Tata Communications Ltd

IZO Private Cloud - Infrastructure as a Service (IaaS)

IZO Private Cloud is an enterprise cloud platform, offers flexible, scalable and reliable cloud environment. It provides a flexible platform that allows end-users to create the appropriate combination of compute, network, security, storage, and traffic management services that can meet business needs, & have the flexibility to grow with business.

Features

  • Hybrid Solution - Extend existing IT environments to cloud easily
  • Self-service web based management portal
  • Openstandard based, Flexible platform, Choice(VMware , Hyper-V or KVM)
  • ITIL integrated processes, Auto-ticketing, Audit logs, Compliance
  • Secured Cloud - Firewall, LoadBalaner, WAF, RBAC acces
  • Enterprise SLAs – 99.9% availability
  • 24x7x365 operations manned by 300+ support engineers
  • Integrated service delivery and flexible support models
  • Co-engineered solutions for customized requirements
  • Multiple connectivity options - Private MPLS VPN, Internet

Benefits

  • Cloud Easy to manage, Control and integrate
  • Limit your CapEx, reduces risk and improves time to market
  • Scalable when needed and easy to provision
  • Comply with company and government regulations
  • IaaS - Lower IT footprint, Improved control
  • Improve profitability - Reduce Capex, Pay-as-you-grow
  • Expand customers - Agile market plans, Ability to experiment
  • Improve security posture - Compliance, Threat management
  • Complete Control over your Cloud infrastructure
  • Cost-effective to operate, innovative in features with 24x7 support

Pricing

£50 per virtual machine per month

Service documents

G-Cloud 10

739282531842381

Tata Communications Ltd

Edwin GS P Nadar

+44 7500 809402

edwin.nadar@tatacommunications.com

Service scope

Service scope
Service constraints The services are available in all scenarios due to multiple level of redundancies that us built in at data center and cloud infrastructure. This applicable Service Levels do not apply due to factors outside our reasonable control (for example, natural disaster, war, acts of terrorism, riots, government action, or a network or device failure between your site and our data center);
System requirements Internet connectivity or WAN connectivity to Cloud

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Global Service Desk is available 24*7*365 to customers for incident reporting and management. When an incident is reported by customer and an incident ticket is opened by the global service desk, the global service desk assumes full responsibility for the incident until the ticket is closed. We accept all types of incidents such as Severity 1: Major Fault, Severity 2: Minor fault and Severity 3: Troubleshooting request based on the classification and prioritise.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our Managed Cloud service is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool by our customers or our engineers. Further queries can be submitted to the Service Delivery Manager.
The team provides dashboard to report, capturing and progressing of incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes. A named Technical account manager can be allocated to the client. We engage with our clients to design the relevant support model to fit the business needs, this can be 24*7.We also define SLAs specific to client needs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our proven, expertise in service management delivers a single point of contact for your teams. Our service management goes through service design, delivery, implementation and assurance.
Service delivery and implementation:
We have a defined on-boarding process which detailed planning which includes:
• Developing risk mitigation plans before delivery
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model.
• Introduction and Training on the Service Desk for clients
• Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status
Service transition and assurance:
The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or infrastructure that are being supported. During transition, a Technical Support Document (TSD) is created which forms base document that has all the deployment details. This is maintained as a single document throughout the life of the support service and includes details such as solution architecture, deployment model, managed services reporting etc.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can extract their data across the network via VPN or other secure network protocol .Snapshots of virtual machine images can be provided if required which can then be transferred across a secure link. The Data can be deleted or can be provided to you through the network.

In the event you require a live migration of virtual machines or database data, replication services may be configured.

Design and service documentation is located on the Catalyst portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
End-of-contract process If you feel the need to switch providers, we will work with you to expedite the off-boarding of your Cloud services .Our solutions are all based on standardised architecture , with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete.

As standard, if you wish to move workloads, we will provide secure access to third parties to extract your data and infrastructure configurations to help you get applications up and running in the target environment. If you want to keep the workloads running, but require the managed service to be terminated, the tools and software can be removed, leaving the running workloads.

Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and handover of services to the new provider are aligned precisely to your requirements.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can create and manage incidents, changes and requests through the Catalyst portal.

Customer documentation is stored on the portal, allowing customers to view a dashboard that has their resource utilization, service reports, design documentation and invoices.

Customers can add or remove different type of master, power users or remove users of the portal for their organization and adjust the type of user account they have.

The following is also available through the portal
are available:
• View current monitoring configuration per server
• View device information by individual server or by application group, including uptime, CPU, memory and virtual memory and storage
• Submit and/or view open/closed incidents, changes, and tickets
• Review the latest backup status and schedule auto scaling
• Submit and/ or view escalation, alerts and notifications
• Update images in the repository
• Configure firewall rules, segregate and connect web, app and database zones
• Utilise as a repository of all assets
• Monitor, filter, and view events and event history for devices
• Utilise showback of charge through active directory integration
• Run custom reporting on performance statistics and workflow management
• Basic self service and resource utilisation analytics
Web interface accessibility standard None or don’t know
How the web interface is accessible The web interface is accessible through a variety of browsers and is built using HMTL standards. We are also in the process of allowing API based communications for applications that run on our cloud services to talk to an ecosystem of devices or machines
Web interface accessibility testing No specific web interface technology testing has been undertaken with assistive technology users, however best practice reference architecture based development methods have been used to optimize the end user experience.
API No
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface Used for managing and administering Infrastructure resources from the command line.

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.

Cloud services which provide virtualized operational environments to customers (i.e. virtual machines) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Virtual machine Utilisation
  • Disk
  • Back up status
  • Firewall configurations
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual Machines Images and Snapshots
  • Database
  • Files
  • Storage
Backup controls Backup schedules, retention and type of backup such as daily, incremental etc. are agreed with the customer at the point of contract, documented and implemented as part of the onboarding process. If the customer requirements change, a ticket can be logged to amend the schedule. The appropriate customer documentation will also be updated.

Backup success is reported on a regular basis in the Service Reports provided to the customer. Any backup failures are retried the next day and failure records are reported to the customer.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our platform availability is 99.9%. The Tata Communications Cloud platform is integrated with the IT Service Management (ITSM) processes and methodologies which are driven by workflows to ensure customers can raise service requests for any service amendment. Our SLA covers all components of the infrastructure, including servers, storage and networking.
Approach to resilience We architect our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers are distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios.
We can also configure elastic scaling to ensure the infrastructure scales in line with demand, ensuring high performance across all traffic demands.
Outage reporting Our Incident Management process guides pro-active detecting and logging incidents and requests and ensure technical teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.

In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is limited via the policy defined based on 3 types of roles such as master user, standard user and power user. Customers can use the catalyst portal to add or remove users by integrating the same with active directory as well as assign role based policies. Customers can log tickets via email or telephone and all initial interactions are security validated against a list of known email addresses, persons, telephone numbers and security information.
The default login for our service desk tools is based on username and password.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bureau Veritas
ISO/IEC 27001 accreditation date 26/03/2017
What the ISO/IEC 27001 doesn’t cover None
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Control Case
PCI DSS accreditation date 31/01/2018
What the PCI DSS doesn’t cover This Certificate does not substitute for the need to register with the card brands directly in order to be listed on their website and for them to confirm you as compliant per their individual programs.
Other security certifications Yes
Any other security certifications
  • MTCS Level 3
  • Ministry of IT India
  • ISAE3402/SSE16 SOC2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Tata Communications maintains core security certifications ISO 2700 Security risks, requirements and controls are primarily designed around Confidentiality, Integrity and Availability. Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements.
As we are fully certified in ISO27001 we apply rigorous processes within our development framework to ensure that we develop, configure and manage infrastructure to meet the security needs of our clients.

If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to technical team, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Operations Center.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Tata Communications follows the ITIL definition of change management to provide a standardised method for the management of the risk and impact associated with amending live configuration items. The workflow is configurable based on change classification (emergency, planned etc.).

The Change Team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a structured process: Logging, Assessment, Scheduling, Testing and Plans, Communications, Reporting and Governance.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Tata Communications carries out vulnerability scans using authorised scanning vendors on external interfaces as well as internal scans using market leading products. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. A suitable 3rd party vulnerability and security testing company can be identified as part of the full service offered.
Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Tata Communications leverages industry leading unified security management tools for our pro-active monitoring solution on our platforms.. We have a complete view of our platform by identifying potentially compromised systems and suspicious behaviour, assessing vulnerabilities, correlating and analysing security event data. These are based on key principles such as : Asset Discovery, Behavioural Monitoring, Vulnerability Assessment, SIEM into a single management plane
A centralized log management platform is used to audit access providing real-time searchable data for an holistic view of security, allowing multiple ( unrelated) logs to be linked in a single security event, enabling real-time issue analysis.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Tata Communications proactively monitors the platform and managed VMs on a 24x7x365 basis from the Global Service Management Center (GSMC). GSMC monitors critical components of virtual server elements such as hardware and shared storage using the virtualization software’s native monitoring tools.
Tata Communications monitors additional parameters such as performance, resource consumption and capacity of critical server components such as CPU, memory, cache, disks
The GSMC sets default thresholds for each monitoring parameter and when any threshold is exceeded, the monitoring tools send alerts via email to the GSMC, prompting them to investigate the issue and take any necessary corrective action.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate We provide Multiple hypervisor choice in our Cloud platform.
1. VMware
2. Hyper-V
3. KVM Hypervisor

Orchestration is In-house developed framework based on openstack based architecture. Each customer infrastructure is Isolated with Access Management, Separate DMZ, Dedicated VDOM, Virtual Firewalls, VM's are associated only with customer specific DMZ's. to ensure user can access only their associated VM's and components.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £50 per virtual machine per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Customers can do a free proof of concept to test ur cloud services which includes compute, storage, network; They can test their applications performance on our cloud services for a period of 30 days or more based on their success criteria of our cloud readiness suited for their organization.
Link to free trial https://www.tatacommunications.com/contact/

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑