BlackBox Hosting Managed Cloud Services
Blackbox Hosting Managed Cloud services are designed to provide a flexible, scalable and secure environment with guaranteed service levels and backed with 99.99% uptime.
All solutions are bespoke to requirements. We combine exceptional value for money with superfast, robust and reliable systems, integrating everything with outstanding technical expertise and experience.
Features
- Hosted only in Tier 3+ UK Datacentres with secure access
- Full Network Segmentation with Virtual Routing, Vlans and 40GB network
- Backup, full disaster recovery and business contingency planning
- Proactive monitoring platforms provide support 24/7/365 with 99.99% uptime guarantees
- Vmware , Cisco, 3 Par, Fortigate, Kemp, Microsoft, Veeam experts
- Tiered storage options available including SSD and 15k SAS
- High Bandwidth, low latency connectivity using multiple Tier1 providers
- Enterprise grade DDOS protection, AV, malware, Application and IPS control
- Online Service portal for self deployment of complete Virtual networks
- 4 hour hardware replacement warranties together with automatic failover technologies
Benefits
- ISO27001 and Cyber Essentials Plus certified demonstrating compliance and security
- The cloud Platform resides across 2 datacentres over 50km apart
- Flexible rolling contracts without tying you into a long-term plan
- Use the latest technologies without the need for capital expenditure
- Forward thinking and innovative team providing a full IT portfolio
- Resources on demand when required with real time upgrades
- Bespoke solutions for your applications that simply work
- Only pay for the services and licenses you require
- Secure, encrypted connections back to your office using HTTPS, SSL
- Makes it easier to adapt to evolving business requirements
Pricing
£55 an instance a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
6 8 0 1 7 0 4 2 7 0 5 7 4 2 3
Contact
BlackBox Hosting
Matthew Burden
Telephone: 0203 740 7840
Email: matthew@blackboxhosting.net
Service scope
- Service constraints
-
The following service constraints are imposed:
Planned Maintenance: any pre-planned maintenance to any of the infrastructure relating to the cloud service.
• Planned Maintenance will always occur out of core business hours defined as 08:00 – 20:00 Monday to Friday
• Planned Maintenance will have a 7-day notification window
Emergency Maintenance: means any urgent maintenance required to prevent any event compromising the infrastructure relating to the cloud service.
• Blackbox Hosting will provide affected customers with at least six hours’ advance if possible.
• Carry out the emergency maintenance outside business core hours - System requirements
-
- Appropriate network connectivity, e.g. Fibre Internet, Private networks
- Support for Microsoft, Linux and VMware systems as standard
- Self-Service Portal Browser requirements. See Service definition document
- Customers are responsible for administering layers above the hypervisor
- Customers are responsible for managing end user environment access
- Customers must ensure appropriate data is stored on the environment
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Blackbox provide the following response times:
P1: 15 mins
P2: 1 Hour
P3: 4 Hours
P4: 8 Hours
These response times are for support during Standard Operating hours (08:00-18:00)
Out of hours support provides the same response times for P1 and P2 tickets. However, the following changes apply:
P3 : 12 hours
P4 : 24 Hours - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Blackbox Hosting offers a Complete Core infrastructure level of support to all users of its Cloud Platform as standard. This comprises of the following:
Tier3+ UK data centres with redundant power and HVAC.
24/7/365 monitoring of entire platform including datacentre, network and hardware layers.
Patching and maintenance of Cloud platform
4-Hour Hardware replacement SLA
99.99% Uptime guarantees
Business Hours (08:00-18:00) Access to Technical Operations team consisting of Technical Account manager and Service desk.
Daily snapshots of Virtual Servers
The following services can be added if the client requires:
Dedicated Service Delivery manager, technical account manager and high level Cloud Platform engineer
Out of hours Support
Operating system support and patching
Managed Antivirus / Web Filter/ Application Control
Managed Firewall
Custom, bespoke monitoring and reporting platforms
Consultancy services e.g. network planning and implementation, disaster recovery, business continuity
Regular Account meetings
Licensing and compliance
Escorted access to data center - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
At BlackBox Hosting we are committed to working alongside you to deliver a solution that is transparent, scalable and cost-efficient without compromising on quality.
Before we begin you will be assigned a dedicated account manager and solution architect. They will meet with you to discuss your cloud hosting requirements.
A detailed report will then be provided outlining the overall solution and design followed by a final Q&A session to confirm exactly what is to be deployed.
Once agreed, the solution architect will then deploy the cloud resources required. Once complete, a full handover of the network will then be scheduled, these can be completed at the customer site or our offices.
This training session will be accompanied with full user documentation and will include technical details as well as details of the support process.
It is only upon this handover being signed off that the network is moved over to our support team to handle as part of BAU services. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- Onsite presentations of the systems to the users
- End-of-contract data extraction
-
After the end of service date, all client VMs and data will be retained free of charge for a month. During this time the client can request a copy of the VMs and data to a device provided by themselves. For example a SAN or NAS device. The device will be directly connected to the Hosting platform and data copied to it. The client will then organise secure transportation of the device back to their required location.
Depending on the size of the data, the client can request online transfer of their data through secure channels such as SFTP.
Any data not required by the customer is securely destroyed. This process is signed off by the customer. - End-of-contract process
-
Blackbox Hosting pride themselves in their transparency:
No long-term contracts and no penalty fees. The reason you’ll stay with us is because our solutions are the best.
If, however there is a reason to leave, we will work with you to make this process as efficient as possible.
Firstly, your account manager will confirm the date that services will cease and the date of the last invoice. Notice periods vary depending on the scale of the Cloud Services used with the minimum being 1 month.
After the end of service date, all client VMs and data will be retained free of charge for a month. During this time the client can request a copy of the VMs and data to a device provided by themselves.
After the month is complete the VMs and Data will be deleted in accordance to our secure data destruction process.
If the off-boarding process can be completed in 2 days it is free of charge, any additional days are charged at the standard consultancy rate.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Blackbox Hosting offers a web portal that allows customers more flexibility and control over their cloud environments. The portal is accessed through a web browser using HTTPS
Blackbox Hosting still remains in control of the core infrastructure for the cloud platform but can allow the customer to handle the day-to-day IT operations within their environment through their portal.
The following tasks can be performed through the portal:
Roles and permissions can be assigned to different users within the customer organisation for different tasks. e.g. Server, Networking.
Deploy new VMs
VM console access
VM performance statistics can be monitored and analysed
Add VM resources, e.g. CPU, storage, RAM
Create VM templates for quick deployment
Attach ISO images to VMs
Configure VM Alerts
Snapshots and reverts of VMs
The Self Service portal is provided as an extension of the Blackbox Hosting Technical Operations team and is not intended as a replacement, Because of this there are a few restrictions as to what customers can do:
Configure network VRF and VLANs
Manage firewalls
Configure Backup sets
Configure SANs - Web interface accessibility standard
- WCAG 2.0 AA or EN 301 549
- Web interface accessibility testing
- None
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- No
- Independence of resources
-
We allow our customers to scale services up and down as their business changes,
The 2 types of Scaling methods we use are:
Scale up: This is when more powerful, better, faster and capable hardware is allocated to a customer. For example, additional RAM, SSD storage or a different CPU chipset
Scale Out: This is when additional instances of a server can be added to customer pool in order to share the burden of additional requirements.
Scaling is monitored using multiple metrics alerting when additional resources are required, together with auto-scaling tools to provide a fully elastic scaling approach. - Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Other
- Other metrics
-
- Uptime (System Availability)
- Response times
- Concurrent Users
- Latency
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Other
- Other data at rest protection approach
-
Blackbox Hosting have in practice a stringent security policy complying with ISO27001.
This provides our staff processes for dealing with client data.
This process is audited regularly and all staff are fully trained with the standards.
In addition logs for access tracking and permissions are checked at regular intervals. - Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Data
- Virtual Servers
- Applications
- Databases
- Logs
- Network devices
- Templates
- Backup controls
-
Backup and disaster recover plans are discussed with the user upon start of service.
All customers are offered an onsite backup with 14 day retention. Normally the next step is to add a backup copy of this which is stored in our secondary data centre.
Additionally, we offer real time replication disaster recovery plans offering data centre redundancy.
Backups can be performed on different schedules and retention periods as per the customers request together with the type of storage used. All data transfer between data centres is done by a private point to point link with files being fully encrypted. - Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
-
Private network or public sector network.
Bonded fibre optic connections.
Multiple physical security measures such as biometrics, access cards, number pads, air locks.
Various security policies complying with ISO 27001 and Cyber Essentials Plus security standards
Data encryption and authentication of user and device access.
Availability and resilience
- Guaranteed availability
-
BlackBox Hosting’s SLAs cover various categories within the cloud platform. We are so confident in keeping to our SLAs that we back all of them with service credits, giving you complete confidence that we will fulfil our promises.
Data Centre Infrastructure
This includes power and HVAC (including UPS equipment and cabling), but excludes server hardware, software, and power supply units (PSUs).
SLA: 100% excluding emergency maintenance.
Credits: 10% of Monthly Spend
Internal Network
The internal network includes cables, switches, routers and firewalls within our network perimeter.
SLA: 100% excluding emergency maintenance.
Credits: 10% of Monthly Spend
External Network / Internet
The Internet (external network) includes third-party networks between the internal network and end user Internet connections.
It excludes end client Internet connections and their respective provider networks, as these are the exclusive remit of the respective end user connectivity provider.
SLA: 99.99% excluding maintenance windows.
Credits: 10% of Monthly Spend
Physical Cloud Platform
This comprises all the physical hardware required within the cloud platform. These include:
• Switches
• Physical hosts
• Firewalls
• Storage fabric
• HP Blades
SLA: 99.99% excluding maintenance windows.
Credits: 10% of Monthly Spend - Approach to resilience
-
Blackbox Hosting managed cloud platform is built to be completely secure, scalable, flexible and resilient. To do this we use methods such as:
Multi-pathing
Fault Tolerance
Distributed Resource Scheduler
Active / Active and Active / passive High Availability configurations
Border Control Protocol (BGP)
Resilient Ethernet Protocol (REP)
Multi Tier 1 ISPs
HPE 3PAR StoreServ resiliency
Full resiliency solutions are documented as part of the client Network handover and fully explained upon start of service. - Outage reporting
-
All outages are reported to customers via email, SMS and phone. Each outage is managed by an incident manager and team with updates sent before, during and upon completion of outage
Each client has a contact list of priority contacts during an outage and this is completed as necessary.
Outages are reported via:
Email
SMS
Telephone
Social Media such as Twitter
Pre-Recorded Voicemail messages
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Management interfaces are accessed either via 2 Factor Authentication (2FA) or via a dedicated VPN link. All information is sent over encrypted channels and complex passwords policies are in place.
In addition role based privileges can be assigned to different users to ensure they only have the required permissions. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 30/07/2015 with a yearly audit assessment
- What the ISO/IEC 27001 doesn’t cover
- Not Applicable - The BlackBox Hosting Cloud platform is covered by ISO27001
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Blackbox Hosting are accredited to ISO27001 and Cyber Essentials plus, these two accreditations form the basis of the Information Security Policies and processes that are implemented at Blackbox Hosting. All policies are reviewed bi-annually at internal management reviews and also independently audited every year by a UKAS accredited company to ensure they continue to meet our compliance and business requirements.
Staff are introduced and trained on all polies and procedures from their induction period and these are continually discussed and reviewed at quarterly staff meetings. If policies are not being followed then staff will go through a disciplinary procedure, more serious breaches are reported to the ICO in accordance with our data protection policies.
Examples of other policies that are followed by Blackbox Hosting include: Email Usage, Firewall Policy, Internet Usage, Logging Policy, Server Security Policy, Social Medial Policy, Data classification and Audit policy.
All policies are created in accordance with the Information Security Objectives agreed by the board of directors and the approach is documented in the Information and Security Management system.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
The configuration management process follows:
1) Scope, The components of the service are defined
2) References, All information about the component is collated and compiled into a (CMDB)
3) Assets register, All assets are clearly defined and recorded
4) Baselines, These are created once a year normally during change freezes to benchmark the components and record changes
5) Change Management, The change process interfaces with configuration management, e.g. Request for Change (FRC), RFC evaluated, RFC authorised. etc.
6) Audits, Audits happen twice yearly to ensure a configuration item performs the function it is supposed to do and is security compliant - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
This process is documented and audited as part of our ISO27001 accreditation. The process follows the following stages:
Discovery and categorisation of network assets into predefined areas according to business risk.
Vulnerability scanning schedule executed,
Risk based remediation according to business risk.
Remediation takes place normally in maintenance schedules
Vulnerability and fix is documented - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
At Blackbox Hosting, we use a combination of manual and automated tools to continuously monitor and analyse security events 24 hrs a day.
The protective monitoring process covers the following stages:
Detection: Monitoring platforms are checked on predefined schedules and reports are created and analysed using both automated tools and manual techniques. Any potential compromises are then identified.
Alerting: Any indicators of potential issues such as cyber attacks are recorded and investigated. The issues are prioritised as P1 and responded to within 15 minutes
Response: steps are taken to safeguard the network and take any remedial action during the incident. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incident process is as follows:
The client reports an Incident via an email or phone call
The incident is logged into call system and the customer is sent an email outlining the call number and an issue description. Incident is prioritised accordingly.
Diagnosis of incident takes place , if it is a known issue then the client is informed of the fix immediately. Otherwise incident is escalated to the relevant team for further investigation and diagnosis.
Incident resolution and closure then takes place.
Incident reports are created on a monthly basis and are discussed with the client at account meetings.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
-
Each client is deployed their own private cloud environment which can only be accessed through users created on their specific domain with Active Directory managing the roles and permissions.
The environments are deployed on an individual Virtual Router and Vlan together with a dedicated firewall if required.
Energy efficiency
- Energy-efficient datacentres
- Yes
Pricing
- Price
- £55 an instance a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
A complete “trial before you buy’ service with: Dedicated Solution Architect to create a bespoke environment.
Complete environment testing from connectivity, firewalls and VMs.
Trials are available for 30 days, longer periods can be discussed.
Available to new and existing customers.
Seamless transition from trial to production requirements.