Daisy Communications Ltd

Daisy Infrastructure as a Service

Daisy provides Infrastructure as a Service from multiple data centres located across the UK. The platform provides customers with a virtual environment (using VMware ESX hypervisor) for all the elements required to deliver an IT service, providing flexibility, scalability and security to the solutions and customer environment.

Features

  • Infrastructure as a Service provided from multiple UK data centres
  • Virtual environment using VMware ESX hypervisor
  • Enterprise class components for server, SAN, network and security
  • Managed in line with industry good practice
  • Accredited to industry standards including ISO27001 ansd IL2
  • Daisy data centres are connected by 10Gb MPLS between locations
  • Carrier-neutral data centre connectivity
  • Breakouts use the 10Gb MPLS at multiple Tier-1 peering points
  • Infrastructure is monitored 24x7 to maintain performance and availability
  • Backed up to a secondary data centre to facilitate DR

Benefits

  • Provides flexibility, scalability and security to the customer environment
  • Your OS, databases and applications monitored and managed for you
  • Enables greater agility, better service and lower costs
  • Work smarter, faster and more cost effectively
  • Enables flexible provision of IT services across your organisation
  • Opex model reduces stress on capital budgets
  • Quality of service is assured by SLAs
  • Provides better levels of service to your users
  • Supports a flexible or mobile working policy
  • Reduces complexity and risk of transitioning to a new service

Pricing

£41.20 to £41.20 per server per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

910215328869147

Daisy Communications Ltd

Andy Riley

01282608967

andy.riley@daisygroup.com

Service scope

Service scope
Service constraints None
System requirements
  • 1 Mb (or higher) internet connection
  • Microsoft Windows, Red Hat Linux or Android
  • Microsoft Internet Explorer 7 or Android

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Varies with severity
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Priority Response Update Frequency Resolution Time Description
Priority 1

All incidents categorised as security incidents are treat as P1 Within 15 minutes Every 30 minutes unless otherwise agreed with customer In accordance with the availability within a service line, as defined in service credits

With a target resolution of 2 hours Cloud specific: critical business impact, such as all users are unable to function within a service line
Priority 2 Within 15 minutes Every 2 hours Within 4 hours Cloud Specific: high business impacts, such as all users at a single site are unable to function within a service line
Priority 3 Within 15 minutes Every 6 hours Within 12 hours Cloud Specific: medium business impact, such as single user cannot function within a service line
Priority 4 Within 15 minutes Every business day Within 2 working days Cloud Specific: low business impact, such as setting up a new user.
Priority 5 Within 15 minutes N/A On agreement with the customer Routine business impact, such as a requirement for future work

Single support level included in pricing

Technical account manager can be provided
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Daisy is able to provide end user training and all applicable user guides and documentation for the operation of the service.
Additional training is available. Should this be required, prices are available on request.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Customers will be able to extract any customer data from the servers and are not limited to the type of data that can be extracted. The type of data that can be extracted includes any customer generated content, metadata, structure and configuration data. There are several available tools that allow customer data to be extracted from VMware environments, these include free to use tools. Daisy does not charge for data extraction, however some data extraction tools may need to be purchased if the current tools do not meet the standards required by the customer.
Daisy is happy to provide assistance when a customer needs assistance with data extraction/migration to another supplier. This will be charged at our standard daily consultancy rate.
Individual files generated in the virtual environment can be extracted in the same format as they were created.
A VMware OVF, VMDK or ISO image file is also available to extract from the environment.
Daisy will purge and destroy all customer data from any computers, storage devices and storage media at the end of the contractual period in line with ISO 27001 standards.
End-of-contract process Off-boarding from the Daisy infrastructure will follow the appropriately documented process. This will involve the extraction and removal of the customer data and customer-specific information from the Daisy platforms.
Data extraction at contract termination
Customers will be able to extract any customer data from the servers and are not limited to the type of data that can be extracted. The type of data that can be extracted includes any customer generated content, metadata, structure and configuration data. There are several available tools that allow customer data to be extracted from VMware environments, these include free to use tools. Daisy does not charge for data extraction, however some data extraction tools may need to be purchased if the current tools do not meet the standards required by the customer.
Data formats
Individual files generated in the virtual environment can be extracted in the same format as they were created.
A VMware OVF, VMDK or ISO image file is also available to extract from the environment.
Purging and destroying customer data
Daisy will purge and destroy all customer data from any computers, storage devices and storage media at the end of the contractual period in line with ISO 27001 standards.

Using the service

Using the service
Web browser interface Yes
Using the web interface A self-service portal of Daisy’s service management tool will also be provided to enable the logging and resolution of new incidents, service requests, changes and tracking the status of open tickets.
Web interface accessibility standard None or don’t know
How the web interface is accessible Users can see the logging and resolution of new incidents, service requests, changes and tracking the status of open tickets.
Web interface accessibility testing None
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Our customers are logically separated on the platforms, at compute, network and storage levels with minimum and maximum resource guarantees throughout, which ensures each customer cannot exceed their allotted allocation without prior change notifications in to our Operations & Engineering teams.
Usage notifications No

Analytics

Analytics
Infrastructure or application metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls This enterprise-class solution enables Daisy to provide a unified backup and recovery platform spanning all our customers’ solutions today, while also ensuring that new applications, operating systems and databases will be supported on release, without the need to undertake changes to the back-end infrastructure in the future.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service availability service level
Service availability achieved within any month shall be calculated monthly as follows:
(Total online hours of availability – service downtime) x 100%
Total online hours of availability
The service availability calculation above will exclude any time which occurred as a result of events outside the control of Daisy.
In the event the service availability service level of 99.9% is not achieved when measured over a monthly period, the following service credits shall apply.
System availability achieved Applicable service credit
99.9% to 100% 0% of the monthly charge for the affected service line
99% to 99.89% 5% of the monthly charge for the affected service line
98% to 98.9% 10% of the monthly charge for the affected service line
Less than 98% 15% of the monthly charge for the affected service line
Approach to resilience Daisy operates its own 100Gb low-latency Core network and resilient MPLS network, with all data centres on-net
Daisy’s Internet feeds into the data centres are delivered over our resilient core 10Gb MPLS network into peering points at Harbour Exchange and Telehouse Points Of Presence (POPs).
The Storage Area Network (SAN) used by the IaaS platform, is delivered by high-performance, resilient fibre-based SAN architecture
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Where access to customer infrastructure is required, Daisy uses a secure backup and admin connection to components for monitoring, support and backups. All traffic across this connection is secure and segregated.
For remote access requirements for support services, Daisy can provide two-factor authenticated remote access via the internet to administer the server infrastructure using SSL-VPN access.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 13/09/2013 original certification
What the ISO/IEC 27001 doesn’t cover Scope is all Daisy sites and services requiring security certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Through the establishment of a
comprehensive security framework, Daisy shall
demonstrate a commitment to protect all
assets that support the delivery of business
objectives and address all legal, regulatory and
contractual obligations.
The following ISO27001 Group clause &
objectives are referenced within this
document:
Clause 5, &
Control objectives: A6, A9, A11, A13.2, and A14
Data Protection Policy
Site Security Policy
CCTV Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Daisy’s ITIL v3 aligned service management tool meets ISO 27001 guidelines, governing core ITIL processes including, but not limited to, incident, problem, change, release, configuration, service level management and service catalogue functions
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability scanning is included in the Daisy security framework, to help monitor the effectiveness of existing security controls and identify any weaknesses.
The IT security Manager in consultation with Head of Compliance shall coordinate vulnerability scanning activities including:
 identifying the scope of testing
 monitor manufacturer and vendor sites for information updates regarding vulnerabilities Should the vulnerabilities be assessed as not posing an immediate threat to operations, security patches or code fixes shall be subject to change control requirements ( testing etc.) prior to deployment.
Daisy support record activities in a service management ticket for tracking and audit purposes.
Protective monitoring type Supplier-defined controls
Protective monitoring approach • Monitoring of our platforms is done from our segregated and ISO27001 compliant management platforms, we protect the platform itself and its perimeter edge with Daisy owned and operated solutions, not in any way tied to logical customer implementations within these platforms. Each customer as part of a Managed Service has our standard security and monitoring products deployed with pre-agreed alert classifications and thresholds set as part of our typical managed service. Potential compromises are identified in our centralised monitoring solution, with accompanying detailed information of the platform and customer which auto generates an incident in our ticketing systems.
Incident management type Supplier-defined controls
Incident management approach Predefined processes are in place for common events
Users can report incidents via the web portal or email
in the event of an incident Daisy will Issue customer updates as per the agreed frequency on the progress of a resolution or workaround. This may include initiating and leading conference calls, bridges or meetings.
Create MI reports where required, validating content is customer appropriate. Issue to service delivery management.
Publish the MI report to the customer as defined by the customer SLA.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £41.20 to £41.20 per server per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A trial of the Infrastructure as a Service platform, providing CPU, RAM and storage, is available to customers for evaluation purposes. Access to the service can be provided following a formal request to our sales department. Daisy will forward relevant login details and provide access for up to 30 days.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑