depends on the clients requirements. Generally, there is redundant hardware such as servers, switches, clustering for hardware servers, automatic failover for VM's, High Availability, vMotion. Further details available on request.
Outage reporting
Outages are reported to customers via dashboard, email, phone and twitter.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised users can access management interfaces and support channels using strong passwords via SSL. Access details restricted and stored in an encrypted password application. Only authorised users have access to that application.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Exova BM Trada
ISO/IEC 27001 accreditation date
20/07/2016
What the ISO/IEC 27001 doesn’t cover
Everything is covered in the ISO/IEC 27001 certification
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Zsah's information security policy and process is aligned with ISO/IEC 27001:2013.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components are configured as per clients requirements and are monitored regularly. If changes are required, the client requests a change via a Change Request. Once reviewed and approved by Zsah change management, the changes are then implemented.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability and Penetration testing. Patches can be deployed as soon as a threat is identified. We have signed up to various vendors and third party organisations who send out regular alerts. We also have a regular patching schedule every 2 months.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We ensure that your business and daily operations run smoothly via our support team. This means that we consistently monitor the network to ensure everything is running without any problems and should a problem arise then we can address it before users are affected.

Our monitoring is constant over 24 hours throughout the year. If issues arise the zsah support team are contactable at any time to resolve problems on the system.
Incident management type
Supplier-defined controls
Incident management approach
We have an incident management procedure which is aligned to ISO/IEC 27001: 2013.

Pre-defined processes for common events depend on the type of incident, whether it is an incident or not. Events that are classified as incidents include malware infections, excessive spam, information system failures, Denial of loss of service.

Users report to the Information Security Management representative and then an appropriate action is taken quickly after discussed with management.

A thorough review is carried out and all findings are detailed in a report.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
This is via VLAN's, VXLAN's. Firewalls are availble as shared or dedicated, physical or virtual.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
The primary data centre from which zsah hosts its Cloud Services is Telehouse North2, which has won awards for its energy efficiency, achieved through a number of methods, including an innovative cooling system delivering market leading power usage efficiency figures. In 2017, the Data Centre was awarded Data Centre Energy Efficiency Project of the Year.

Pricing

Price
£55.00 a virtual machine a month
Discount for educational organisations
No
Free trial available
No

Service documents