Gamma

Gamma's Cloud Compute & Cloud Backup

Cloud Compute services deliver a cloud based computing infrastructure to meet customers' application requirements. The service offers Compute, Storage and associated Network elements such as Firewalls/Load Balancers. It's deployed on Amazon Web Services (AWS), a platform that is highly reliable and scalable. An optional ‘Backup as a Service’ is available.

Features

  • Utilises Amazon Web Services (AWS)
  • Backup data into the Cloud
  • Virtual machine instances
  • SSD storage devices in 100 GB increments to maximum16 TB
  • Includes Virtual Private Cloud (VPC)
  • Configurable Managed Firewall
  • Optional Load Balancing
  • Optional VPN
  • Included Service Dashboard – Cloud View
  • Full customer audit of requirements provided

Benefits

  • Promotes Cloud first
  • Easily backup data to the Cloud
  • A platform that is highly reliable, scalable and low-cost
  • 4 Server categories to meet varying organisational requirements
  • Virtualise your application environment
  • Store all data off-site in secure AWS data centres
  • Configure IP ranges, subnets, routing tables, gateways.
  • Distributes incoming application traffic across multiple servers
  • Manage from a single portal
  • Proactive live service view

Pricing

£55.00 per server per month

Service documents

G-Cloud 9

726670501382951

Gamma

Sam Winterbottom

0333 014 0555

gcloud@gamma.co.uk

Service scope

Service scope
Service constraints We do not offer applications that require a device driver (a form of integration with the operating system) and 16-bit applications that need to run in shared memory space are not supported
We do not provide disaster recovery options with the Cloud Compute service but backup options are available
We do not offer private virtual servers and services
System requirements
  • Customer must manage own applications
  • Customer must maintain or provide updates/patches to operating system
  • Customer has appropriate Licenses to host applications on Cloud platform
  • Ensure backups are periodically downloaded to ensure continuity of data
  • Ensure applications suitable for migrating to virtualised environment
  • Customer must provide the correct firewall rules

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The Account Management team is available from Monday to Friday 8am until 6pm, with on call cover outside of these hours. Responsibilities include: Product recommendations Order capture Billing or account queries Customer Service Reviews and reporting Customer complaints and escalations The Service Desk is responsible for fault and provisioning support for our products Provisioning questions are dealt with Monday to Friday 8am until 7pm. Fault queries can be logged and updates provided 24x7x365. We aim to resolve queries at first point of contact and will be responded to in line with the SLAs in the Customer Support Plan
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels The support levels below are included in the price of the service. There are no additional service levels.

Cloud Compute and Backup

Priority 1 - Critical fault - Loss of service - multiple services affected 6 clock hours
Priority 2 - High - Loss of service - single service 8 clock hours
Priority 3 - Medium - Disrupted service - multiple or single service 3 working days
Priority 4 - non-critical operational impact that does not restrict users from performing key tasks 8 working days
Appropriately skilled customer support technicians or engineers will manage any issues from beginning to end.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our managed service for Cloud Compute includes initial quote, customer audit, qualified quote, order validation,
network configuration and finally order placement. Each stage allows for refinement and clarification of the
customers’ requirements and includes the opportunity to add a number of additional optional elements such as
VPNs, Load Balancers and Backup Services.
We do provide comprehensive user acceptance and handover documentation. We also supply a customer support manual for all contact points and escalations. We provide comprehensive user training for the web portal. This is offered via onsite training (additional cost), webinar online training, user documentation and a full help section on the web portal. We also provide online and webinar training for our web-based billing and reporting tool. A named Major Account Manager and Customer Development Manager will also be assigned to your account to support you.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction Our Customer Portal is a secure online space giving customers complete visibility of the assets that we manage for them. We offer a complete view of their estate, including Cloud Compute and Backup service details, the product related to that number and its geographical location. All invoices are in one place and kept for 12 months for historical billing information on the services you have taken. This information can be easily downloaded for extraction into excel.
End-of-contract process At the end of the contract the customer moves onto a rolling 30 day contract on our standard rates. Through our online billing and reporting portal, customer can get their asset list, including Cloud Compute and Backup details of the services they currently take with us. This will be provided at no additional cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface We can provide an in-life service view of the customer’s servers and attached storage devices via a ‘Cloud View’
application. Key elements of Cloud View include:
Monitoring of CPU, RAM and storage usage
Proactive alarm monitoring with email, text or call
Alarm escalation logic defined by customer including level 1, 2 and 3 escalation
Historical and trend reporting
The customer’s access to Cloud View is provided as part of the provisioning process with access details and
passwords provided via email following service creation.
Web interface accessibility standard None or don’t know
How the web interface is accessible The Cloud View service is accessible from a standard web browser.
Web interface accessibility testing We have not done any testing with users of assistive tech
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Gamma’s Cloud Compute service is deployed exclusively on Amazon Web Services (AWS), a platform that is highly
reliable, scalable and a low-cost infrastructure platform in the cloud that powers thousands of businesses in 190
countries around the world.
AWS is a secure, durable technology platform with industry-recognised certifications and audits: PCI DSS Level 1,
ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 and SOC 2 audit reports. Their services and data
centres have multiple layers of operational and physical security to ensure the integrity and safety of data.
Usage notifications Yes
Usage reporting
  • Email
  • SMS

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Amazon Web Services

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • The ’Backup Service’ is an optional chargeable feature
  • Application that backs-up their Gamma Cloud SSD storage devices
  • VSS integration enables application consistent backup and recovery
  • Customer manages all Gamma backups from single console
  • Server agents support both Windows and Linux environments
  • WAN-optimised enable efficient secure in-cloud and cross-cloud communication
  • Source-based encryption and source-based global de-duplication
  • Support for AD, DFS, Exchange, SharePoint, SQL
  • Automatic resumption of interrupted backups
  • Incremental backup, globally de-duplicated and compressed
Backup controls The customer is provided with a simple console in order to setup and manage all the Gamma virtual server backups
from a single console. Specific configuration and user details can be found within the BaaS User Guide, noting that
a backup software agent is required on the server.
Unless explicitly agreed otherwise, the following standard retention policy is applied:
Quarterly backup – 1-year retention
7 days of backups (daily)
5 weeks of backups (weekly)
3 months (monthly)
3 quarterly backups (quarterly)
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability for both Cloud Compute and Cloud Backup is defined as the ability of a service to perform its required function over a stated period of time. It is reported as the percentage of time that a service is actually available for use by the customer within agreed service hours.
Availability is calculated as:
Total number of minutes in the measurement period – Unplanned Downtime x 100
Total number of minutes in the measurement period
Note: If a service is partially available then the Unplanned Downtime shall be calculated in equal proportion i.e. if a service is 50% available then the unplanned downtime will be calculated as 50% x elapsed period of the incident.
Availability Measurement Period: 1 Calendar month.
Servers 99.95%
Storage drives (volumes) 99.95%
Cloud Network (Firewall, Load Balancers, VPN) 99.95%
Backup service 99.95%
Service credits will be applicable should the level of core service availability not meet the target monthly percentage. Service Credits applied to Monthly Service rental charges only and requested by the customer to Gamma, with evidence of services that you feel have been impacted.
Approach to resilience Available on request
Outage reporting We can provide an in-life service view of the customer’s servers and attached storage devices via a ‘Cloud View’
application. Key elements of Cloud View include:
Monitoring of CPU, RAM and storage usage
Proactive alarm monitoring with email, text or call
Alarm escalation logic defined by customer including level 1, 2 and 3 escalation
Historical and trend reporting
The customer’s access to Cloud View is provided as part of the provisioning process with access details and
passwords provided via email following service creation.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Customer administrators can set permissions for other users to give them access to certain areas of Cloud View. They are able to restrict access to certain areas of the management and support interfaces.
Access restriction testing frequency At least once a year
Management access authentication Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance Ltd
ISO/IEC 27001 accreditation date 29 April 2016
What the ISO/IEC 27001 doesn’t cover All Gamma internally controlled elements are covered. No external party solutions such as AWS are covered. Independently, they are covered by industry-recognised certifications and audits: PCI DSS Level 1,ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 and SOC 2 audit reports. Their services and data
centres have multiple layers of operational and physical security to ensure the integrity and safety of data.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Gamma have deployed an Information Security Management System Manual (ISMS) which meets and is certified to ISO 27001:2013. It is supported by numerous policies and processes including but not limited to the following: Information Security Policy Information Security Incident Policy Acceptable use policy Access Control Procedure Backup Plan Business Continuity Plan Confidential Data Policy Data Protection Policy The Reporting structure is from employees or customers to the Information Security Manager to the Information security Forum which is attended by several Directors and heads of departments. The Information Security Forum meets monthly to review all security incidents and events and corrective actions are agreed and tracked at this forum. To raise awareness Gamma use a computer based training platform for Security Awareness which is repeated annually. Line Managers have a responsibility to ensure their staff are aware of and follow these policies.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change Control Process covers changes made to operational systems, to mitigate the risks and impacts that any change has and ensures good communication at all stages. Change Management ensures changes to core infrastructure and services are performed and implemented correctly. Best practice guidance, aligned to ITIL (OGC), recommends that the starting point for any change should be a review of generic questions or the ‘seven Rs’. A risk and impact assessment is carried out for each change this involves detailing the assets under change. The Change Advisory Board (CAB) has a representative from each impacted business area.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We use failure mode effects analysis process, conducting regular, systematic assessments of vulnerabilities to determine the necessity of safeguards, countermeasures and controls, monitoring for changes to maintain an acceptable level of risk. Includes identifying key information assets and subjecting them to specific risk assessments, assessing exposure to a list of common threats and vulnerabilities, maintaining risk registers, implementing technical, policy, business continuity and management initiatives; Each patch is assessed and deployed accordingly: High - Urgently. Medium - ASAP. Low - as time permits. Gamma utilise many Vendor sources and industry RSS feeds, CERT, Ubuntu and Debian. Member of CiSP.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Gamma utilise GPG 13 guidance. Gamma have built a Security Information & Event Management Solution (SIEM) to identify potential compromises. If a compromise is found it is investigated. A Security Incident is raised to track the investigation, root cause and solutions if required to rectify or improve the situation. We respond to incidents as close to real time as practicable.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Gamma have an Incident Management process which has numerous pre-defined sub groups of staff designated for particular products or scenarios. It can be initiated by any member of staff and is managed by the 24/7 Network Operations Centre (NOC). Any incident is reported by the customer to the Service Desk, it is recorded in a customer relationship management tool (CRM) and an Incident report is produced after root cause analysis has taken place. Any Incident reports are made available to end users via pdf.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Amazon Web Services
How shared infrastructure is kept separate AWS is a secure, durable technology platform with industry-recognised certifications and audits: PCI DSS Level 1,
ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 and SOC 2 audit reports. Their services and data
centres have multiple layers of operational and physical security to ensure the integrity and safety of data.
The AWS services deployed by Gamma are supported by the robust controls in place at AWS to maintain security
and data protection in the cloud. All the relevant compliance features that are available from Amazon can be found
here: https://aws.amazon.com/compliance/

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £55.00 per server per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑