Arcserve UDP Cloud Direct Back End as a Service (BaaS) Disaster Recovery as a Service (DRaaS)

Prevent IT disaters with no on-premises hardware required. The only direct-to-cloud backup and disaster recovery as a service (BaaS/DRaaS) offering comprehensive data protection with consumer-grade usability – without any hardware required on-premises. Scalable and flexible BaaS and DRaaS for always-on continuity with industry-best RTOs and RPOs.


  • No Hardware
  • Direct-to-Cloud
  • Near-Zero Data Loss
  • Secure Cloud Connectivity
  • Supports Physical & Virtual Servers
  • Windows & Linux
  • Centralised Management
  • Multiple Recovery Options
  • Complete Failback Options
  • 24/7 Expert Support


  • Reliable high performance technology with positive ROI
  • Risk mitigation for business critical applications
  • Hassle-free management
  • Anywhere, anytime recovery with sub 15 minute RPO
  • Local install agent replicates data in its native file format
  • Agent creates complete server image, including OS, files, directories, applications
  • Only changed data will be sent to the cloud.
  • View reports on backup and recovery activity
  • Different VPN options to securely connect to the recovered environment
  • Failback from the Arcserve Cloud to the onpremise environment.


£329 to £24606.29 per unit

Service documents

G-Cloud 11



James Drew

01246 572948

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Bare Metal Recovery is not supported
System requirements
  • Recommended bandwidth, 1Mbs upload
  • Windows Server 2003 (older agent) to 2019
  • Windows workstation XP (older agent) to 10
  • Web browser
  • Internet connection using SSL (port 443)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 hours response time
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Web chat accessibility testing None
Onsite support No
Support levels Cloud Direct support team provides L1 and L2, additionally engineering if often involved.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Cloud Direct interface is very user friendly, setting up the environment and protect systems is easy and pretty straight farward. Having said that, online there are many KB documents and a full guide to help customers configuring evrything. Additionally the 24/7/365 support is walways eager to have a remote session for onboarding.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users have up to 30 extra day to download their data using the Agent, performing a simple "restore".
End-of-contract process Customers have up to 30 extra days to download their data, they can also simply renew their contract for a limited time in order to be able to retrieve their data back.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices No
Service interface Yes
Description of service interface A web portal is accessible from everywhere in the world. It provides
Accessibility standards None or don’t know
Description of accessibility The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Accessibility testing None
What users can and can't do using the API Users could use oru API for integrating PSA (ConnectWise and Autotask), additionally some API could be shared to generate reports.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation MSP could customise the access portal with their logo, they can have customised emails and even branding the Agent.


Independence of resources Evrey user has one or more volumes, each of them separated and accessible uniquely by that user.


Service usage metrics Yes
Metrics types Daily digest are sent every day to clearly state on previous day backup status. Additional reports (backup, restore, data transfer, account activity) could be configured. Each report can be customised, selecting all or part of the protected systems, frequency and users who will receive them (even if not registered in the portal account).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold Arcserve

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users are able to download data directly from the portal. Additionally entire restore points or just single files could be easily retrieved using the restore wizard in the portal, so the destination needs to have the Agent installed on it.
Data export formats Other
Other data export formats Original format or .vhdx
Data import formats Other
Other data import formats Original format

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network Arcserve Cloud Direct follows RBAC ( Role Based Access Control ) and this is strictly enforced by the Arcserve Security Committee. Any privileged access needs the approval of two of the security team members and access logs are reviewed monthly to ensure RBAC is being followed.

On disk encryption of the SAS silos is volume based, AES-128-CCM with a SHA-256-MAC. That's a 128 bit key. Transport (SSL) is a suite that is negotiated between the server side and the client side to whatever is the strongest available that both ends support.

Availability and resilience

Availability and resilience
Guaranteed availability Our cloud colocation offers 99.99999% of availability. If we fail to meet our obligations for service levels, we provide “service credits” which equals the pro-rated amount a monthly payment equivalent to the amount of downtime not achieved within the SLA. This Service Credit may be applied to the next months service invoice.
Approach to resilience - Data Center - N+1 data center with all environmental in place to cover the failure of a primary unit
- Network - two diverse network paths coming into the data center from different locations.
- PDU Data center side - Power Distribution Units - all power supplied to the storage silos comes in from different PDU's. If one PDU fails, the second can supply power until the PDU has been fixed
- PDU Silo Side - All units have dual power supplies fed by different PDU's
- Silo's - All equipment is built in a clustered fashion allowing a single unit to go down without bringing down the cluster
Outage reporting Daily Digest email and reports aletrs could easily provide immediate information of the status of backups. Addidinally accessing the protal will provide a detailed view on the systems.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels Username and password are unique to each user, so their authentication restirct acess to portal and actions they can do in the portal (different roles are configurable)
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Equinix
ISO/IEC 27001 accreditation date 24/10/2018
What the ISO/IEC 27001 doesn’t cover ISO Certifications are managed and provided by the colocation service provider, which offer the following:
- ISO 14001:2015
- ISO 22301
- ISO 27001
- ISO 50001
- ISO 9001:2015
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications FERPA GDPR

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We follow the policies and processes in-line with ISO27001.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Protective monitoring type Undisclosed
Protective monitoring approach Cloud Direct has daily monitoring of the site from a third party. The third party ranks issues on a scale of 1 – 5. Any level 4-5 issues are immediately reviewed and escalated should they be deemed harmful to the site.
Any attack upon the site is captured by our monitoring utilities. These issues are brought to the attention of the NOC. If warranted, the issues will be escalated to the security team for further investigation, if necessary. In the event that an issue is sever, the Cloud users within 72 hours of verifying the problem.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have an incident management process in place that the internal team use according to ITIL. This contains customer’s contact list by geographic region. The process for incidents is tested. The customer contact list has been used to notify customers for pending change management windows thus far. We are pleased to say incidents have not occurred against the site since the service began.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £329 to £24606.29 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Cloud Direct can be tested for a limited period (15 days extendible) but with unlimited storage usage in the cloud (unlimited systems and/or volumes).
Link to free trial

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑