Bechtle direct Ltd.

Arcserve Business Continuity Cloud (BaaS & DRaaS)

The only sovereign direct-to-cloud backup and disaster recovery as a service (BaaS & DRaaS) offering comprehensive data protection with consumer-grade usability – we support environments with laptops, desktop and appliances or ones without any hardware on-premises. Scalable and flexible BaaS and DRaaS for always-on continuity with industry-best RTOs and RPOs

Features

  • No Hardware
  • Direct-to-Cloud
  • Near-Zero Data Loss
  • Secure Cloud Connectivity
  • Supports Physical & Virtual Servers
  • Windows & Linux
  • Centralised Management
  • Multiple Recovery Options
  • Complete Failback Options
  • 24/7 Expert Support

Benefits

  • Reliable high performance technology with positive ROI
  • Risk mitigation for business critical applications
  • Hassle-free management
  • Anywhere, anytime recovery with sub 15 minute RPO
  • Local install agent replicates data in its native file format
  • Agent creates complete server image, including OS, files, directories, applications
  • After an initial backup, only changed data will be sent
  • Failback from the Arcserve Cloud to the onpremise environment.
  • Leverage different VPN options to connect to the recovered environment
  • View backup/recovery activity reports - Your account and multiple tenants

Pricing

£1 to £26,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ajay.arithoppah@bechtle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 2 6 5 3 6 3 7 6 3 9 8 5 5 0

Contact

Bechtle direct Ltd. Ajay Arithoppah
Telephone: 01249 467944
Email: ajay.arithoppah@bechtle.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Bare Metal Recovery is not supported
System requirements
  • Recommended bandwidth, 1Mbs upload
  • Windows Server 2003 (older agent) to 2019
  • Windows workstation XP (older agent) to 10
  • Web browser
  • Internet connection using SSL (port 443)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Sending an email to cloudsupport@arcserve.com is automatically setting the severity to 2 (2hours response)
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Web chat accessibility testing
None
Onsite support
No
Support levels
Cloud Direct support team provides L1 and L2, additionally engineering if often involved. L1 Engineer makes the first contact with the customer. L1 Engineer reviews the customer environment, understand the problem, defines the scope of the reported issue and starts investigating. L1 Engineer gets necessary logs related to the problem, analyse the logs, narrow down the issue and provides resolution to the customer for most of the cases opened.

L2 Engineer is a product expert who is proficient in real time log analysis and advanced debugging. They apply advanced debugging techniques to narrow down a specific problem. If a problem reported is complex based on analysis done by L1, L2 engineer is involved . If need be, L2 Engineer contacts engineering team to address complex issues. In case, an issue is referred to engineering for further investigation, L2 engineer serves as the face of support, helping engineering with necessary details of the issue, verify if the solution recommended by engineering can resolve the actual issue and collaborate with the customer.
Support available to third parties
No

Onboarding and offboarding

Getting started
Cloud Direct interface is very user friendly, setting up the environment and protect systems is easy and pretty straight forward. Having said that, online there are many KB documents and a full guide to help customers configuring everything. Additionally the 24/7/365 support is always eager to have a remote session for on-boarding.

or

Our platform has been designed to be user friendly, enabling a user to easily provision a back up policy and recover it. However, we can provide full training on how to use the platform effectively along with an online knowledge base with manuals, how to go guides and frequently answered questions.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have up to 30 extra day to download their data using the Agent, performing a simple "restore". Alternatively we can offer a 'physical' extraction onto approved media which we can send by courier to the customer.
End-of-contract process
In the event of termination of this Agreement for any reason during the Standard Term, Arcserve will: (i) make not less than a commercially reasonable effort to provide Customer access to all Customer Data stored on the Arcserve equipment for up to 30 days (or such longer period as mutually agreed to by the parties, and unless specifically requested to delete Customer Data sooner); and (ii) use commercially reasonable efforts to transfer, at Customer’s sole expense, such Customer Data to Customer or Customer’s designated service provider. Notwithstanding any terms to the contrary in this Agreement, after such period, Arcserve will have the right (but not the obligation) to destroy all such Customer Data. Notwithstanding any terms to the contrary in this Agreement, if Arcserve receives a notice from Customer requesting the deletion of Customer Data during the Trial Term or the Standard Term, Arcserve will use commercially reasonable efforts to promptly delete such Customer Data

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
A web portal is accessible from everywhere in the world. It provides access to the customer instance via a web browser.
Accessibility standards
None or don’t know
Description of accessibility
A web portal is accessible from everywhere in the world. It provides access to the customer instance via a web browser.
Accessibility testing
None
API
Yes
What users can and can't do using the API
Users could use our API for integrating PSA (ConnectWise and Autotask), additionally some API could be shared to generate reports.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
MSP could customise the access portal with their logo, they can have customised emails and even branding the Agent using their own colour palette.

Scaling

Independence of resources
Every user has one or more volumes, each of them logically separated and accessible uniquely by that user.

Analytics

Service usage metrics
Yes
Metrics types
Daily digest are sent every day to clearly state on previous day backup status. Additional reports (backup, restore, data transfer, account activity) could be configured. Each report can be customized, selecting all or part of the protected systems, frequency and users who will receive them (even if not registered in the portal account).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Arcserve

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users are able to download data directly from the portal to whatever on premise device (having an Internet connection). Additionally entire restore points or just single files could be easily retrieved using the restore wizard in the portal, so the destination needs to have the Agent installed on it.
Data export formats
Other
Other data export formats
  • Original format of data or in case of windows
  • Image task it is converted into a .vhdx
Data import formats
Other
Other data import formats
Original format

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
At the Highest level we have the "site master key" This key is kept in our secured safe and access to that safe is given to our CTO/CEO.
Next level we have encryption keys for customer volumes. These are kept in an encrypted volume and is unlocked by the site master key and rotated on regular basis.
Arcserve Cloud Direct follows RBAC ( Role Based Access Control ) and is strictly enforced by the Arcserve Security Committee. Any privileged access needs approval of two of the security team members and access logs are reviewed monthly to ensure RBAC is followed.

Availability and resilience

Guaranteed availability
Our cloud colocation offers 99.99999% of availability. If we fail to meet our obligations for service levels, we provide “service credits” which equals the pro-rated amount a monthly payment equivalent to the amount of downtime not achieved within the SLA. This Service Credit may be applied to the next months service invoice. https://s28241.pcdn.co/wp-content/uploads/2018/06/Service-Level-Standards-062618.pdf
Approach to resilience
Information available on request.
Outage reporting
Daily Digest email and reports alerts could easily provide immediate information of the status of backups. Additionally accessing the portal will provide a detailed view on the systems.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Arcserve implement a VPN/Firewall and user authentication to restrict access to cloud instances. Multi-tenancy is included to create multiple sub-archives for separate departments, divisions or countries. Username and password are unique to each user, so their authentication restrict access to portal and actions they can do in the portal (different roles are configurable)
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certifications are managed and provided by the colocation service provider
ISO/IEC 27001 accreditation date
October 2018
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Certifications are managed and provided by the colocation service provider
PCI DSS accreditation date
October 2018
What the PCI DSS doesn’t cover
N/A
Other security certifications
Yes
Any other security certifications
  • FERPA
  • GDPR

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow the policies and processes in-line with ISO27001.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Proactive monitoring - Cloud Direct has daily monitoring of the site from a third party. The third party ranks issues on a scale of 1 – 5. All 4-5 issues are immediately reviewed and escalated should they be deemed harmful to the site.
Any site attack is captured by our monitoring utilities. These issues are brought to the attention of the NOC who will then take action. If warranted, the issues are escalated to the security team for further investigation. In the event the issue is sever, the Cloud users will be notified within 72 hours of verifying the problem.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have an incident management process in place that the internal team use according to ITIL. This contains customer’s contact list by geographic region. The process for incidents is tested. The customer contact list has been used to notify customers for pending change management windows thus far. We are pleased to say incidents have not occurred against the site since the service began.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)

Pricing

Price
£1 to £26,000 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Cloud Direct can be tested for a limited period (15 days extendible) but with unlimited storage usage in the cloud (unlimited systems and/or volumes).
Link to free trial
https://admin.zetta.net/portal/enroll?cloudconsole=0

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ajay.arithoppah@bechtle.com. Tell them what format you need. It will help if you say what assistive technology you use.