e2e-assure Ltd

e2e Managed VM Service

A range of services, purchased as a service with minimum terms from one month. These are fully managed VM services including Operating Systems patching and monitoring. This is cloud independent. We will provide this service to VMs running on customer private, hybrid, public clouds or any other similar cloud service.

Features

• Full managed service for your cloud VMs
• Windows and Linux operating systems supported
• Includes Open Source, Red Hat, Ubuntu, Centos, Fedora, etc
• Options for managed Anti-Virus and Host Intrusion Detection Systems
• Includes patching of your VMs
• Includes maintenance and monitoring of your VMs
• Includes capacity management of your VMs
• Change control and service management included
• Options for host security management (managed anti-virus and host IPS)
• Option for pro-active Performance Monitoring

Benefits

• Allows you to focus on managing your applications
• Allows you to consume the cheapest cloud IaaS available
• Receive the benefits of the cloud without the hassle
• Scale your service level up and down daily or monthly
• Easy to leave with short minimum term
• Have the freedom to choose the best service provider
• Only pay for support of the actual VMs in use
• Enables you to focus on service consumption not management

£0.03 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.peart@e2e-assure.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

751935512811167

Contact

Mark Peart
01666 860108
mark.peart@e2e-assure.com

Service scope

• Service constraints: See Service Definition
• System requirements: See Service Definition

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: See SLA information in Service Definition
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: See Service Definition
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All customer data will remain in situ. Optionally we can also migrate the data out of the service on a time and materials basis.
• End-of-contract process: Off-boarding is included with the following scope: all user access will be revoked and any components containing customer data will be removed and securely wiped.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: We are managing the customer's own cloud infrastructure
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• Backup controls: See Service Definition
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: See Service Definition
• Approach to resilience: All e2e services operated from UK datacentres in three regions (England, Scotland and Wales) with multiple power and Internet Service Providers to ensure resilience. Individual service resilience may be dependent upon the Service Level that is ordered for each service.
• Outage reporting: An incident management and response process will be agreed with each customer with email and phone alerting processes as required.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: If required, support channels will agree processes for authenticating users including named users/accounts and the use of agreed passcodes.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI - Certificate Number 620531
• ISO/IEC 27001 accreditation date: Up to date and current since we first achieved ISO27001:2013 on 17/07/2015
• What the ISO/IEC 27001 doesn’t cover: The whole organisation and all services are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus - November 15th, 2019
  • Police Assured Secure Facilities (PASF) for DCs and e2e Management
  • Classified Material Assessment Toolkit (CMAT) inspections at DCs

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: This is detailed in our ISO 27001:2013 documentation and a full RMADS for all services

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are documented and managed via the internal ticket system. A Separate test environment is used to ensure changes tested prior to being applied to the ‘live environment’. All changes reviewed and approved by appropriate senior staff prior to implementation to ensure they do not compromise security controls.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All services are assessed as a part of the e2e Accreditation Framework with a full IS1/2 risk assessment provided as part of the RMADS. e2e provide comprehensive and detailed protective monitoring services independently for customer environments and all service offerings. Critical security patches are typically deployed within 8 hours. As well as ingesting intelligence which is used by our toolsets and rules engines, threat intelligence is also consumed from CERT-UK, CiSP, other Service Providers and from the NCSC
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: E2e provide comprehensive and detailed protective monitoring services independently for customer environments and all service offerings. The capability provides a comprehensive set of tool-sets to proactively defend customers and services; This includes: Proactive MDR Cyber Defence and Enterprise Risk Management Integrated Enterprise wide coverage with Flexible Log Management, Network Discovery, Asset Management, Traffic Flow Analysis NIDS, Packet Capture, Packet Analysis, Internal and External Vulnerability scanning, Threat Intelligence and Proactive Incident Response. All incidents will follow a predefined incident response playbook with fully automated and manual response actions. Typical response time is 15 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: E2e hasse a range of operational service levels that can be provided to customers. These range from carrying out initial triage and incident prioritisation through to full Incident Management. e2e can run Incident Response through to conclusion should that be required by its customers. Reporting of incidents can be through email or phone and depending upon the service, email reports can be provided or access to the on line ticketing and incident portal is provided.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: We are using tier 3 & 4 datacentres

Pricing

• Price: £0.03 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.peart@e2e-assure.com. Tell them what format you need. It will help if you say what assistive technology you use.