Cloud9 helps academics enhance the learning and teaching experience by focusing on removing the ICT burden and delivering high-quality, optimised digital services with best-in-breed partners who share the same vision about education quality. Cloud9’s UK-based, highly optimized full Cloud Service capability, are available directly over Janet, open-Internet or dedicated links.
- Next-generation ICT services; move to Zero IT
- Agile working, support for any device using VDI
- Secure remote access to services for Teachers and Students
- Covers Virtual Desktop, Virtual Servers, Application & File Servers
- Load-balance users over multiple DC's for greater resiliency
- Video Collaboration (IOCOM) & Online teacher's on-demand (Tute)
- Highly secure, Ofsted compliant Prevent and Safe-Guarding (Netsweeper)
- Highly optimsed environment designed specifically for Education
- Available directly on Janet network or Open Internet
- Better monitoring and reporting of usage for Pupil Premium
- Safe guarding, prevent, anti-radicalisation and anti-bullying
- Pay for usage, scale up or down depending on demand
- No desktop, server, storage or application upgrades ever-again
- Best-in-breed technology on a monthly subscription
- Bolt on services to improve learning and reduce cost
- Better access and support for additional funding; Pupil Premium
- Move to cloud services when it suits you
- Buy-back of old hardware to reinvest back-in
- Reduce Energy costs
- Deliver high performance, consistent user experience
£22 to £300 per user per month
- Education pricing available
0330 999 1000
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
No major service constraints.
Cloud9 is designed to support organisations and users rather than constraining them.
Planned maintenance windows are discussed with customers to minimize any impact. Janet users can connect directly to Cloud9, they can also access Cloud9 through open Internet or Point to Point.
All our Data Centre's are already ISO27001 certified, Cloud9 already adheres to best practice around security and governance. Cloud9 are actively working towards ISO27001 certification and expect to have this when G-Cloud9 is awarded or very soon after We can obtain higher security clearance if required where sponsored and with costs covered.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 2 working hours or as agreed in an SLA|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
Commercial Support includes a named Account Manager, monthly Service Review documentation and Quarterly service improvement discussions, providing a transparent way of summarising service performance, billing, change requests, risk register, agreed actions and P1-P3 incidents and details of all SLA reports and helpdesk calls.
Cloud9 work closely with partner organisations to deliver this service. The customer is responsible for 1st line helpdesk support and Cloud9 provide 2nd line support for all the service elements, support options are detailed in the price-book however pre-design academic and educational ICT blue-prints are available on request.
They include service and support for:
- Netsweeper Content Filtering
- IOCOM for Video Collaboration with VoIP
- Tute for on-demand substitute teachers (or for additional remote bespoke learning)
Cloud9 service and support Virtual Desktop Infrastructure, Virtual Servers and databases, including SIMS (excludes SIMS support).
Cloud9 also work with N2S who provide onsite hardware installation and configuration, asset management and end of life asset disposal and recycling (zero to landfill).
StableLogic provide onsite auditing and analysis to deliver a business case and migration plan as well as a skills gap analysis.
The aim of this approach is to reduce ICT incidents and enhance to teaching and learning environment
|Support available to third parties||Yes|
Onboarding and offboarding
Full training is provided (online or onsite) to run through all aspects of the service based on an agreed SoW which details the level of support, migration, testing and training required.
The main focus is to train system administrators in how to best utilise the platform, how to monitor, report and implement changes and how to invoke back-up or DR. Training is provided by qualified internal Cloud9 personal who themselves are responsible for day to day activities associated to management and administration of Cloud9 systems. Importantly we also focus on understanding non-technical and procedural changes.
We can also sub-contract cultural and business process management re engineering to a specialist 3rd party such as Stable Logic (see price book & service description document). Cloud9 also provide documentation for training, support purposes, auditing and compliance. Documentation covers the design of the Cloud9 environment, the security documentation which includes supported protocols and network ports any back-up and retention policies including the portal to manage back-up locations, destinations, retention and restorations.
|End-of-contract data extraction||
Cloud9 offer a managed transition on exit that covers:
- Managed transition to an alternative provider; process detailed in the Agreement and a SoW will be produced to cover all aspects of contract exit, charged on a time & material basis.
- User or nominated 3rd party, migrates data to new platform, typically using standard software to do so with limited support from Cloud9 (charged on Time & Material basis) Cloud9 will then securely remove all user data from the platform in accordance to an Exit Plan.
Customers need to ensure they have copies of any data including back-ups and event logs. In some instances it is possible for the customer to buy dedicated Cloud9 infrastructure or assets at an agreed market rate.
Onsite assets (such as VDI zero or thin clients) can be detailed in an assets register for customers to purchase at the end of a service Term.
Cloud9 can (upon request) provide a certification confirming full data removal and system cleaning, which includes the method used and date of completion. Cloud9 ask that the customers administrator removes and destroys all customer data within the Cloud9 environment prior to a full system cleanse.
The contract and Sales Order will detail all the pricing elements for the delivery and running of the services as and when the agreement ends. The customer may wish to extend for an additional or shorter term, these commercial terms can be accommodated under G-Cloud9 guidelines / restrictions.
Should the customer wish to exit at the end of the contracted term, then the Exit Plan will be invoked. This document looks at an exit plan including migrating services to another provider, to internal platforms or whatever other options have been detailed. This will also include likely costs. At this time a formal SoW will be produced to detail the level of involvement required from Cloud9 to transition services to another provider. This is charged on a Time & Materials basis, the rates of which are details at the start of the Agreement (see price book - Cloud9 professional services).
A Customer may wish to request the new provider assists with the transition and therefore limiting assistance and costs from Cloud9 . Cloud9 will always look to provide professional support and assistance to reduce risk and maintain service during any major transition
Using the service
|Web browser interface||No|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Users can download Citrix Receiver to access the Cloud VDI instance, this can be controlled / restricted to ensure security.
For example mobile / remote users can have USB ports blocked and can have the ability to map a local drive enabled/disabled.
Mobile / remote uses can also have increased security such as 2-factor authentication
|Accessibility standards||None or don’t know|
|Description of accessibility||
Citrix XenApp and XenDesktop have separate accessibility standards under Section 508 of the Rehabilitation Act (US Federal Government and Agencies).
Section 508 refers to a statutory section in the Rehabilitation Act of 1973, it requires that all electronic and information technology of federal departments and agencies be accessible to people with disabilities unless it would impose an undue burden on the department or agency.
Section 508 is an active statute and is being currently enforced in Governmental IT purchases.
This is a 3rd party service interface from Citrix.
Citrix is committed to supporting the standards promulgated under Section 508 of the Rehabilitation Act (US Federal requirement).
|What users can and can't do using the API||
XenApp and XenDesktop support a number of API's that extend a vast amount of capability.
The Citrix WFAPI enables developers to create application programs to perform tasks that are unique to XenApp and XenDesktop.
The WFAPI SDK comprises a set of function calls to the dynamic link library for applications.
These DLLs are available on servers running XenApp and on Windows Workstation platforms running XenDesktop. Example programs are included to assist developers. The WFAPI SDK is intended for use by OEMs and customers who need to write applications that directly call WFAPI functions, using Microsoft Visual C++, Version 12.0 (Visual Studio 2013).
The (WFAPI) SDK is a collection of APIs allowing developers and system administrators to programmatically access features specific to Citrix VDAs. For example:
- Enumerating servers, sessions, and processes
- Managing servers, sessions, and processes
- Accessing Citrix-specific user data
- Sending messages to a session
- Using virtual channels
- Waiting on system events
Citrix also provide:
- Mobile SDK for Windows
- XenApp PowerShell SDK
- XenDesktop Management SDK
- Virtual Channel SDK
These API's / SDK's are well documented and supported
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Administrators have access to the management interface to effectively support end-users and to make systems changes including customisations, these will commonly be:
- Adding, modifying, patching desktop applications
- Adding, modifying, amending desktop images
- Modifying user groups
- Modifying desktop builds (allocating RAM, CPU & storage)
- Associating applications and services to users
- Patching of the desktop OS
- Managing peripheral devices such as printers, scanners and other networked devices
Administrators have the ability to make customisations / modification based on privileges associated to them.
|Independence of resources||
The Cloud9 environment is logically segregated with resource allocated to each environment ensuring consistent performance of all users on each customer environment.
This approach ensures no one customer can act as a resource thief against another and that complete independence exists. When customers approach resource limits, scale can be applied to a predefined upper agreed limit.
This is monitored closely by the Cloud9 Infrastructure team who continually assess platform capacity, density and utilisation as part of infrastructure planning to ensure we maintain between 60-80% capacity to ensure we have a competitive price point, balanced with the ability to scale.
|Service usage metrics||Yes|
Infrastructure or application metrics:
- HTTP request and response status
- Number of active instances
- Application usage
- Application performance
- Service availability
- Windows event logs
- Resource history (changes)
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Users can export any of their data that exists within a Virtual Desktop environment in any supported format in a way that the system has been configured to support that export. Typically user files or folders.
The VDI design means that users technically see very little difference in Import/Export capabilities however system administrators have greater control over USB device access and mapping to local drives (such as a home PC)
|Data export formats||
|Other data export formats||Users can export in any supported format|
|Data import formats||
|Other data import formats||No restricts|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Cloud9 deals with SLA's in a couple of ways. Firstly by paying our service credits where an outage has occurred. Services come with a 99.99% SLA as standard, however some designs my be highly available and therefore have a higher SLA:
Cloud9 Services Availability 99.99% or Higher - None
Cloud9 Services Availability 99.5% - 99.89% = 5%
Cloud9 Services Availability 99.49% - 99.00% = 10%
Cloud9 Services Availability 98.99% - 97.00% = 15%
Cloud9 Services Availability 96.90% - 96.00% = 20%
Cloud9 Services of less than 96.00% = 25%
Cloud9 associate SLA performance with Material Breach so customers can exit an Agreement due to continual poor performance. Cloud9 allow customers to go through User Acceptance Testing & Sign-off pre-billing to reduce risk of performance related issues and minimising commercial risk or exposure; this also ensure customer know how the platform performs.
Cloud9 also looks at the platform performance, not just it's On/Off availability, performance is what users notice and so our focus is on consistent, high performance and service continuity. A significant amount of focus is around performance of the environment, including platform latency and capacity to ensure user-experience. Cloud9 also has a Support response time and severity SLA.
|Approach to resilience||
Resiliency comes down to requirements and budget. If a customer doesn't require a resilient service (or application) then they are not forced to pay for it, however a number of options exist to support various levels of resiliency based on SLA, performance and budgetary requirements:
- Local back-up's of service environment and configuration, taken periodically, encrypted and stored either locally and / or on 2nd location for restoration
- High Availability design - this allows users to have a hot standby environment in a secondary location
- Load-balanced architecture - an environment whereby 50% of user are services from DC-1 and 50% from DC-2, each location capable of supporting 100% of users
- Software Defined Network (SDN) created over multiple DC's with services available on that network.
Cloud9 operate from multiple UK data centres (with various network providers connected; including JANET) each location having a minimum of two network connections from different operators.
Cloud9 is built on C7000 HPE Blades in a grid design, meaning services uses resource from multiple blades, further reducing single points of failure.
Email alerts to named customer support contacts or generic email address.
Phone calls to customer support contact or helpdesk.
API with platform or service management application.
Our Support desk pro-actively contact customers to highlight any high priority (P1-P3) incidents.
We discuss impact and resolution or any preventative action already taken by our Infrastructure team.
P4 or lower issues are generally dealt with over email.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
All management interfaces are only accessible by named and security vetted individuals via a two factor authenticated session on an IPSEC v2 VPN tunnel.
All connections are logged and audited.
Multiple failed attempts automatically lock the individual user account with automated notification sent.
All passwords are timed and must be unique and can't be recycled.
Cloud9 also support Software Defined Networking (SDN) virtualisation technologies, including Network Virtualization using Generic Routing Encapsulation (NVGRE) and Virtual Extensible LAN (VXLAN). These technologies are designed to supported better connectivity, access and scalability specifically for cloud computing environments.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Centre for Assessment Ltd|
|ISO/IEC 27001 accreditation date||07/12/2017|
|What the ISO/IEC 27001 doesn’t cover||None|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Information security policies and processes||
Cloud9 have an internal CISO (Chief Information Security Officer) who is ultimately responsible for the security and integrity of the Cloud9 platform and services; including customer environments, all of which are approved (either as blue-print or bespoke designs). The CISO reports directly to the Cloud9 CTO and the Board covering strategy, risk management, planning, systems, processes, compliance, governance and continual improvement.
The Cloud9 CISO is also responsible for internal processes and procedures, ensuring they are followed inline with internal and ISO standards. The InfoSecurity team are also responsible for following, monitoring and improving systems and process as well as keeping up to date with a number of key elements, including:
- Physical security to Data Centres; Co-location Racks and Cloud9 office locations
- Environmental Controls within Data Centres
- Secure Access Management to Cloud9 platforms and Customer networks on Cloud9 platforms
- Network Infrastructure and Integrity; this also cover DDOS protection, Disaster Recovery, customer SLA's and single points of failure
- Human Resources to cover background checks and screening of employees who must also undertake security awareness and training on procedures and documentation
- Operational Security which covers incident management, patching and updates, documentation, training, accreditation, certification and continual improvement
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Changes made by the Customer to their services / environment which they support themselves, is done so at the Customers risk.
Where Cloud9 provide Support of the Customers environment, all change requests must be formally submitted and approved by Cloud9, they are fully audited and assessed against risk. The request has to include:
- Reason a. Improving security
- Improving performance or functionality
- Reduce operational overhead or cost
- Request to be approved by Cloud9’s:
a. Service Manager
b. System Architect
- Change request must include:
a. Expected outcome
b. Test plan
c. Roll-back plan
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
All systems are scanned for vulnerabilities every month. Cloud9 uses the Common Vulnerability Scoring System (CVSS) for all Common Vulnerabilities and Exposures (CVE) provided by the National Vulnerability Database. Scoring for non-CVE vulnerabilities is provided by UB’s vulnerability scanning tool.
A priority is placed on patching or mitigating the vulnerability based on these scores and the logical location of the vulnerability within Cloud9's network infrastructure. Remediation occurs within 10 business days for critical vulnerabilities.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Our service management processes are ITIL V3 aligned and have particular focus upon Security Incident Management and Continuous Service Improvement.
Some of the components of this system have been provided below:
- Network and Host based IDS/IPS
- Traffic monitoring and intelligent traffic analysis
- Packet capture and analysis to enable investigations into alerts
- DNS monitoring to detect DNS lookup to known or suspected malware
- Botnet monitoring
- hunts for and alerts on any type of connection
- Web and email threat monitoring
- Geographic analysis of all attacks and traffic Automated systems ensure ultimate continual protection.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Prevention: The understanding of and application of insight gained from the intelligence
Detection: The interpretation of any events of interest occurring to discriminate between legitimate and abnormal events to identify anomalous activity
Investigation: The analysis of anomalies to determine whether they are emerging threats that may lead to a security incident
Reaction: Our analysts use tailored, predefined and configured Playbooks to efficiently inform their reaction to an identified threat
Response: The planning of effective mitigation in response to the cyber-attack, the communication of these plans to all relevant stakeholders, and the collaboration with all relevant parties to carry out mitigation
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£22 to £300 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
The Cloud9 trial VDI is a standard Windows desktop with Office and Chrome installed, it doesn't include any customisation or integration into your environment.
Limited to a 30 days trial for a small number of users.
|Link to free trial||http://www.cloud9enterprise.co.uk/contact-us/|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|