SixSq

NuvlaBox

NuvlaBox is a turnkey private cloud and edge solution which is secure, affordable and simple to use. It includes a plug and play device with remote management & application update capabilities. A non-technical operator can easily and securely set up the appliance. Multi-cloud app store and unified dashboard simplify operations

Features

  • Remote access & management from any device
  • Simple set up in a few minutes
  • Built-in security
  • Secure web access
  • Reliable local connectivity
  • Supports hybrid cloud strategy
  • Local installation possible
  • Connectivity agnostic
  • Multi-cloud capabilities
  • Easily scalable as requirements change

Benefits

  • Minimal provisioning time means private cloud in an instant
  • Allows management of content on the move via remote access
  • Removes need for on-site IT expertise
  • Access to cloud support from industry experts
  • Supports business growth with scalable technology
  • Enables Smart Cities & edge computing
  • Extends service at network edge
  • Simplifies Big Data management
  • Reduces maintenance and update costs
  • Enables Internet of Things

Pricing

£15 to £300 per device

  • Education pricing available

Service documents

G-Cloud 10

983492311279939

SixSq

Louise Merifield

+41 77 4468 170

merifield@sixsq.com

Service scope

Service scope
Service constraints Software upgrades performed bi-weekly on Monday morning with generally no impact on service performance.
System requirements
  • The NuvlaBox must be on a network allowing NATing
  • Users must bring their own OS license, for example Windows

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Reporting available 24/7. Telephone and chat available Mon-Fri 9am-6pm
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Chat is available via a pop up tool from the website
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Silver service (standard): 24-hour response time. Service available business days, 9.00 to 17:00
Gold service: Same day response if ticket received before 16:00. Service available business days, 9.00 to 17:00
Platinum service: Same day response if ticket received before 16:00. 24/7 service
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started To help customers take full advantage of our services, we offer an optional comprehensive on-boarding service which includes training and on-site consultancy.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats On-line
End-of-contract data extraction SixSq will securely delete all data on contract end.
End-of-contract process Three months prior to the end of an agreed service term, SixSq will discuss extending the subscription and/or delivering alternative services.
Should the customer decide to cease obtaining the benefits of the service, SixSq will review all outstanding items with a view to closing the service with as little interruption and financial impact as possible.
SixSq will securely delete all data from the service.

Using the service

Using the service
Web browser interface Yes
Using the web interface Almost all features of the API can be managed from the web interface. This includes dashboard to manage appliances, applications, usage, monitoring, configuration and deployment.
Web interface accessibility standard None or don’t know
How the web interface is accessible Almost all features of the API can be managed from the web interface via https://nuv.la. This includes dashboard to manage appliances, applications, usage, monitoring, configuration and deployment.
Web interface accessibility testing None
API Yes
What users can and can't do using the API All features available via the web portal and command line client are also available via the API and is fully documented here http://ssapi.sixsq.com/
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats
  • HTML
  • PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface All features available via the web portal and command line client are also available via the API and is fully documented here http://ssapi.sixsq.com/

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources The NuvlaBox is a private solution, which can even be local to the customer organisation. It is therefore dedicated to the customer.
Usage notifications Yes
Usage reporting API

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach Encryption of appliance solid state disc is possible as an option.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls The management service back up is managed by SixSq. On-site NuvlaBoxes are backed up by the customer, unless arrangements are made otherwise with SixSq. the entire service is backed-up every four hours, ensuring that a restore following a catastrophic failure is possible with limited data loss.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability SixSq actively monitors and performs checks on all technical services and resources that underpin the NuvlaBox and its SlipStream central service with the aim of ensuring that the availability of the overall service in a given calendar month achieves a minimum of 99.50% availability.
If the availability of the service is less than the committed SLA, the customer may request compensation for the service within 30 calendar days of the service being deemed unavailable. This excludes emergency and planned maintenance.
Approach to resilience SixSq actively monitors and performs checks on all technical services and resources that underpin the NuvlaBox and its SlipStream central service with the aim of ensuring that the availability of the overall service in a given calendar month achieves a minimum of 99.50% availability.
Outage reporting Users are informed via the API and email alerts

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication We also integrate federated identity authentication based on SAML2.0, including for example eduGAIN, and OAUTH2.
Access restrictions in management interfaces and support channels Only SixSq support staff have access to management interface credentials. NuvlaBox customers can restrict access to their NuvlaBoxes, also excluding SixSq staff if they so wish
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach SixSq’s governance is rapidly evolving with the upcoming certifications toward ISO27001 and CSA STAR. Through this evolution, active and passive scans are implemented on our services to maintain a top mark in service security. SixSq builds defences within its products and deployed services.
Information security policies and processes Active, passive and regular security tests are performed on all SixSq services. This systematic approach allows customers to rely on our ability to detect vulnerabilities. Thanks to our rapid new release deployment rate (i.e. two weeks on average), we are able to roll out quickly standard upgrades to ensure no legacy software with known vulnerabilities is left running. Further, we follow of the latest trusted best practices in software and system administration, ensuring that we take advantage of the latest cyber defence knowledge.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach SixSq runs a strict and mature DevOps process including automated testing and security assessment prior to any release and system update. Every release is thoroughly documented including new features, bug fixes and migration procedures.
Vulnerability management type Supplier-defined controls
Vulnerability management approach SixSq performs self-assessment on a regular basis. In case of defect detection, our continuous integration service allows us to create a fix within minutes, including production deployment of that fix. We follow best practices compliant with CSA recommendations.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We perform self-assessment on a regular basis. In case of defect detection, our continuous integration service allows us to create a fix within minutes, including production deployment of that fix. We follow best practices compliant with CSA recommendations.
Incident management type Supplier-defined controls
Incident management approach Our Support Desk is a single and central point of contact and control for all incidents in our service. The support desk is managed by skilled engineers in order to provide fast and effective resolution.
The SixSq Support Desk co-ordinates incidents and provides triage to ensure the right team is working on the right incident. The Support Desk is web, email and telephone based. Tickets can be submitted 24x7x365 and must be submitted via the support dashboard or by email to support@sixsq.com. Under the standard contract, our call handling service is available 9am to 5pm Monday to Friday.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used KVM hypervisor
How shared infrastructure is kept separate All resources created by the users are by default private. Only if the user chooses to share with other parties is the data shared. Within a single customer organisation, multiple user accounts can be created to ensure group separation for large deployments, thus providing a multi-tenant setup, with user account isolation.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £15 to £300 per device
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑