BlackBox Hosting

BlackBox Hosting Managed Cloud Services

Blackbox Hosting Managed Cloud services are designed to provide a flexible, scalable and secure environment with guaranteed service levels and backed with 99.99% uptime.
All solutions are bespoke to requirements. We combine exceptional value for money with superfast, robust and reliable systems, integrating everything with outstanding technical expertise and experience.

Features

  • Hosted only in Tier 3+ UK Datacentres with secure access
  • Full Network Segmentation with Virtual Routing, Vlans and 40GB network
  • Backup, full disaster recovery and business contingency planning
  • Proactive monitoring platforms provide support 24/7/365 with 99.99% uptime guarantees
  • Vmware , Cisco, 3 Par, Fortigate, Kemp, Microsoft, Veeam experts
  • Tiered storage options available including SSD and 15k SAS
  • High Bandwidth, low latency connectivity using multiple Tier1 providers
  • Enterprise grade DDOS protection, AV, malware, Application and IPS control
  • Online Service portal for self deployment of complete Virtual networks
  • 4 hour hardware replacement warranties together with automatic failover technologies

Benefits

  • ISO27001 and Cyber Essentials Plus certified demonstrating compliance and security
  • The cloud Platform resides across 2 datacentres over 50km apart
  • Flexible rolling contracts without tying you into a long-term plan
  • Use the latest technologies without the need for capital expenditure
  • Forward thinking and innovative team providing a full IT portfolio
  • Resources on demand when required with real time upgrades
  • Bespoke solutions for your applications that simply work
  • Only pay for the services and licenses you require
  • Secure, encrypted connections back to your office using HTTPS, SSL
  • Makes it easier to adapt to evolving business requirements

Pricing

£55 per instance per month

  • Free trial available

Service documents

G-Cloud 10

680170427057423

BlackBox Hosting

Matthew Burden

0203 740 7840

matthew@blackboxhosting.net

Service scope

Service scope
Service constraints The following service constraints are imposed:
Planned Maintenance: any pre-planned maintenance to any of the infrastructure relating to the cloud service.
• Planned Maintenance will always occur out of core business hours defined as 08:00 – 20:00 Monday to Friday
• Planned Maintenance will have a 7-day notification window
Emergency Maintenance: means any urgent maintenance required to prevent any event compromising the infrastructure relating to the cloud service.
• Blackbox Hosting will provide affected customers with at least six hours’ advance if possible.
• Carry out the emergency maintenance outside business core hours
System requirements
  • Appropriate network connectivity, e.g. Fibre Internet, Private networks
  • Support for Microsoft, Linux and VMware systems as standard
  • Self-Service Portal Browser requirements. See Service definition document
  • Customers are responsible for administering layers above the hypervisor
  • Customers are responsible for managing end user environment access
  • Customers must ensure appropriate data is stored on the environment

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Blackbox provide the following response times:
P1: 15 mins
P2: 1 Hour
P3: 4 Hours
P4: 8 Hours
These response times are for support during Standard Operating hours (08:00-18:00)
Out of hours support provides the same response times for P1 and P2 tickets. However, the following changes apply:
P3 : 12 hours
P4 : 24 Hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Blackbox Hosting offers a Complete Core infrastructure level of support to all users of its Cloud Platform as standard. This comprises of the following:
Tier3+ UK data centres with redundant power and HVAC.
24/7/365 monitoring of entire platform including datacentre, network and hardware layers.
Patching and maintenance of Cloud platform
4-Hour Hardware replacement SLA
99.99% Uptime guarantees
Business Hours (08:00-18:00) Access to Technical Operations team consisting of Technical Account manager and Service desk.
Daily snapshots of Virtual Servers

The following services can be added if the client requires:
Dedicated Service Delivery manager, technical account manager and high level Cloud Platform engineer
Out of hours Support
Operating system support and patching
Managed Antivirus / Web Filter/ Application Control
Managed Firewall
Custom, bespoke monitoring and reporting platforms
Consultancy services e.g. network planning and implementation, disaster recovery, business continuity
Regular Account meetings
Licensing and compliance
Escorted access to data center
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started At BlackBox Hosting we are committed to working alongside you to deliver a solution that is transparent, scalable and cost-efficient without compromising on quality.
Before we begin you will be assigned a dedicated account manager and solution architect. They will meet with you to discuss your cloud hosting requirements.
A detailed report will then be provided outlining the overall solution and design followed by a final Q&A session to confirm exactly what is to be deployed.
Once agreed, the solution architect will then deploy the cloud resources required. Once complete, a full handover of the network will then be scheduled, these can be completed at the customer site or our offices.
This training session will be accompanied with full user documentation and will include technical details as well as details of the support process.
It is only upon this handover being signed off that the network is moved over to our support team to handle as part of BAU services.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Onsite presentations of the systems to the users
End-of-contract data extraction After the end of service date, all client VMs and data will be retained free of charge for a month. During this time the client can request a copy of the VMs and data to a device provided by themselves. For example a SAN or NAS device. The device will be directly connected to the Hosting platform and data copied to it. The client will then organise secure transportation of the device back to their required location.
Depending on the size of the data, the client can request online transfer of their data through secure channels such as SFTP.
Any data not required by the customer is securely destroyed. This process is signed off by the customer.
End-of-contract process Blackbox Hosting pride themselves in their transparency:
No long-term contracts and no penalty fees. The reason you’ll stay with us is because our solutions are the best.

If, however there is a reason to leave, we will work with you to make this process as efficient as possible.

Firstly, your account manager will confirm the date that services will cease and the date of the last invoice. Notice periods vary depending on the scale of the Cloud Services used with the minimum being 1 month.

After the end of service date, all client VMs and data will be retained free of charge for a month. During this time the client can request a copy of the VMs and data to a device provided by themselves.

After the month is complete the VMs and Data will be deleted in accordance to our secure data destruction process.

If the off-boarding process can be completed in 2 days it is free of charge, any additional days are charged at the standard consultancy rate.

Using the service

Using the service
Web browser interface Yes
Using the web interface Blackbox Hosting offers a web portal that allows customers more flexibility and control over their cloud environments. The portal is accessed through a web browser using HTTPS

Blackbox Hosting still remains in control of the core infrastructure for the cloud platform but can allow the customer to handle the day-to-day IT operations within their environment through their portal.

The following tasks can be performed through the portal:
Roles and permissions can be assigned to different users within the customer organisation for different tasks. e.g. Server, Networking.
Deploy new VMs
VM console access
VM performance statistics can be monitored and analysed
Add VM resources, e.g. CPU, storage, RAM
Create VM templates for quick deployment
Attach ISO images to VMs
Configure VM Alerts
Snapshots and reverts of VMs

The Self Service portal is provided as an extension of the Blackbox Hosting Technical Operations team and is not intended as a replacement, Because of this there are a few restrictions as to what customers can do:
Configure network VRF and VLANs
Manage firewalls
Configure Backup sets
Configure SANs
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing None
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources We allow our customers to scale services up and down as their business changes,

The 2 types of Scaling methods we use are:
Scale up: This is when more powerful, better, faster and capable hardware is allocated to a customer. For example, additional RAM, SSD storage or a different CPU chipset
Scale Out: This is when additional instances of a server can be added to customer pool in order to share the burden of additional requirements.

Scaling is monitored using multiple metrics alerting when additional resources are required, together with auto-scaling tools to provide a fully elastic scaling approach.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Other
Other metrics
  • Uptime (System Availability)
  • Response times
  • Concurrent Users
  • Latency
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Blackbox Hosting have in practice a stringent security policy complying with ISO27001.
This provides our staff processes for dealing with client data.
This process is audited regularly and all staff are fully trained with the standards.
In addition logs for access tracking and permissions are checked at regular intervals.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Data
  • Virtual Servers
  • Applications
  • Databases
  • Logs
  • Network devices
  • Templates
Backup controls Backup and disaster recover plans are discussed with the user upon start of service.
All customers are offered an onsite backup with 14 day retention. Normally the next step is to add a backup copy of this which is stored in our secondary data centre.
Additionally, we offer real time replication disaster recovery plans offering data centre redundancy.
Backups can be performed on different schedules and retention periods as per the customers request together with the type of storage used. All data transfer between data centres is done by a private point to point link with files being fully encrypted.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Private network or public sector network.
Bonded fibre optic connections.
Multiple physical security measures such as biometrics, access cards, number pads, air locks.
Various security policies complying with ISO 27001 and Cyber Essentials Plus security standards
Data encryption and authentication of user and device access.

Availability and resilience

Availability and resilience
Guaranteed availability BlackBox Hosting’s SLAs cover various categories within the cloud platform. We are so confident in keeping to our SLAs that we back all of them with service credits, giving you complete confidence that we will fulfil our promises.
Data Centre Infrastructure
This includes power and HVAC (including UPS equipment and cabling), but excludes server hardware, software, and power supply units (PSUs).
SLA: 100% excluding emergency maintenance.
Credits: 10% of Monthly Spend

Internal Network
The internal network includes cables, switches, routers and firewalls within our network perimeter.
SLA: 100% excluding emergency maintenance.
Credits: 10% of Monthly Spend

External Network / Internet
The Internet (external network) includes third-party networks between the internal network and end user Internet connections.
It excludes end client Internet connections and their respective provider networks, as these are the exclusive remit of the respective end user connectivity provider.
SLA: 99.99% excluding maintenance windows.
Credits: 10% of Monthly Spend

Physical Cloud Platform
This comprises all the physical hardware required within the cloud platform. These include:
• Switches
• Physical hosts
• Firewalls
• Storage fabric
• HP Blades
SLA: 99.99% excluding maintenance windows.
Credits: 10% of Monthly Spend
Approach to resilience Blackbox Hosting managed cloud platform is built to be completely secure, scalable, flexible and resilient. To do this we use methods such as:
Multi-pathing
Fault Tolerance
Distributed Resource Scheduler
Active / Active and Active / passive High Availability configurations
Border Control Protocol (BGP)
Resilient Ethernet Protocol (REP)
Multi Tier 1 ISPs
HPE 3PAR StoreServ resiliency

Full resiliency solutions are documented as part of the client Network handover and fully explained upon start of service.
Outage reporting All outages are reported to customers via email, SMS and phone. Each outage is managed by an incident manager and team with updates sent before, during and upon completion of outage
Each client has a contact list of priority contacts during an outage and this is completed as necessary.
Outages are reported via:
Email
SMS
Telephone
Social Media such as Twitter
Pre-Recorded Voicemail messages

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are accessed either via 2 Factor Authentication (2FA) or via a dedicated VPN link. All information is sent over encrypted channels and complex passwords policies are in place.
In addition role based privileges can be assigned to different users to ensure they only have the required permissions.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 30/07/2015 with a yearly audit assessment
What the ISO/IEC 27001 doesn’t cover Not Applicable - The BlackBox Hosting Cloud platform is covered by ISO27001
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Blackbox Hosting are accredited to ISO27001 and Cyber Essentials plus, these two accreditations form the basis of the Information Security Policies and processes that are implemented at Blackbox Hosting. All policies are reviewed bi-annually at internal management reviews and also independently audited every year by a UKAS accredited company to ensure they continue to meet our compliance and business requirements.

Staff are introduced and trained on all polies and procedures from their induction period and these are continually discussed and reviewed at quarterly staff meetings. If policies are not being followed then staff will go through a disciplinary procedure, more serious breaches are reported to the ICO in accordance with our data protection policies.

Examples of other policies that are followed by Blackbox Hosting include: Email Usage, Firewall Policy, Internet Usage, Logging Policy, Server Security Policy, Social Medial Policy, Data classification and Audit policy.

All policies are created in accordance with the Information Security Objectives agreed by the board of directors and the approach is documented in the Information and Security Management system.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The configuration management process follows:
1) Scope, The components of the service are defined
2) References, All information about the component is collated and compiled into a (CMDB)
3) Assets register, All assets are clearly defined and recorded
4) Baselines, These are created once a year normally during change freezes to benchmark the components and record changes
5) Change Management, The change process interfaces with configuration management, e.g. Request for Change (FRC), RFC evaluated, RFC authorised. etc.
6) Audits, Audits happen twice yearly to ensure a configuration item performs the function it is supposed to do and is security compliant
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach This process is documented and audited as part of our ISO27001 accreditation. The process follows the following stages:
Discovery and categorisation of network assets into predefined areas according to business risk.
Vulnerability scanning schedule executed,
Risk based remediation according to business risk.
Remediation takes place normally in maintenance schedules
Vulnerability and fix is documented
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach At Blackbox Hosting, we use a combination of manual and automated tools to continuously monitor and analyse security events 24 hrs a day.
The protective monitoring process covers the following stages:
Detection: Monitoring platforms are checked on predefined schedules and reports are created and analysed using both automated tools and manual techniques. Any potential compromises are then identified.
Alerting: Any indicators of potential issues such as cyber attacks are recorded and investigated. The issues are prioritised as P1 and responded to within 15 minutes
Response: steps are taken to safeguard the network and take any remedial action during the incident.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident process is as follows:
The client reports an Incident via an email or phone call
The incident is logged into call system and the customer is sent an email outlining the call number and an issue description. Incident is prioritised accordingly.
Diagnosis of incident takes place , if it is a known issue then the client is informed of the fix immediately. Otherwise incident is escalated to the relevant team for further investigation and diagnosis.
Incident resolution and closure then takes place.
Incident reports are created on a monthly basis and are discussed with the client at account meetings.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Each client is deployed their own private cloud environment which can only be accessed through users created on their specific domain with Active Directory managing the roles and permissions.
The environments are deployed on an individual Virtual Router and Vlan together with a dedicated firewall if required.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £55 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial A complete “trial before you buy’ service with: Dedicated Solution Architect to create a bespoke environment.
Complete environment testing from connectivity, firewalls and VMs.
Trials are available for 30 days, longer periods can be discussed.
Available to new and existing customers.
Seamless transition from trial to production requirements.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑