This G-Cloud 9 service is no longer available to buy.

The G-Cloud 9 framework expired on Monday 1 October 2018. Any existing contracts with Datapipe are still valid.
Datapipe

Managed Secure Private Cloud (Multi Tenant)

Datapipe’s Managed Multi Tenant Private Cloud gives public sector organisations access to highly secure, scalable and efficient infrastructure at an accessible price point. Datapipe’s Private Cloud services are straightforward and flexible, building on a range of standardised solutions with smart customisation options that deliver customer requirements as cost-effectively as possible.

Features

  • High performance compute infrastructure for line-of-business applications
  • Private cloud infrastructure on a cost-efficient consumption model
  • Smart-aligned to your application and workload profiles
  • Strong support for database environments
  • Custom Proof of Concepts: ‘prove before you move’ to production
  • Workload portability between virtual or cloud environments
  • Secure Disaster Recovery environments to replicate your primary workloads
  • Highly secure private cloud environments customised to your requirements
  • Based on reference architectures from EMC, VMware and Dell

Benefits

  • Quickly on-board and off-board instances as your requirements change
  • Deliver appropriate security levels on a per application/ workload basis
  • Integrate with other cloud & physical environments rapidly & securely
  • Align your organisational requirements with your IT spend
  • Scale private cloud services up and down as requirements change
  • Rapidly provision and deploy for new projects and ventures
  • Integrate with other technology solutions from different providers
  • Migrate away from legacy IT environments for specific applications/ workloads

Pricing

£80 a virtual machine a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@b8f7fe78-89c6-477f-8c3b-ab260b893258.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 9

Service ID

5 5 1 9 1 7 1 5 2 8 0 3 1 0 1

Contact

Datapipe <removed>
Telephone: <removed>
Email: <removed>@b8f7fe78-89c6-477f-8c3b-ab260b893258.com

Service scope

Service constraints
Management up to and including the OS is mandatory. Management up to the hypervisor only is not permitted.
Customers must prove compliance with the access requirements of private networks.
Planned maintenance windows (non service impacting) are defined in the terms and conditions.
Emergency maintenance windows are defined in the terms and conditions
System requirements
  • Typically Windows or Linux (various) virtual machines
  • Physical firewalls required
  • Standard connectivity via site to site IPSec VPN
  • Licensing up to the Operating System included
  • SPLA licensing optional or delivered by the customer

User support

Email or online ticketing support
Email or online ticketing
Support response times
Severity One incidents are responded to within 10minutes of the incident being logged, 24 hours a day, 7 days a week. Incidents are logged either by phone, email or the automated monitoring of infrastructure and applications.

Full details of the service response targets for incidents, changes and requests can be found in the terms and conditions.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Datapipe's support model is all-inclusive and untiered. We offer the same level of service to every Dataipe customer. Our core customer engagement principle is to be ‘Easy to Work With’. This culture is most visible in our Operations Centre, where specialist teams work closely together with a shared understanding of our customer’s drivers and their required outcomes.

This is achieved by the following alignment structure:
> Account Team (Lead): Our Planners and Thinkers
• This team is responsible for understanding and communicating the required customer outcomes to the rest of the Datapipe business and is accountable for maintaining the partnership between the customer and Datapipe.
> Service: Our Deliverers and Analysts
• This team is responsible for managing the delivery of customer outcomes that have been set during the discovery, analysis and design phases. The service team are responsible for ensuring the customer's sevice experience meets expectations throughout live service.
> Operations: Our Engineers and Explorers
• This team is responsible for maintaining and accelerating the delivery of our customer outcomes through deep technical specialisms combined with a thorough understanding of the customer's business.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Getting Started: personal support from your assigned Service Delivery Manager, full user documentation and end user portal enrolment.

Datapipe has years of experience on-boarding customers into our virtual and cloud infrastructure environments. We will walk you through all considerations (typically including network connectivity and migration options) as your requirements develop, ensuring we balance risk vs cost vs timescales in the right way for your organisation.

Datapipe’s proven, expert service management delivers a single point of contact for your teams. Our Service Delivery Managers (SDM) are responsible for the successful onboarding and running of your services and create custom engagement schedules for review and discussion. Your SDM will also collaborate with you to create a custom runbook, which clearly lays out all information, contacts and processes relating to the daily management of your environments.

Your SDM will also provide one-on-one training to ensure a high level of comfort and familiarity with our interfaces and portals. This can be achieved over a webex for large distributed groups of end users or at your premises, depending on your preference.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users can extract their data across the network via VPN or other secure network protocol. Snapshots of virtual machine images can be provided if required which can then be transferred across a secure link.

In the event you require a live migration of virtual machines or database data, replication services may be configured. This is subject to analysis by Datapipe, which may incur additional costs.

Design and service documentation is located on the Datapipe portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.

Depending on the your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and cutover of services to the new provider are aligned precisely with requirements.
End-of-contract process
If you feel the need to switch providers, we will work with you to expedite the off-boarding of your services to another environment. Datapipe’s solutions are all based on standardised infrastructure and software, with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete.

As standard, Datapipe will provide secure access to third parties to extract your data and application configurations to help you get applications up and running in the target environment. In the event you require a live migration of virtual machines, and assuming the target is supported by the replication software, additional replication services may be available at an additional cost.

Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and cutover of services to the new provider are aligned precisely to your requirements.

Using the service

Web browser interface
Yes
Using the web interface
Users can create and manage incidents, changes and requests through the Datapipe portal.

Customer documentation is stored on the portal, allowing customers to view service reports, design documentation and invoices.

Customers can create and remove users of the portal for their organisation and adjust the type of user account they have.

The following is also available through the portal
View current monitoring configuration per server
• Submit and/or view open/closed incidents, changes, and tickets
• View device information by individual server or by application group, including uptime, CPU, memory and virtual memory and storage
• Review the latest backup status
• Submit and/ or view escalation, alerts and notifications
• Update contact information
• Utilise as a repository of all assets
• Monitor, filter, and view events and event history for devices
• Historical record of events, incidents, tickets and inventory
• Run custom reporting on performance statistics and workflow management
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The web interface is accessible through a variety of browsers and is built using HMTL standards. All standard operations and input methods are supported. Data is presented in a meaningful sequence and we avoid conventions like colour coding to ensure we are not limiting the experience of the visually impaired. Web pages do not have timing limits and page titling is straightforward making the site easier to navigate.
Web interface accessibility testing
No specific web interface technology testing has been undertaken with assistive technology users, however good practice development methods have been used to optimise the end user experience.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Firewalls are dedicated to each customer to protect resources and guarantee throughput.

CPU contention is limited within the platform and continually monitored to ensure that the virtual CPU to physical CPU ratio does not exceed 5:1.

Virtual memory is not contested therefore offers a 1:1 mapping between virtual and physical memory. Storage is allocated to virtual disks at a specific performance tier and has Quality of Service rate limits applied to ensure that a virtual machine disk I/O does not burst above its performance tier for more than 5% of the time.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Database connections
  • Database memory
  • Standard Service monitoring (started/stopped)
  • Standard process monitoring
  • Custom infrastructure metrics (where feasible)
  • Custom application metrics (where feasible)
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machine Images
  • Files
  • Databases
Backup controls
Backup schedules and file or folder inclusions/exclusions are agreed with the customer at the point of contract and an appropriate schedule is documented and implemented as part of the onboarding process. If the customer requirements change, a ticket can be logged to amend the schedule. The appropriate customer documentation will also be updated.

Backup success is reported on a regular basis in the Service Reports provided to the customer. Any backup failures are retried the next day and failure records are reported to the customer.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability is based on the architecture and resilience of the service.

Enhanced Service Level (Dual site Highly Available) 99.99%
Standard Service Level (Single site Highly Available) 99.9%

Service credits are applied to breaches in the availability of services on a tiered scale, depending on the length of outage. Service credits are applied as a percentage of the monthly recurring fee.
Approach to resilience
Details available on request.
Outage reporting
The Datapipe portal details scheduled maintenance, outages and incidents affecting multiple customers.

In the event of an incident, nominated contacts for each customer as documented in the operational run book, are notified and updated at least every 60 minutes of the progress towards resolution of the issue.

Technical Escalation Managers (TEM) ensure that Service Levels are maintained around incidents, change requests and service requests, while also ensuring that customer notifications and interactions are
consistent with the customer’s Solution Escalation Action Plan (SEAP). Datapipe’s internal processes are built on ITIL-based methodology.

Technical Escalation Managers are also deployed onto customer incidents depending on severity, who take ownership of resolution outcomes and provide a central point of contact for all comms.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is limited via a secure two -factor authentication method, using 'least privilege' access to systems. Customers can log tickets via email or telephone and all initial interactions are security validated against a list of known email addresses, persons, telephone numbers and security information. Datapipe performs all management through Secure Management Environments (SME). This is a walled garden approach to customer identity management. An engineer must first provide a username & FIPS 104-2 compliant one time password (OTP) combination, then valid active directory password associated with the users lowest level account. All customers can use their own authentication source.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SNR Certification, Certification No.: SNR 11399498/15/I
ISO/IEC 27001 accreditation date
20 October 2016, Renew Date: 05 October 2018
What the ISO/IEC 27001 doesn’t cover
Anything above the Hypervisor is not covered by the Datapipe ISMS. Datapipe uses a shared security model to ensure all parties are aware of their responsibilities and agree how to manage risk.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
NTT Security Ltd, Certificate ID: o4Anq6RuYfK2dN1
PCI DSS accreditation date
15 September 2016, Renew Date: 15 September 2017
What the PCI DSS doesn’t cover
As per industry best practice, our PCI scope is restricted to specific platforms. Any platform that is not in the Datapipe PCI scope is not covered by this certification. For platforms in scope anything above the Hypervisor is not covered by the Datapipe PCI scope. Datapipe uses a shared security model to ensure all parties are aware of the scope of accreditations, their responsibilities and agree how to manage risk.
Other security accreditations
Yes
Any other security accreditations
  • PSN Code of Connection
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance accreditation
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
PCI DSS
Information security policies and processes
Datapipe maintains core security certifications for ISO 9001, ISO 27001, Cyber Essentials Plus and PCI DSS 3.2. The Datapipe Executive Team is committed to providing a robust framework that prioritises security across our business. The board have recognised Information Security and Cyber Security are vital to the protection of any organisation’s key assets. Security risks, requirements and controls are primarily designed around the CIA Triad, which relates to Confidentiality, Integrity and Availability.
Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements. As we are fully certified in both ISO27001 and PCI we have robust compliant policies that are regularly audited. Policy implementation is measured regularly and metrics are reported quarterly to the board. Direction is then communicated to heads of department for rectification.

Datapipe maintains an Information Security Management System (ISMS) which is certified against the requirements of ISO 27001. Our staff are SC cleared and vetted where necessary if sponsored by the customer.

All data is exclusively located in highly secure Tier 3 specification UK data centres, managed in the UK and subject to UK regulation – removing the risk of international surveillance or disclosure.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Datapipe follows the ITIL definition of change management to provide a standardised method for the management of the risk and impact associated with amending live configuration items. The process covers both Datapipe and customer configuration items.

Changes are categorised as Standard, Normal or Emergency allowing for appropriate due diligence to be performed.

The Change Team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a seven point process: Logging, Assessment, Scheduling, Testing and Plans, Communications, Reporting and Governance.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Datapipe Security regularly carries out vulnerability scans using authorised scanning vendors on external interfaces as well as internal scans using market leading products. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. We closely monitor multiple vendor websites and receive vendor e-mails for patch releases, vulnerability notification or vendor specific warnings. We are also signed up to NCSC CiSP. Notifications of vulnerabilities are distributed to our relevant teams teams who inform our customers. Datapipe follows standard patching timeframes of 30/60/90 days but for government customers, aims for critical patches within 14 days.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Datapipe utilises market leading unified security management tools for our protective monitoring solution on our platforms. These combine five essential security capabilities: Asset Discovery, Behavioural Monitoring, Vulnerability Assessment, SIEM and Intrusion Detection into a single management plane. Datapipe, through the software, has a complete view of our estate ensuring the complete integrity of our platform by identifying potentially compromised systems and suspicious behaviour, assessing vulnerabilities, correlating and analysing security event data.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Where Datapipe has not acknowledged an issue through proactive monitoring, users can report incidents by phone or email, 24x7, to the service desk.

Datapipe follows the ITIL definition of Major Incident prioritisation:
Sev 1 Critical - Single Client Total Outage.
Sev 2 Major - Single Client Impairment.
The Major Incident Management Process is implemented by the Datapipe Operations team with the goal of managing unplanned service interruptions. This includes customer communications (by phone and email) to a defined schedule. The Operations group, specifically the Technical Escalation Manager (TEM) is responsible for initiating and managing the incident reporting process.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
At the compute/storage layer, consumers are separated via robust hypervisor controls based on VMware vSphere technology. Different organisations are kept apart through network and security segregation. Each customer will have dedicated firewalls to provide security ingress and egress restrictions into a customer environment. Dedicated virtual networks are configured on dedicated virtual switches for each customer which further segregates traffic.

Energy efficiency

Energy-efficient datacentres
Yes

Pricing

Price
£80 a virtual machine a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Datapipe will work with organisations to create custom proof of concept based on mutually agreed criteria.
Typically this would be an MVP to 'prove before you use' which we would limit to 2-4 weeks with clear scope.

Excluded:
Full resilience.
Production applications/ workloads.
Large scale data migrations.
Limited network.

Documents

Pricing document
Pricing document
Skills Framework for the Information Age rate card
Skills Framework for the Information Age rate card
Service definition document
Service definition document
Terms and conditions document
Terms and conditions document

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@b8f7fe78-89c6-477f-8c3b-ab260b893258.com. Tell them what format you need. It will help if you say what assistive technology you use.