G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Enonic are still valid.
Enonic

Enonic Cloud Enterprise - Web application platform and CMS

Enonic Cloud Enterprise is a high-performance web application platform that includes the essential components to deliver external and internal facing web applications, services and websites. The platform includes a flexible and feature-rich Web Content Management System (CMS). Clients include government departments, banks, insurers, logistics companies and healthcare providers.

Features

  • Simplified stack that replaces CMS, DB, Search, and Appengine
  • Serverside Javascript (any web developer can implement)
  • Continuous deployment
  • Clustered environment (high availability and performance)
  • NoSQL storage to store any data
  • Container based hosting
  • Metrics for server environment and hosting
  • Live Trace for performance tuning
  • Ready made integrations on market.enonic.com
  • Application management option

Benefits

  • Fresh and responsive admin interface (mobile to large screens)
  • Rich text editor (what you see is what you get)
  • Image handling with focal point and scaling
  • Landing page editor with responsive preview
  • Version control
  • Access rights and roles
  • Schedule publishing
  • Accessibility
  • SEO compliant
  • Supports to user directories for authentication

Pricing

£1,380 to £10,000 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@6dbbfa83-95ab-42f0-8bad-27506d294e89.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

7 6 4 5 6 7 8 1 9 8 9 0 8 9 0

Contact

Enonic <removed>
Telephone: <removed>
Email: <removed>@6dbbfa83-95ab-42f0-8bad-27506d294e89.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No special contraints.
System requirements
Web browser management (supports all major browsers)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depends on SLA. Silver i next business day response, Gold is 7 AM to 7 PM with 5 hours response time. Platinum is 2 hours response time 24/7/365.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We deliver next business day to 24/7/365 support levels. See pricing list for details. Support is generally through our ticket system with dedicated support engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide onsite training and support in addition to documentation for developers and users. We can also provide remote training and support.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Export in XML and folder stucture.
End-of-contract process
XML export is includes in the price.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The admin console is fully responsive. Some functions might not be practical to complete on small mobile screens.
Service interface
Yes
Description of service interface
The Content Studio is the tool for creating and managing content and websites.
Accessibility standards
None or don’t know
Description of accessibility
The interface supports all major web browser and supports keyboard-only navigation. Contrast and use of colours are consistent with requirements.
Accessibility testing
Not much done yet.
API
Yes
What users can and can't do using the API
User typically create and expose their own public APIs built in Javascript on the server using Rest or GraphQL. There's also an application that enables full GraphQL API access for content. Including image scaling and URL generation. This enables reuse of content like a Headless CMS.

Enonic offers comprehensive Java/Javascript APIs. Containers are managed using Docker.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Developer build and customise the full website templating and functionality using Javascript on the server and the template engine of choice. You can also customize content types and build integration with other systems. All customisation of code is packaging in an Enonic Apps.

In addition content, menu structure and page layout can be customised using the Content Studio. You can give access for groups and roles to manage parts of the websites/content.

Scaling

Independence of resources
Based on modern Open Stack infrastructure with pinned hardware.

Analytics

Service usage metrics
Yes
Metrics types
Request tracing details to find bottle necks, CPU, storage, HTTP request and response status, Memory usage, Network, Number of active instances, JVM metrics.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There's a command line tool and an app to run the export function.
Data export formats
Other
Other data export formats
XML and folder structure
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON
  • All files can be uploaded to the Content Studio

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Virtual sub networks for each customer project.

Availability and resilience

Guaranteed availability
Up to 99.9% refund based on the following model based on reduction in availability : 0 to 6 hours: 25%. 6 hours to 12 hours: 50%. 12 hours or more 100%
Approach to resilience
All infrastructure is virtualized and redundant. There's also offsite backups of data and configuration. We also offer clustered customer instances for resilience and scaling.
Outage reporting
E-mail alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
We have support for pluggable authentication. Current support for LDAP, AD, ADFS, Auth0 etc.
Access restrictions in management interfaces and support channels
Username and password. 2 factor if required by customer. We can also restrict based on IP.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
OWASP and ISO-9001 certified framework.
Information security policies and processes
ISO-9001 certified framework with deviations and external auditor.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All configuration is stored using Git.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The service is built on popular technology like Linux, Java and Docker. We monitor updates and deploy patches when needed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We inform the affected customers and proceed to find a solution and patch the system.
Incident management type
Supplier-defined controls
Incident management approach
Incident reporting is defined in our ISO-9001 procedures. Reports are sent by e-mail.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1,380 to £10,000 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Enonic Cloud is based on the free open source platform Enonic XP. It includes all core functionality, except the cloud management features like metrics, backup etc. You can launch Enonic XP for free (if you haven't signed up before) in Google Cloud Platform (https://console.cloud.google.com/launcher/details/enonic-xp-launcher/enonic-xp) or request a trial at https://enonic.com/try.
Link to free trial
https://enonic.com/try

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@6dbbfa83-95ab-42f0-8bad-27506d294e89.com. Tell them what format you need. It will help if you say what assistive technology you use.