IZO Private Cloud is an enterprise cloud platform, offers flexible, scalable and reliable cloud environment. It provides a flexible platform that allows end-users to create the appropriate combination of compute, network, security, storage, and traffic management services that can meet business needs, & have the flexibility to grow with business.
- Hybrid Solution - Extend existing IT environments to cloud easily
- Self-service web based management portal
- Openstandard based, Flexible platform, Choice(VMware , Hyper-V or KVM)
- ITIL integrated processes, Auto-ticketing, Audit logs, Compliance
- Secured Cloud - Firewall, LoadBalaner, WAF, RBAC acces
- Enterprise SLAs – 99.9% availability
- 24x7x365 operations manned by 300+ support engineers
- Integrated service delivery and flexible support models
- Co-engineered solutions for customized requirements
- Multiple connectivity options - Private MPLS VPN, Internet
- Cloud Easy to manage, Control and integrate
- Limit your CapEx, reduces risk and improves time to market
- Scalable when needed and easy to provision
- Comply with company and government regulations
- IaaS - Lower IT footprint, Improved control
- Improve profitability - Reduce Capex, Pay-as-you-grow
- Expand customers - Agile market plans, Ability to experiment
- Improve security posture - Compliance, Threat management
- Complete Control over your Cloud infrastructure
- Cost-effective to operate, innovative in features with 24x7 support
£50 per virtual machine per month
- Education pricing available
Tata Communications Ltd
Edwin GS P Nadar
+44 7500 809402
|Service constraints||The services are available in all scenarios due to multiple level of redundancies that us built in at data center and cloud infrastructure. This applicable Service Levels do not apply due to factors outside our reasonable control (for example, natural disaster, war, acts of terrorism, riots, government action, or a network or device failure between your site and our data center);|
|System requirements||Internet connectivity or WAN connectivity to Cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Global Service Desk is available 24*7*365 to customers for incident reporting and management. When an incident is reported by customer and an incident ticket is opened by the global service desk, the global service desk assumes full responsibility for the incident until the ticket is closed. We accept all types of incidents such as Severity 1: Major Fault, Severity 2: Minor fault and Severity 3: Troubleshooting request based on the classification and prioritise.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Our Managed Cloud service is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool by our customers or our engineers. Further queries can be submitted to the Service Delivery Manager.
The team provides dashboard to report, capturing and progressing of incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes. A named Technical account manager can be allocated to the client. We engage with our clients to design the relevant support model to fit the business needs, this can be 24*7.We also define SLAs specific to client needs.
|Support available to third parties||Yes|
Onboarding and offboarding
Our proven, expertise in service management delivers a single point of contact for your teams. Our service management goes through service design, delivery, implementation and assurance.
Service delivery and implementation:
We have a defined on-boarding process which detailed planning which includes:
• Developing risk mitigation plans before delivery
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model.
• Introduction and Training on the Service Desk for clients
• Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status
Service transition and assurance:
The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or infrastructure that are being supported. During transition, a Technical Support Document (TSD) is created which forms base document that has all the deployment details. This is maintained as a single document throughout the life of the support service and includes details such as solution architecture, deployment model, managed services reporting etc.
|End-of-contract data extraction||
Users can extract their data across the network via VPN or other secure network protocol .Snapshots of virtual machine images can be provided if required which can then be transferred across a secure link. The Data can be deleted or can be provided to you through the network.
In the event you require a live migration of virtual machines or database data, replication services may be configured.
Design and service documentation is located on the Catalyst portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
If you feel the need to switch providers, we will work with you to expedite the off-boarding of your Cloud services .Our solutions are all based on standardised architecture , with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete.
As standard, if you wish to move workloads, we will provide secure access to third parties to extract your data and infrastructure configurations to help you get applications up and running in the target environment. If you want to keep the workloads running, but require the managed service to be terminated, the tools and software can be removed, leaving the running workloads.
Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and handover of services to the new provider are aligned precisely to your requirements.
Using the service
|Web browser interface||Yes|
|Using the web interface||
Users can create and manage incidents, changes and requests through the Catalyst portal.
Customer documentation is stored on the portal, allowing customers to view a dashboard that has their resource utilization, service reports, design documentation and invoices.
Customers can add or remove different type of master, power users or remove users of the portal for their organization and adjust the type of user account they have.
The following is also available through the portal
• View current monitoring configuration per server
• View device information by individual server or by application group, including uptime, CPU, memory and virtual memory and storage
• Submit and/or view open/closed incidents, changes, and tickets
• Review the latest backup status and schedule auto scaling
• Submit and/ or view escalation, alerts and notifications
• Update images in the repository
• Configure firewall rules, segregate and connect web, app and database zones
• Utilise as a repository of all assets
• Monitor, filter, and view events and event history for devices
• Utilise showback of charge through active directory integration
• Run custom reporting on performance statistics and workflow management
• Basic self service and resource utilisation analytics
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||The web interface is accessible through a variety of browsers and is built using HMTL standards. We are also in the process of allowing API based communications for applications that run on our cloud services to talk to an ecosystem of devices or machines|
|Web interface accessibility testing||No specific web interface technology testing has been undertaken with assistive technology users, however best practice reference architecture based development methods have been used to optimize the end user experience.|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||Used for managing and administering Infrastructure resources from the command line.|
|Independence of resources||
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.
Cloud services which provide virtualized operational environments to customers (i.e. virtual machines) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Backup schedules, retention and type of backup such as daily, incremental etc. are agreed with the customer at the point of contract, documented and implemented as part of the onboarding process. If the customer requirements change, a ticket can be logged to amend the schedule. The appropriate customer documentation will also be updated.
Backup success is reported on a regular basis in the Service Reports provided to the customer. Any backup failures are retried the next day and failure records are reported to the customer.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users can recover backups themselves, for example through a web interface|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Our platform availability is 99.9%. The Tata Communications Cloud platform is integrated with the IT Service Management (ITSM) processes and methodologies which are driven by workflows to ensure customers can raise service requests for any service amendment. Our SLA covers all components of the infrastructure, including servers, storage and networking.|
|Approach to resilience||
We architect our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers are distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios.
We can also configure elastic scaling to ensure the infrastructure scales in line with demand, ensuring high performance across all traffic demands.
Our Incident Management process guides pro-active detecting and logging incidents and requests and ensure technical teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.
In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.
Identity and authentication
|Access restrictions in management interfaces and support channels||
Access is limited via the policy defined based on 3 types of roles such as master user, standard user and power user. Customers can use the catalyst portal to add or remove users by integrating the same with active directory as well as assign role based policies. Customers can log tickets via email or telephone and all initial interactions are security validated against a list of known email addresses, persons, telephone numbers and security information.
The default login for our service desk tools is based on username and password.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Bureau Veritas|
|ISO/IEC 27001 accreditation date||26/03/2017|
|What the ISO/IEC 27001 doesn’t cover||None|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Control Case|
|PCI DSS accreditation date||31/01/2018|
|What the PCI DSS doesn’t cover||This Certificate does not substitute for the need to register with the card brands directly in order to be listed on their website and for them to confirm you as compliant per their individual programs.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Tata Communications maintains core security certifications ISO 2700 Security risks, requirements and controls are primarily designed around Confidentiality, Integrity and Availability. Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements.
As we are fully certified in ISO27001 we apply rigorous processes within our development framework to ensure that we develop, configure and manage infrastructure to meet the security needs of our clients.
If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to technical team, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Operations Center.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Tata Communications follows the ITIL definition of change management to provide a standardised method for the management of the risk and impact associated with amending live configuration items. The workflow is configurable based on change classification (emergency, planned etc.).
The Change Team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a structured process: Logging, Assessment, Scheduling, Testing and Plans, Communications, Reporting and Governance.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Tata Communications carries out vulnerability scans using authorised scanning vendors on external interfaces as well as internal scans using market leading products. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. A suitable 3rd party vulnerability and security testing company can be identified as part of the full service offered.
Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Tata Communications leverages industry leading unified security management tools for our pro-active monitoring solution on our platforms.. We have a complete view of our platform by identifying potentially compromised systems and suspicious behaviour, assessing vulnerabilities, correlating and analysing security event data. These are based on key principles such as : Asset Discovery, Behavioural Monitoring, Vulnerability Assessment, SIEM into a single management plane
A centralized log management platform is used to audit access providing real-time searchable data for an holistic view of security, allowing multiple ( unrelated) logs to be linked in a single security event, enabling real-time issue analysis.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Tata Communications proactively monitors the platform and managed VMs on a 24x7x365 basis from the Global Service Management Center (GSMC). GSMC monitors critical components of virtual server elements such as hardware and shared storage using the virtualization software’s native monitoring tools.
Tata Communications monitors additional parameters such as performance, resource consumption and capacity of critical server components such as CPU, memory, cache, disks
The GSMC sets default thresholds for each monitoring parameter and when any threshold is exceeded, the monitoring tools send alerts via email to the GSMC, prompting them to investigate the issue and take any necessary corrective action.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||
We provide Multiple hypervisor choice in our Cloud platform.
3. KVM Hypervisor
Orchestration is In-house developed framework based on openstack based architecture. Each customer infrastructure is Isolated with Access Management, Separate DMZ, Dedicated VDOM, Virtual Firewalls, VM's are associated only with customer specific DMZ's. to ensure user can access only their associated VM's and components.
|Price||£50 per virtual machine per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Customers can do a free proof of concept to test ur cloud services which includes compute, storage, network; They can test their applications performance on our cloud services for a period of 30 days or more based on their success criteria of our cloud readiness suited for their organization.|
|Link to free trial||https://www.tatacommunications.com/contact/|