COOLSPIRiT

Arcserve UDP Cloud Direct Back End as a Service (BaaS) Disaster Recovery as a Service (DRaaS)

Prevent IT disaters with no on-premises hardware required. The only direct-to-cloud backup and disaster recovery as a service (BaaS/DRaaS) offering comprehensive data protection with consumer-grade usability – without any hardware required on-premises. Scalable and flexible BaaS and DRaaS for always-on continuity with industry-best RTOs and RPOs.

Features

  • No Hardware
  • Direct-to-Cloud
  • Near-Zero Data Loss
  • Secure Cloud Connectivity
  • Supports Physical & Virtual Servers
  • Windows & Linux
  • Centralised Management
  • Multiple Recovery Options
  • Complete Failback Options
  • 24/7 Expert Support

Benefits

  • Reliable high performance technology with positive ROI
  • Risk mitigation for business critical applications
  • Hassle-free management
  • Anywhere, anytime recovery with sub 15 minute RPO
  • Local install agent replicates data in its native file format
  • Agent creates complete server image, including OS, files, directories, applications
  • Only changed data will be sent to the cloud.
  • View reports on backup and recovery activity
  • Different VPN options to securely connect to the recovered environment
  • Failback from the Arcserve Cloud to the onpremise environment.

Pricing

£329 to £24606.29 per unit

Service documents

Framework

G-Cloud 11

Service ID

6 2 6 6 7 0 3 1 7 3 8 3 9 3 5

Contact

COOLSPIRiT

James Drew

01246 572948

frameworks@coolspirit.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Bare Metal Recovery is not supported
System requirements
  • Recommended bandwidth, 1Mbs upload
  • Windows Server 2003 (older agent) to 2019
  • Windows workstation XP (older agent) to 10
  • Web browser
  • Internet connection using SSL (port 443)

User support

Email or online ticketing support
Email or online ticketing
Support response times
2 hours response time
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Web chat accessibility testing
None
Onsite support
No
Support levels
Cloud Direct support team provides L1 and L2, additionally engineering if often involved.
Support available to third parties
No

Onboarding and offboarding

Getting started
Cloud Direct interface is very user friendly, setting up the environment and protect systems is easy and pretty straight farward. Having said that, online there are many KB documents and a full guide to help customers configuring evrything. Additionally the 24/7/365 support is walways eager to have a remote session for onboarding.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have up to 30 extra day to download their data using the Agent, performing a simple "restore".
End-of-contract process
Customers have up to 30 extra days to download their data, they can also simply renew their contract for a limited time in order to be able to retrieve their data back.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
A web portal is accessible from everywhere in the world. It provides
Accessibility standards
None or don’t know
Description of accessibility
The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Accessibility testing
None
API
Yes
What users can and can't do using the API
Users could use oru API for integrating PSA (ConnectWise and Autotask), additionally some API could be shared to generate reports.
API documentation
No
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
MSP could customise the access portal with their logo, they can have customised emails and even branding the Agent.

Scaling

Independence of resources
Evrey user has one or more volumes, each of them separated and accessible uniquely by that user.

Analytics

Service usage metrics
Yes
Metrics types
Daily digest are sent every day to clearly state on previous day backup status. Additional reports (backup, restore, data transfer, account activity) could be configured. Each report can be customised, selecting all or part of the protected systems, frequency and users who will receive them (even if not registered in the portal account).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Arcserve

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users are able to download data directly from the portal. Additionally entire restore points or just single files could be easily retrieved using the restore wizard in the portal, so the destination needs to have the Agent installed on it.
Data export formats
Other
Other data export formats
Original format or .vhdx
Data import formats
Other
Other data import formats
Original format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Other
Other protection within supplier network
Arcserve Cloud Direct follows RBAC ( Role Based Access Control ) and this is strictly enforced by the Arcserve Security Committee. Any privileged access needs the approval of two of the security team members and access logs are reviewed monthly to ensure RBAC is being followed.

On disk encryption of the SAS silos is volume based, AES-128-CCM with a SHA-256-MAC. That's a 128 bit key. Transport (SSL) is a suite that is negotiated between the server side and the client side to whatever is the strongest available that both ends support.

Availability and resilience

Guaranteed availability
Our cloud colocation offers 99.99999% of availability. If we fail to meet our obligations for service levels, we provide “service credits” which equals the pro-rated amount a monthly payment equivalent to the amount of downtime not achieved within the SLA. This Service Credit may be applied to the next months service invoice. https://s28241.pcdn.co/wp-content/uploads/2018/06/Service-Level-Standards-062618.pdf
Approach to resilience
- Data Center - N+1 data center with all environmental in place to cover the failure of a primary unit
- Network - two diverse network paths coming into the data center from different locations.
- PDU Data center side - Power Distribution Units - all power supplied to the storage silos comes in from different PDU's. If one PDU fails, the second can supply power until the PDU has been fixed
- PDU Silo Side - All units have dual power supplies fed by different PDU's
- Silo's - All equipment is built in a clustered fashion allowing a single unit to go down without bringing down the cluster
Outage reporting
Daily Digest email and reports aletrs could easily provide immediate information of the status of backups. Addidinally accessing the protal will provide a detailed view on the systems.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels
Username and password are unique to each user, so their authentication restirct acess to portal and actions they can do in the portal (different roles are configurable)
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Equinix
ISO/IEC 27001 accreditation date
24/10/2018
What the ISO/IEC 27001 doesn’t cover
ISO Certifications are managed and provided by the colocation service provider, which offer the following:
- ISO 14001:2015
- ISO 22301
- ISO 27001
- ISO 50001
- ISO 9001:2015
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
FERPA GDPR

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow the policies and processes in-line with ISO27001.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Protective monitoring type
Undisclosed
Protective monitoring approach
Cloud Direct has daily monitoring of the site from a third party. The third party ranks issues on a scale of 1 – 5. Any level 4-5 issues are immediately reviewed and escalated should they be deemed harmful to the site.
Any attack upon the site is captured by our monitoring utilities. These issues are brought to the attention of the NOC. If warranted, the issues will be escalated to the security team for further investigation, if necessary. In the event that an issue is sever, the Cloud users within 72 hours of verifying the problem.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have an incident management process in place that the internal team use according to ITIL. This contains customer’s contact list by geographic region. The process for incidents is tested. The customer contact list has been used to notify customers for pending change management windows thus far. We are pleased to say incidents have not occurred against the site since the service began.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£329 to £24606.29 per unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Cloud Direct can be tested for a limited period (15 days extendible) but with unlimited storage usage in the cloud (unlimited systems and/or volumes).
Link to free trial
https://admin.zetta.net/portal/enroll?cloudconsole=0

Service documents

Return to top ↑