This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Innovate Ltd are still valid.
Innovate Ltd

Archiving, back-up, disaster recover & business continuity

Cloud9's flexible services, provisioning and pricing ensuring the perfect cloud solution delivered for Most Economically Advantageous Tender (MEAT), enabling your organisation's ICT/Cloud Vision and move to Zero IT.

Cloud9 owns and operates it's own national cloud platform; a highly optimized fully featured portfolio of scalable service. Also available on Janet.

Features

  • Back-up Hypervisor, Virtual Machine or Bare Metal
  • Supported directly from Veeam Cloud Connect or Infrascale
  • Ability to load-balance or fail-over at eBGP level
  • Restore directly to Cloud9 Servers
  • IDS, IPS, AV, Firewall, Load-balancers with Cisco FirePower
  • Block & Object storage; S3 & Blob equivalent, Veeam CloudConnect
  • Directly connected to Joint Academic Network (JANET)
  • Private Cloud - Dedicated, Onsite Dedicated, Shared or Hybrid
  • Back-up, Disaster Recover & Business Continuity as a Service
  • UK Only Data Centre's IL3 or higher with ISO27001

Benefits

  • Environment designed with you to your performance criteria
  • Access to Cloud Architects for support with optimisation
  • Focus on RTO, RPO and restore location
  • Minimum risk, balanced approach for different services
  • Lower cost, higher performance & more secure than Public Cloud
  • Service Performance you test & sign-off on before you commit
  • Full cloud stack available in addition, including PaaS & VDI
  • Available on Janet; interconnected with PSN, N3 & HSCN
  • Used by ISV's to deliver SaaS or IoT services
  • Fixed pricing-model; know exactly what you are paying - MEAT

Pricing

£9 to £10 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@91c901ff-af5a-4e42-a63f-38267171d2da.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

6 8 3 1 6 1 9 4 1 0 1 1 6 2 6

Contact

Innovate Ltd <removed>
Telephone: <removed>
Email: <removed>@91c901ff-af5a-4e42-a63f-38267171d2da.com

Service scope

Service constraints
No major service constraints.

Cloud9 is designed to support organisations and users rather than constraining them.

Planned maintenance windows are discussed with customers to minimize any impact.

Janet users can connect directly to Cloud9, they can also access Cloud9 through open Internet or Point to Point.

All our Data Centre's are already ISO27001 certified, Cloud9 already adheres to best practice around security and governance.

Cloud9 are actively working towards ISO27001 certification and expect to have this when G-Cloud9 is awarded or very soon after

We can obtain higher security clearance if required where sponsored and with costs covered.
System requirements
  • Customers need to have a way of accessing the platform
  • Janet customers need available bandwidth on the Janet network
  • PSN users can access Cloud9 through a Janet Interconnect
  • N3 & HSCN can access Cloud9 through a Janet Interconnect
  • Customer needs 1st Line Support Desk

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 working hours or as agreed in an SLA
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Commercial Support includes a named Account Manager, monthly Service Review documentation and Quarterly service improvement / strategic planning discussions.

Service reviews provide a transparent way of summarising service performance, billing, change requests, risk register, agreed actions and P1-P3 incidents and details of all SLA reports and helpdesk calls.

Cloud9 Infrastructure & Platform Support levels:
1. Cloud9 supports and patches the hypervisor level, the customer patches their Platforms, any additional support required is done so on a Time & Material basis
2. Access to Cloud Architects and system experts
3. Architects help scope & design where needed
4. Support per VM instance as either (Charged per VM):
4a. Monitoring only
4b. Patched & Supported OS
4c. UK Working hours, Extended hours or 24x7x365
5. Named contacts for Commercial and Technical escalations are provided (inc)
6. Monthly or quarter service reviews cover full SLA breakdown, Service Improvement Plans, billing & scheduled maintenance (inc)
7. Customer provided named contact to Support desk (inc)
8. Can incorporate bespoke maintenance patching windows (inc)
9. Can incorporate customer Major Incident Policy (inc)

Support charges are detailed in our price book.

A primary Cloud9 Architect / Support Engineer is assigned to each customer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full training is provided (online or onsite) to run through all aspects of the service based on an agreed SoW which details the level of support, migration, testing and training required.

The main focus is to train system administrators in how to best utilise the platform, how to monitor, report and implement changes and how to invoke back-up or DR.

Training is provided by qualified internal Cloud9 personal who themselves are responsible for day to day activities associated to management and administration of Cloud9 systems.

Importantly we also focus on understanding non-technical and procedural changes. We can also sub-contract cultural and business process management re engineering to a specialist 3rd party such as Stable Logic (see price book & service description document).

Cloud9 also provide documentation for training, support purposes, auditing and compliance. Documentation covers the design of the Cloud9 environment, the security documentation which includes supported protocols and network ports any back-up and retention policies including the portal to manage back-up locations, destinations, retention and restorations.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Cloud9 offer a managed transition or Exit that covers:

1 - Managed transition to an alternative provider; process detailed in the Agreement and a SoW will be produced to cover all aspects of contract exit, charged on time & material basis.

2 - User or nominated 3rd party, migrates data to new platform, typically using standard software to do so with limited support from Cloud9 (charged on Time & Material basis)

Cloud9 will then securely remove all user data for the platform in accordance to an Exit Plan. Customers need to ensure they have copies of any data including back-ups and event logs.

In some instances it is possible for the customer to buy dedicated Cloud9 infrastructure or assets at an agreed market rate. Onsite assets (such as VDI zero clients) can be detailed in an assets register for customers to purchase at the end of a service Term.

Cloud9 can (upon request) provide a certification confirming full data removal and system cleaning, which includes the method used and date of completion. Cloud9 ask that the customers administrator removes and destroys all customer data within the Cloud9 environment prior to a full system cleanse.
End-of-contract process
The contract and Sales Order will detail all the pricing elements for the delivery and running of the services
as and when the agreement ends. The customer may wish to extend for an additional or shorter term, these commercial terms can be accommodated under G-Cloud9 guidelines / restrictions.

Should the customer wish to exit at the end of the contracted term, then the Exit Plan will be invoked. This document looks at an exit plan including migrating services to another provider, to internal platforms or whatever other options have been detailed. This will also include likely costs.

At this time a formal SoW will be produced to detail the level of involvement required from Cloud9 to transition services to another provider. This is charged on a Time & Materials basis, the rates of which are details at the start of the Agreement (see price book - Cloud9 professional services).

A Customer may wish to request the new provider assists with the transition and therefore limiting assistance and costs from Cloud9 .

Cloud9 will always look to provide professional support and assistance to reduce risk and maintain service during any major transition.

Using the service

Web browser interface
Yes
Using the web interface
Cloud9 supports a number of interfaces for specific set-up's, such as System Centre 2016, Azure Pack, Jelastic, Eucalyptus (for AWS look at feel UI on KVM).

The web portal / UI is set-up for each customer by Cloud9. Each customer will be given an administrator account and expected to manage users accounts and security. The initial set-up will be based on agreed requirements, training on how to use the web interface and manage changes, including understanding best practice and support for change control, compliance and documentation.

Services are accessed through standard UI's or web-browsers. The UI's are designed to provide the feature sets required to support the needs of the administrator. Changes are logged and Cloud9 can provide time & material support (per day or per hour).
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Interface available as Web UI via web broswer or CLI through access controls
Web interface accessibility testing
We use standard Web technologies and security methods to reduce risk, such as HTTPS, SSL and support various access control methods.
Vendor specific UI's have been tested and are supported by them, the Cloud9 in-house UI has a dedicated development team who have controlled releases and a QA process.
API
Yes
What users can and can't do using the API
Cloud9 API's provide access to all types and operations, available as REST API, customers can gain better integration into the Cloud Services platform. Operational and performance motioning can provide insight and control, delivering automation and business intelligence. The REST API covers:

User Operations
User Elements
User Types
Extension Operations
Extension Elements
Extension Types
Admin Types
Admin Elements
Admin Operations

The requirements for integration can be discussed at an early stage to capture the requirement and ensure the right technology is deployed to support the stated outcomes. Cloud9 do not offer API coding however do provide supporting documentation to customers for the platforms API's.
API automation tools
  • Chef
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface
Full API functionality is available from the CLI

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
The Cloud9 environment is logically segregated with resource allocated to each environment ensuring consistent performance of all users on each customer environment.

This approach ensures no one customer can act as a resource thief against another and that complete independence exists. When customers approach resource limits, scale can be applied to a predefined upper agreed limit. This is monitored closely by the Cloud9 Infrastructure team who continually assess platform capacity, density and utilisation as part of infrastructure planning to ensure we maintain between 60-80% capacity to ensure we have a competitive price point, balanced with the ability to scale.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Service availability
  • Windows event logs
  • Resource history (changes)
  • Memory performance
  • Machine utilisation
  • Network performance
  • IDS/IPS & Network Security
  • Helpdesk performance - Support
  • Proactive alerts - optimisation / performance
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Hypervisor
  • Baremetal
  • Virtual Machine
  • Operating System
  • IOS, MAC OSX, Windows, Android, Linux
  • Utilise Veeam Cloud Connect or Infrascale
  • Back-up to and restore from Cloud9 environment
  • Support for Hot-Standby or full replication
Backup controls
Each user has a dedicated UI to manage back-up routines, set retention policies and periods and invoke restoration to an existing restoration device; which can be a Cloud9 server on a pre-allocated vLAN.

Many organisations will already be using Veeam Cloud Connected which is fully supported and heavily used by Cloud9. Infrascale is also used in some instances.

Users have full control over setting schedules for data sets.

All data is encrypted locally on the source device, encrypted in transit and at rest at the Cloud9 destination.

Alerts based on failed back-ups can be sent
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Cloud9 deals with SLA's in a couple of ways. Firstly by paying our service credits where an outage has occurred. Services come with a 99.99% SLA as standard, however some designs my be highly available and therefore have a higher SLA:

Cloud9 Services Availability 99.99% or Higher - None
Cloud9 Services Availability 99.5% - 99.89% = 5%
Cloud9 Services Availability 99.49% - 99.00% = 10%
Cloud9 Services Availability 98.99% - 97.00% = 15%
Cloud9 Services Availability 96.90% - 96.00% = 20%
Cloud9 Services of less than 96.00% = 25%

Cloud9 associate SLA performance with Material Breach so customers can exit an Agreement due to continual poor performance.

Cloud9 allow customers to go through User Acceptance Testing & Sign-off pre-billing to reduce risk of performance related issues and minimising commercial risk or exposure; this also ensure customer know how the platform performs.

Cloud9 also looks at the platform performance, not just it's On/Off availability, performance is what users notice and so our focus is on consistent, high performance and service continuity. A significant amount of focus is around performance of the environment, including platform latency and capacity to ensure user-experience.

Cloud9 also has a Support response time and severity SLA.
Approach to resilience
Resiliency comes down to requirements and budget. If a customer doesn't require a resilient service (or application) then they are not forced to pay for it, however a number of options exist to support various levels of resiliency based on SLA, performance and budgetary requirements:

- Local back-up's of Hyperviser or VM's are taken periodically, encrypted and stored either location or locall and on 2nd location for restoration
- High Availability design - this allows users to have hot standard by environments in a secondary location
- Load-balanced architecture - an environment whereby 50% of the users go to 1 location and 50% to a second location, each location capable of supporting 100% of users
- SDN created over multiple DC's with resource (CPU, RAM, Storage) or VM's available on that network

Cloud9 operate from multiple UK data centres (from a number of providers) each location having a minimum of two network connections from different operators.

Cloud9 is built on C7000 HP Blades in a grid design, meaning every single machine uses resource from multiple blades, further reducing single points of failure.
Outage reporting
Email alerts to named customer support contacts or generic email address.
Phone call to customer support contact or helpdesk.
API with platform or service management application.

Our Support desk pro-actively contact customers to highlight any high priority (P1-P3) incidents. We discuss impact and resolution or any preventative action already taken by our Infrastructure team.

P4 or lower issues are generally dealt with over email.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
All management interfaces are only accessible by named and security vetted individuals via a two factor authenticated session on an IPSEC v2 VPN tunnel.

All connections are logged and audited.

Multiple failed attempts automatically lock the individual user account with automated notification sent.

All passwords are timed and must be unique and can't be recycled.

Cloud9 also support Software Defined Networking (SDN) virtualisation technologies, including Network Virtualization using Generic Routing Encapsulation (NVGRE) and Virtual Extensible LAN (VXLAN). These technologies are designed to supported better connectivity, access and scalability specifically for cloud computing environments.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Centre for Assessment Ltd
ISO/IEC 27001 accreditation date
07/12/2017
What the ISO/IEC 27001 doesn’t cover
None
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Data Centre environments are PCI DSS certified
  • Data Centre environments are ISO27001 certified
  • Data Centre environments are HIPAA certified
  • Data Centre environments are Cyber Essentials certified
  • We expect to be fully ISO27001 certified by May 2017
  • We expect to have Cyber Essentials certification by June 2017

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Cloud9 have an internal CISO (Chief Information Security Officer) who is ultimately responsible for the security and integrity of the Cloud9 platform and services; including customer environments, all of which are approved (either as blue-print or bespoke designs).

The CISO reports directly to the Cloud9 CTO and the Board covering strategy, risk management, planning, systems, processes, compliance, governance and continual improvement.

The Cloud9 CISO is also responsible for internal processes and procedures, ensuring they are followed inline with internal and ISO standards. The InfoSecurity team are also responsible for following, monitoring and improving systems and process as well as keeping up to date with a number of key elements, including:
- Physical security to Data Centres; Co-location Racks and Cloud9 office locations
- Environmental Controls within Data Centres
- Secure Access Management to Cloud9 platforms and Customer networks on Cloud9 platforms
- Network Infrastructure and Integrity; this also cover DDOS protection, Disaster Recovery, customer SLA's and single points of failure
- Human Resources to cover background checks and screening of employees who must also undertake security awareness and training on procedures and documentation
- Operational Security which covers incident management, patching and updates, documentation, training, accreditation, certification and continual improvement

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes made by the Customer to their Private Cloud environment which they support themselves, is done so at the Customers risk.
Where Cloud9 provide Support of the Customers environment, all change requests must be formally submitted and approved by Cloud9, they are fully audited and assessed against risk. The request has to include:
1. Reason
a. Improving security
b. Improving performance or functionality
c. Reduce operational overhead or cost
2. Request to be approved by Cloud9’s:
a. Service Manager
b. System Architect
c. InfoSecurity
3. Change request must include:
a. Expected outcome
b. Test plan
c. Roll-back plan
d. SoW
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All systems are scanned for vulnerabilities every month. Cloud9 uses the Common Vulnerability Scoring System (CVSS) for all Common Vulnerabilities and Exposures (CVE) provided by the National Vulnerability Database.

Scoring for non-CVE vulnerabilities is provided by UB’s vulnerability scanning tool. A priority is placed on patching or mitigating the vulnerability based on these scores and the logical location of the vulnerability within Cloud9's network infrastructure. Remediation occurs within 10 business days for critical vulnerabilities.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our service management processes are ITIL V3 aligned and have particular focus upon Security Incident Management and Continuous Service Improvement. Some of the components of this system have been provided below:
- Network and Host based IDS/IPS
- Traffic monitoring and intelligent traffic analysis
- Packet capture and analysis to enable investigations into alerts
- DNS monitoring to detect DNS lookups to known or suspected malware
- Botnet monitoring – hunts for and alerts on any type of connection
- Web and email threat monitoring
- Geographic analysis of all attacks and traffic

Automated systems ensure ultimate continual protection.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Prevention: The understanding of and application of insight gained from the intelligence

Detection: The interpretation of any events of interest occurring to discriminate between legitimate and abnormal events to identify anomalous activity

Investigation: The analysis of anomalies to determine whether they are emerging threats that may lead to a security incident

Reaction: Our analysts use tailored, predefined and configured Playbooks to efficiently inform their reaction to an identified threat

Response: The planning of effective mitigations in response to the cyber-attack, the communication of these plans to all relevant stakeholders, and the collaboration with all relevant parties to carry out mitigations.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
An organisation is the container for a tenant and forms logical boundaries between tenants. Each organisation gets units of resources defined by the Org vDCs it has. The resources that get defined at the Org vDC are compute, storage and network.
When a Org vDC is created, a Provider vDC is used to allocate resources to the Org vDC. The Provider vDC maps these resources into different containers, which isolates the units of compute.

Energy efficiency

Energy-efficient datacentres
Yes

Pricing

Price
£9 to £10 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A customised trial can be arranged in a limited form for a 30-day period.

Customer go through User Acceptance Testing to ensure the Cloud9 solution is fit for purpose.

Trails may be limited in functionality and integration.

All Terms & Conditions apply to trail users
Link to free trial
http://www.cloud9enterprise.co.uk/contact-us/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@91c901ff-af5a-4e42-a63f-38267171d2da.com. Tell them what format you need. It will help if you say what assistive technology you use.