The Virtual Forge

Amazon Web Services Hosting

We're a leading AWS certified partner and global reseller. We'll guide you through new projects and system migrations, from traditional data centres to full/hybrid cloud solutions.

We provide:
- System Design and Architecture
- DevOps
- Full range of AWS services/products
- Cost/capacity monitoring
- Managed Services, Support, & Helpdesk

Features

  • Full/Hybrid Cloud Hosting Solutions
  • Full range of AWS services and products
  • System Design and Architecture
  • Seamless migration to Cloud-based solutions
  • Managed Services
  • DevOps
  • Development and UX
  • Data Intelligence
  • Complete bespoke design and service
  • Continuous Integration / Continuous Delivery frameworks

Benefits

  • Leading Certified AWS partner and reseller
  • Smooth and seamless transition to the Cloud
  • Cyber Security experience
  • Combine data science with business analytics to extract data value
  • Create scalable, resilient, well architected systems to specifications
  • Leverage repeatable automation of your infrastructure
  • A sleek user experience and beautiful design
  • DevOps cloud services for consultancy, security, with AWS and Azure

Pricing

£450.00 to £1,250.00 a person a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@thevirtualforge.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 1 3 0 6 6 6 8 6 8 8 4 3 3 3

Contact

The Virtual Forge The VF Team
Telephone: +44 (0) 207 078 8855
Email: info@thevirtualforge.com

Service scope

Service constraints
As a certified AWS partner and reseller, we can provide solutions and services that make use of the full suite of AWS products and services, so we are only constrained by what AWS can offer.

We currently do not offer any on-premise hardware support or design as we work exclusively in cloud systems.

Our software is primarily written in .NET Core and Javascript.
System requirements
  • Solution requirements must be AWS or Azure compatible
  • Solutions must run on Windows, Linux, or serverless.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times are based on the priority of the ticket:
- Priority1 = Immediate
- Priority2 = 2 working hours
- Priority3 = 8 working hours
- Priority4 = 24 working hours

Customers may purchase out of hours and weekend support at an additional cost, and response times will be agreed as part of that service.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our standard support offering includes:
- Access to Freshdesk ticketing system
- Access to onsite support
- Dedicated Account Manager
- Response times SLA

Our Premium offering additionally includes:
- Dedicated support staff
- 24x7 hotline for Priority1 incidents

Both offerings are priced separately per project, depending on the amount of support required each month.

Out of hours support
Unsociable hours, namely weekends and statutory holidays, and after 5.00pm on weekdays, will be charged at £100/month to have the service available.

If the customer uses the emergency call line, £250 will be charged for the call-out. This covers up to one hour of the support team member’s time. £75 will be charged for every whole or partial 30 minute period thereafter.
These rates are for the work the development team will have to perform in order to identify and resolve the problem.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our approach is to provide a managed service in terms of hosting, so minimal training is required in this regard.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
AWS offers different pricing models, depending on the model you are using the contract date will vary. As AWS services are scalable, you will only pay for what you are using they can be scaled up or down at anytime.

AWS pricing contract information can be found here
https://aws.amazon.com/pricing/?nc2=h_ql_pr_ln-a
End-of-contract process
Details of account closure can be found on the AWS Billing and Cost Management site

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.html

Using the service

Web browser interface
Yes
Using the web interface
Almost all AWS services can be accessed via the web portal.

Configuration parameters of some services are only available from the CLI, SDK or API interface.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
You can sign in to the AWS Management Console using your AWS account root user credentials at https://console.aws.amazon.com/console/home.

AWS Identity and Access Management (IAM) user, can be configured enabling the use of a specialised URL.
Web interface accessibility testing
AWS offers assistive technology
API
Yes
What users can and can't do using the API
All functionality is available from the API
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
All AWS functionality is available via the CLI.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Provision of multiple instances. Auto-scaling in place for further instances if pre-agreed compute or latency thresholds are exceeded.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • AWS Cloudwatch configured to collect all metrics
  • All AWS services publish metrics to Cloudwatch
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
AWS

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Encryption is managed by 3rd party, ie AWS, who are CSA CCM v3.0 compliant. AWS use AES-256 for the encryption protocol on data at rest.
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Amazon EBS volumes
  • Amazon RDS databases
  • Amazon DynamoDB tables
  • Amazon EFS file systems
Backup controls
AWS Backup is a fully managed backup service that makes it easy to centralise and automate the back up of data across AWS services in the cloud as well as on premises using the AWS Storage Gateway. Using AWS Backup, you can centrally configure backup policies and monitor backup activity for AWS resources.AWS Backup automates and consolidates backup tasks. AWS Backup provides a fully managed, policy-based backup solution, simplifying your backup management, enabling you to meet your business and regulatory backup compliance requirements.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Use infrastructure assuring 99.9% uptime
Approach to resilience
We make extensive use of AWS's native resiliency and redundancy capabilities through leveraging multiple Availability Zones through load balancers for servers and (where possible) distributed databases or read replicas. This is further supported by 'warm' backup regions in case of a disaster recovery scenario.

Details of Amazon SLA's can be found here; https://aws.amazon.com/compute/sla/
Outage reporting
Public dashboard
Email alerts
Text messages

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication
Typically username and password, but MFA also available. Other - capability to offer facial recognition.
Access restrictions in management interfaces and support channels
Username and password. Resets only available directly to user via their email.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
5th November 2019
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
03/12/2018
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
N/A
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
25/01/2018
What the PCI DSS doesn’t cover
N/A
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Company Information Security Policy must be signed by all employees, and is updated regularly.
CTO – The company’s Chief Technology Officer is responsible for corporate-wide IS system planning, implementation, and execution.
Information Security Manager – The IS Manager is responsible for the company-wide datacenter and network infrastructures.
DevOps Engineers – The DevOps Engineers are responsible for all enterprise business systems.
Internal Users -- All members of the the company User Community are required to familiarise themselves with the policies outlined in the The Company Employee and Contractor IS Policies document.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes are managed via the change control process to ensure projects remain within approved constraints. Change proposals are agreed with the client, completed by the individual who identifies the need for a change, then submitted to us. The project team then assesses the impact of the change. The request is submitted to the change control board with the project team's findings to be reviewed. If the change is approved, all project documentation must be updated and the change must be communicated to all stakeholders. Some changes may also require re-alignment of the project costs, schedule, or scope.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Threats are monitored using an IDS provided by AWS along with the standard protection offered by AWS. Patches are routinely applied with urgent hotfixes applied the same day as a threat is identified. Threat information is monitored from AWS and industry leading security boards and alert feeds.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
This is managed by AWS on our behalf.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed via a ticketing system.
Information and FAQs are available via the ticketing system to help with common issues. Canned responses are prepared for common issues. Users report incidents via email or through ticket portal. Responses are given according to pre-defined SLAs. RCAs are available for critical issues. Ticket reports are available at client request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Amazon Web Services
How shared infrastructure is kept separate
Different accounts for different clients on AWS. Clients have separated AWS instances.
AWS assure security of the cloud.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Amazon is committed to achieving 100% renewable energy across our global infrastructure.

https://aws.amazon.com/about-aws/sustainability/

Pricing

Price
£450.00 to £1,250.00 a person a day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@thevirtualforge.com. Tell them what format you need. It will help if you say what assistive technology you use.