Exponential-e Ltd

Cloud Management Platform CMP

Exponential-e CMP is an orchestrator providing customers with a single pane of glass from which to manage private clouds, public clouds and hypervisors. It enables the provisioning of virtual machines to multiple clouds and infrastructures, as well as more complex multi-tier, multi-network, multi-server environments via workflows, pre-defined and customisable templates.

Features

  • Single service interface for private and public cloud
  • In built RBAC for security and audit
  • Native automation suite to allow increased automation
  • In build guidance service recommending rightsizing of workloads
  • Centralised billing and cost management tools
  • API integration to leading ITSM, Security, Backup tools
  • White label capability and customer skin tailoring
  • In built analytics to support best placement of workloads
  • In built change management system linked to RBAC
  • Dev Ops ready to allow continuous integration

Benefits

  • Provide the wider business with a cloud catalogue of services
  • Rapid ability to deliver multi cloud
  • Enabling IT as an internal service provider
  • Rapid time to value for new projects
  • Removes training complexities for public cloud
  • Lower operational cost overhead
  • Continuous commercial optimisation of your multi cloud landscape
  • Strong roadmap of new features and services
  • Supports increased automation, improving service delivery and cost
  • Accelerates savings for Hybrid cloud delivery

Pricing

£2.50 per virtual machine per month

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

6 1 9 5 6 7 0 3 8 6 2 3 3 5 9

Contact

Exponential-e Ltd

Kay Sugg

02034358835

psbids@exponential-e.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Alibaba Cloud
Amazon
Azure (Public)
Azure Stack (Private)
Cisco UCS
Cloud Foundry
Dell
DigitalOcean
Google Cloud
HPE
HPE OneView
Huawei
Hyper-V
IBM Cloud
IBM Cloud Platform
Kubernetes
Metacloud
Nutanix
Open Telekom Cloud
OpenStack
Oracle Public Cloud
Oracle VM
Platform 9
SCVMM
SoftLayer
UpCloud
VMware vCenter
Virtustream
XenServer
vCloud Director
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Details available on request.
System requirements
  • Public Cloud
  • Private Cloud
  • Hybrid Cloud

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email or online ticketing support
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Technical Support - Business Hours (0900-1700), weekdays excluding Bank Holidays. Extended Business Hours (0800 - 1800), weekdays excluding Bank Holidays. 24x7x365, including Bank Holidays.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation is provided
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction No data is actually held in the Cloud Management Platform, rather in the Clouds bound in to it.
If the customer is contracting through one of our CSP contracts a novation to a new provider is available.
End-of-contract process Customers tenancy within the Cloud Management Platform is disabled.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
API Yes
What users can and can't do using the API Most options avaiable in the UI are also available via API. These include:
Create & manage Cloud bindings
Deploy & manage instances
Deploy & manage applications
Automation
Monitoring
User Management
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Whitelabeling is available

Scaling

Scaling
Independence of resources Resources are run in customers own Cloud environments and management through the Cloud Management Platform

Analytics

Analytics
Service usage metrics Yes
Metrics types Usage and billing infomation for instances and applications deployed in any Cloud bound into the service
Analytica and sizing guidance
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data export can be completed through the Reporting portal. There is a rich range of reports and analytical assessments that can be visualised and exported in a variety of formats as detailed further in the description.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Exponential-e uses VPLS technology for WAN segregation in addition to transit and rest encryption technologies

Availability and resilience

Availability and resilience
Guaranteed availability The Cloud Management Platform 99.5%
Availability Service Credits of 5% for Below Target 10% for >0.1 Below Target 15% for >0.5 Below Target
Approach to resilience The Cloud Management Platform is geographically redundany, spread across two seperate datacenters and global load balancers
Outage reporting The Exponential-e Service desk will inform customers for any service outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted by tenancy boundries and role-based access control.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 13/04/2018
What the ISO/IEC 27001 doesn’t cover Details available on request.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 13/04/2018
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover Details available on request.
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 22301
  • ISO 20000
  • ISO 9001
  • ISO 50000
  • ISO 14001
  • Cyber Essentials PLUS
  • Commissum Information Assurance Certification
  • PIMS 686040

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards Exponential-e are a Stage 2 accredited HSCN CN-SP and our network operability conforms to HSCN Framework Obligations.
Information security policies and processes Exponential-e are a Stage 2 accredited HSCN CN-SP and our network operability conforms to HSCN Framework Obligations.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Details available on request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Details available on request.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Details available on request.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Details available on request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2.50 per virtual machine per month
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 day Proof of Value service

Service documents

Return to top ↑