NaviSite Europe Ltd

NaviCloud

NaviCloud is built on VMware ESX technology and provides an IaaS platform that enables clients to seamlessly migrate or integrate workloads currently virtualized using this hypervisor. Navicloud provides compute, storage and an array of bolt-on security and managed services to enable migration and robust delivery of applications.

Features

  • VMware based IaaS Platform
  • Managed Services Available
  • Hybrid Solutions
  • Security and Compliance Services
  • 24x7x365 Managed Support
  • UK Based Cloud Nodes
  • API Integration
  • Managed On-boarding and Migration
  • Managed Application Services
  • Proactive Monitoring, Reporting and Support

Benefits

  • Assistance in the Design and Architecture of platfroms
  • Managed Migration Options
  • Maximize application configurations with flexible network architectures.
  • Decrease capital expense (CapEx) via a pay-as-you-go pricing model.
  • Trust routine management and maintenance to Navisite’s experts
  • Seamlessly integrate Hybrid and Multi-cloud Solutions
  • Self-Service IaaS available for agility and control
  • Access via the Proximity portal, vCloud Director and APIs
  • Support for enhanced security and compliance
  • UK Cloud Nodes in Secure UK Facilities

Pricing

£30 per virtual machine per month

  • Free trial available

Service documents

G-Cloud 10

887544120976821

NaviSite Europe Ltd

Jon Green

0800 6122933

jgreen@navisite.com

Service scope

Service scope
Service constraints There are no constraints - maintenance windows are arranged with client consent, all server and network configurations are customisable, to the specific client needs.
System requirements
  • We offer various machine templates for Windows and Linux
  • Customers may import their own server images and templates
  • We can supply OS and Software licenses
  • Clients can use their own application licenses

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Urgent Tickets are responded to within 15 minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels 99.999% Availability on NaviCloud VM's
15 Minute Response to Urgent Tickets
Service Manager and Account Manager
24x7x365 Technical Support Avialble by Email, Portal or Phone
Infrastructure and Network Monitoring
Application Monitoring and Support
Enhanced Security Services (IDS, IPS, FIM, Log Management)
Managed OS (Patching and Support)
Compliance Support and Professional Services
Solution and Platform Design Services
Migration Support and Project Management
Database Administration Services
Physical Remote Hands Support
Backup and Restore
Managed Business Continuity
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We can provide managed on-boarding with design, migration and build services.

For self-service clients we provide training, an online Wiki and extensive user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users can export OVF server images and backup files. Or our support teams can copy data to media and ship these to the end user
End-of-contract process At the end of the contract users can export their own data and server images. For an additional cost Navisite can copy server images and data to media and ship that media to the client. As part of this exit procedure we can also provide service documentation and arrange for secure erasure of all client data.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can use our Proximity portal to view real-time information on their solutions.
They can create custom reports and views
They can create and manage service tickets
For self-service clients they can use the portal to create and manage their infrastructure and network
The portal can integrate NaviCloud, Hybrid environments and some 3rd party cloud platforms - MS office 365 and Azure
Web interface accessibility standard None or don’t know
How the web interface is accessible Available via a secure web portal that can be accessed from any browser
Web interface accessibility testing None
API Yes
What users can and can't do using the API NaviCloud is built on top of VMware's vCloud Director (vCD). vCD has a RESTful XML-based API interface that allows you to programmatically access and manage your virtual assets. API's can be used to create machines, power up/ down machines, clone machines, create auto-scaling; API's can also create, power-up/down and configure network resources.
API automation tools
  • Chef
  • Puppet
  • Other
Other API automation tools VMware Vrealize
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface Service must be set up via our orchestration portal. But then individual machines may be accessed by CLI; users can use CLI to amend configurations, power up/ power down VM's; create network rules and configure network devices.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources We manage capacity on the platforms, adding additional resource when average usage reaches 70% on Compute. We do not contend RAM. We can also create hybrid solutions for those solution elements that require guaranteed resources (i.e. guaranteed IOPS)
Usage notifications Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Application monitoring (synthetic transactions and custom monitors)
  • Security Monitoring and Log Review
  • Database Monitoring
  • Backup Monitoring
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Secure archive of encrypted backup data to offsite locations.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machine Images
  • Databases
Backup controls Self-service users can select the files or machines they wish to backup and the frequency and retention of those archives. These jobs can be triggered manually or set to an automated schedule.

Managed backup services are available including validation of backup jobs and test restores.

Dedicated backup solutions can be provided, including archive to psychical media and secure offsite storage.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks We can use native encryption functionality on our storage platforms to provide encryption-at-rest.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network We use segregated VLANS and deliver dedicated network segments for each customer.

Availability and resilience

Availability and resilience
Guaranteed availability SLA is measured as a percentage of monthly availability.
Standard SLA is 99.999%
Service credits are paid as follows:
99.99 - 99.998% 2% of monthly fee
99.9 - 99.98% 7% of monthly fee
99.5 - 99.89% 12% of monthly fee
99.49 - 99% 25% of monthly fee
<99% 50% of the monthly fee
Approach to resilience We have multiple cloud nodes, in geographically diverse locations, connected by a resilient fibre ring.
All Datacentre's are minimum Tier III
At the platform level all elements are designed for high-availability
VMware VMotion is native to the platform to ensure seamless recreation of a failed VM.
Users can also replicate environments between cloud nodes, using Zerto or other replication tools.
Outage reporting We report outages via our secure portal, email and we contact clients via telephone during any significant service disruption.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Segregated bastion hosts with individual, randomized passwords generated uniquely for each session. Full access logs are kept for 12 months. Access controls are externally audited. Remote admin access is further secured using two-factor authentication.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certification Europe(UK) Ltd
ISO/IEC 27001 accreditation date 13/12/2017
What the ISO/IEC 27001 doesn’t cover Source Code (VMware are responsible)
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NQA
PCI DSS accreditation date 31/11/2016
What the PCI DSS doesn’t cover Certification is for physical location and physical security controls. However we do design and manage PCI compliant solutions for our clients, adding enhanced logical security controls and working with our clients QSA to help them pass audit at additional cost.
Other security certifications Yes
Any other security certifications
  • SSAE16 SOC 1
  • SSAE 16 SOC 2
  • ISO27001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards SSAE16
Information security policies and processes Security is certified to ISO27001 & SSAE16 - additionally our Woking site is a UK Government List-X rated facility. SSAE16 controls are audited annually by Ernst and Young; ISO controls are audited bi-annually

Logical security follows SSAE16. Policies and process are audited annually by Ernst and Young. We include policies for securing networks infrastructure and applications; policies for managing people (staff and contractors/ sub-contractors) and for securing human access to systems and data. Policies that cover the the encryption, storage and transmission of client data. Policies that deal with how we respond to security incidents.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Following ITIL; Naviste supports Service Requests and Requests for Change, with the latter triggering the Change Management Process. All changes require review and approval. The approval level varies depending on the risk and impact of the change. This can be from technical peer review through to full CMRB review and sign-off. Changes can be initiated by both NaviSite and the customer and all chnages that might impact a client environment, require customer notification and approval. Client requested Changes are validated only after the appropriate authorisation in writing is received from a Customer contact with the Signatory role.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Navisite deploy network-based security solutions , which include intrusion protection, vulnerability management, and compliance automation to help protect networks from threats that bypass perimeter, desktop, and server defenses. For vulnerability management we use we use 3rd party IDS tools, combined with integrated vulnerability scanning. Threat signatures are assessed against a variety of "known threat" databases. Patches maybe part of regular scheduled work; or could be as a result of a discovered vulnerability, dealt with via our emergency maintenance policies.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Navisite use a variety of 3rd party tools to detect and mitigate network based threats; to aggregate and review log files; File Integrity Monitoring to review changes made to client systems and Application level monitoring and remediation to mitigate attempts to inject or change web code. our SLA for response to an urgent incident is 15 minutes. If a threat is to a specific to a single client, we will work in collaboratively to remediate. If a vulnerability poses a threat to other clients; Navisite may act to remediate unilaterally; following our emergency maintenance procedures.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Navisite follows ITIL based processes for incident management. Incidents are categorized by severity of impact; escalations in categorization can be requested by the end-user. Severe incidents are responded to within 15 minutes; a client telephone bridge is opened and incident manager appointed who co-ordinates resources in trouble-shooting. Client communication may be constant via the open bridge, or at regular intervals agreed with the client. Root Cause Analysis and Remediation detail are delivered to the client in a formal Incident Analysis Report; typically delivered within 48 hours after resolution.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Separate containers, separate VLANs; individual virtual or physical firewalls; separate LUNs for each client and we can also build hybrid solutions with dedicated hardware connected to shared cloud infrastructure.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £30 per virtual machine per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Trial can include access to a limited amount of compute, storage and network resource for a fixed period, generally a month. We can also work with clients to build Proof-of-Concept environments that might also test support and other services; these PoC projects may be free of charge or at cost.

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑