Migration Solutions Holdings Ltd

Ubuntu 16.04 General / 1vCPUs / 2GB RAM / 10GB Storage

UK based public cloud service delivering an Ubuntu 16.04 General virtual server with 1vCPU's, 2GB RAM and 10GB Storage.

Features

  • Built on open standard solution platform
  • Simple to deploy and manage
  • Scalable and elastic architecture
  • Ability to create as many interfaces as needed per instance
  • Firewall through port level security groups
  • Ability to deploy custom applications
  • Ability to add multiple volumes

Benefits

  • Paying only for what you need, when you need it
  • Simple portal access to build and configure your solution
  • Pay per use with no minimum contract term
  • Complete control over your service and technology
  • Power to alter your configuration quickly and easily, any time
  • Switch the service on and off according to your needs
  • Access the portal from any device
  • Cost-efficiently accommodates workload fluctuations by controlling your network infrastructure
  • Adding and managing users, controlling access rights and assigning privileges
  • Deploy services in multiple locations

Pricing

£0.026 per unit per hour

  • Education pricing available

Service documents

G-Cloud 9

797142671088009

Migration Solutions Holdings Ltd

GCloud Sales

01603 510321

gcloud@migsolv.com

Service scope

Service scope
Service constraints MIGSOLV will deliver against the services as described and defined in the Service Name under the predefined service level agreements.
System requirements
  • All application software to be provided by client.
  • Bespoke software is not guaranteed to be supported.
  • Anti-virus software to be provided by client.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response to a ticket request is within 30 minutes and response times are the same at weekends as week days (24 hours).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels MIGSOLV has defined four Priority Levels.
1 - Urgent
Security breach or total loss of service.
2 - High
Service impaired or degraded
3 - Medium
Service change requests, non-urgent tasks
4 - Standard
Non service affecting works

Response times
All work windows are 24/7/365

1 - Urgent
First line response - 15 minutes
First line trouble shooting - 15 minutes
Second line Escalation after 30 minutes
Target resolution time - 2 hours

2 - High
First line response - 30 minutes
First line trouble shooting - 1½ hours
Second line Escalation after 2 hours
Target resolution time - 4 hours

3 - Medium
First line response - 30 minutes
First line trouble shooting - 4 hours
Second line Escalation after 4½ hours
Target resolution time - 8 hours

3 - Standard
First line response - 30 minutes
First line trouble shooting - n/a
Second line Escalation after 1 hour
Target resolution time - 1 business day

The cost is included within the agreement.

Support engineers are included.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started MIGSOLV can provide resources to assist with the on an off boarding of a client, although the portal and cloud deployment is designed to be self-servicing, we do offer tutorials and assistance via telephone and email to help with client enquiries during the on and off boarding process, something we recognise as critical to successful cloud migration.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction It is the responsibility of the customer to extract their data at the end of the contract, however, MIGSOLV does not automatically delete services at the end of any contract period. MIGSOLV will assist customers to extract their data to a suitable medium as supplied and requested by the customer.
End-of-contract process MIGSOLV will assist the customer to extract its data at the end of the contract without additional cost. Should an interim technology or data centre solution be required by the customer MIGSOLV would be happy to consider short term contracts ot overcome temporary situations.

Using the service

Using the service
Web browser interface Yes
Using the web interface The web interface is avaiable for users to create accounts and set up services, as well as to make changes to their services.
Access to the interface is via secure password log in.
Web interface accessibility standard None or don’t know
How the web interface is accessible The interface is accessible via the internet and standard web browsers.
Web interface accessibility testing MIGSOLV is looking at ways to make its services accessible to as a wider user community. MIGSOLV has not yet participtated in any interface testing but this requirement has been noted for future development.
API No
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface The command line interface is via standard command line tools depending on the chosen installation, Linux, Unix or Windows. Customers can choose their preferred command line tools and text editors.
Scripts have been created that users can ‘copy and paste’ to set up a service through the command line interface. There is also documentation on the use of the command line interface.
Other than application level, user authorisation level and user knowledge there are no limitations on making changes via the command line interface.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources All systems are monitored as part our capacity management reporting. When a system is more that 70% utilised steps are taken to upgrade the system. Also, as part of the customer commissioning process, a judgement is made on the likely resource use of the intended system.
Usage notifications Yes
Usage reporting Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Physical access control complies with the requirements of ISO27001 and the requirements of PCI DSS. Additionally, MIGSOLV 's access control is independently checked by NACTSO.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • All virtual machine instances
  • Data including files, OS and images
Backup controls Via the online portal users are able to schedule backups from different environments on different schedules.
Datacentre setup Single datacentre
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network The MIGSOLV data centre is connected to the JANET network via a secure connection in Telehouse North.

Availability and resilience

Availability and resilience
Guaranteed availability MIGSOLV has designed its systems to have at least N+1 resilience. The VMWare employed has resilience built in by design. MIGSOLV guarantees availability subject to our terms of service. Customers are encouraged to discuss the level of resilience needed so that we can ensure that the designed solution meets the customer requirements as the design of applications installed can affect he overall system resilience and would be out of MIGSOLV’s control. SLA for availability, and refunds for failure to our obligations are set out in our Master Services Agreement (attached at the end of this service offering).
Approach to resilience This information is available on request.
Outage reporting Outage reporting is via email alert to the Service Desk and via a dashboard that is available to clients. In some circumstances customers may be contacted directly by telephone as per out incident escalation process.

Identity and authentication

Identity and authentication
User authentication
  • Username or password
  • Other
Other user authentication Users are authenticated via username and password which meet strict criteria (length and composition).
Access restrictions in management interfaces and support channels Access is restricted to on-net authorised users, or users with authorised access by VPN. Access is via username or password and access given to users on a ‘need to access’ basis.
External suppliers requiring access to systems connect via a secure VPN connection if off site with dedicated log in credentials to ensure that an audit trail of user access is maintained.
Access restriction testing frequency At least every 6 months
Management access authentication Other
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bureau Veritas
ISO/IEC 27001 accreditation date 11/09/2012
What the ISO/IEC 27001 doesn’t cover The whole site and systems are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification MIGSOLV Self certified
PCI DSS accreditation date 16/7/2016
What the PCI DSS doesn’t cover MIGSOLV does not cover anything not relating to physical security.
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes MIGSOLV's information security policies and processes are built on the requirements of ISO27001:2013.
Our documented policies include:
Computer Usage Policy
Document Classification and Control Policy
Recruitment Policy
Contracts and NDA policy
Data Protection Act Policy
BCP and DR policy
Laptop and Mobile device policy
IS Physical and Logical Environment policy
Security Policy statement
Legal Compliance policy
Hardware and Software policy
Access Control Policy
CCTV Policy and Procedure

Additionally, we have documented processes that include:
Operations Manual
Staff Handbook
Organisational Assets
Roles and Responsibilities
Training
Building Incident reporting
Network topology
Change management
Starter and leaver processes
Site inductions/toolbox talks
Emergency procedure
Contact and Escalation process
Health and Safety

Reporting Structure
MIGSOLV has a fairly flat reporting structure. Staff report to their line manager (e.g. Data Centre/Service Desk Manager, Maintenance Manager etc., who report directly to the Managing Director.
Policies are reviewed as part of the ISO27001:2013 review process. Both Internal audits and external audits (from Bureau Veritas) are carried out to ensure that processes are followed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Components of our services are tracked via our asset database (CMDB) throughout their lifetime. All new equipment has its details added to the CMDB (including serial number).
Changes are managed via an RFC (request for change). Changes are categorised (e.g. plaanned maintenance, telecoms change, account creation) and depending on the type of change authorisation is sought from the appropriate staff/managers or directors who will approve, reject or seek further information. Change management includes a risk assessment process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach MIGSOLV takes its vulnerability management seriously and takes a robust approach to minimising any risks.
All staff are trained on the need to be vigilant to social engineering tricks by unannounced visitors, seeming lost memory sticks or scam phone calls.
An external company is used to carry out penetration testing, and patches are tested and installed as required via the change management system.
Information on potential threats is from industry press and the operating system creator’s security bulletins.
Protective monitoring type Undisclosed
Protective monitoring approach MIGSOLV takes a proactive approach to system monitoring. MIGSOLV’s service desk is in operation 24/7 and system alarms are continually monitored. Robust procedures, including contact and escalation procedures are in place and regularly reviewed.
When potential compromises are discovered, a plan is made and the severity of the potential compromise guides the approach. In the severest cases a patch will be tested and applied immediately.
Incident management type Undisclosed
Incident management approach All staff have been trained to make notes, including noting timings, so that they can be written up on our incident report form.
An escalation process is in place, and contact details held in a file for all key suppliers and customer contact details.
After the incident has been stabilised, further investigation is carried out to determine the cause, impact and technical details. This includes root cause analysis and a plan to put procedures in place (if possible) to prevent a future occurrence.
Users report incidents via the Service Desk portal or telephone/
Emailed reports are provided to clients.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Red Hat Virtualisation
How shared infrastructure is kept separate With the VMWare system, a user is an individual authorised to log in to either ESXi or vCenter Server.

ESXi users fall into two categories: those who can access the host through vCenter Server and those who can access by directly logging in to the host from the vSphere Client, a third-party client, or a command shell.

Authorised vCenter Server users

Authorised users for vCenter Server are those included in the Windows domain list that vCenter Server references or are local Windows users on the vCenter Server host.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £0.026 per unit per hour
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑