ANS Group

Containerisation

ANS Private Dedicated Container Platform Services can provide dedicated bare metal, virtual machines or hybrid infrastructure running one or more Kubernetes clusters managed via Rancher. This provides a secure, flexible and scalable environment with a performant and redundant platform designed for rapid automated application deployment.

Features

• Dedicated and secure
• Kubernetes/Rancher based infrastructure.
• Can be installed on bare metal or our eCloud portfolio.
• Based on proven Open Source technology.
• Small initial footprint that can scale effectively.
• Interoperable with existing ANS solutions.
• API Scriptable.
• Consultancy process compliant with ITIL best practice.
• Highly qualified, UK-based, certified support available 24/7/365

Benefits

• Container based application deployments promote faster development.
• Consistent way to run code locally, in staging and production.
• Simplifies testing and debugging by removing environmental inconsistencies.
• Containerised applications require less resource compared to VM based deployments.
• Server resource is dedicated to running applications giving better density.
• Kubernetes includes functionality for rolling deployments and automated rollback.
• Reducing risks when deploying application code to production environments.
• UK-based, ISO-accredited data centres, owned and operated by ANS.

£165 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@ansgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

104044935932077

Contact

Anthony Maxwell
+44 (0) 1612271000
tenders@ansgroup.co.uk

Service scope

• Service constraints: All planned maintenance is covered by a mandatory 5 day notice period. We reserve the right to conduct unplanned emergency maintenance where necessary, but will always make reasonable efforts to inform impacted customers before work commences. Support is limited to services, hardware and applications provided by ANS and does not extend into the customer's application stack.
• System requirements:
  • Proof of license ownership for customer-provided Microsoft licenses
  • Customers must adhere to fair use policy and ToS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Calls are responded to within 6 rings. Service Ticket response time is dependent on the criticality: 1. Critical - Immediate Response 2. High - Response within 10 minutes 3. Medium - Response within 1 hour 4. Low - Response within 4 hours 5. Very Low - Response within 24 hours. The standard SLA response times are applicable from 09:00 to 17:00 Monday to Friday (excluding UK Bank Holidays). 365/24/7 Support is also available as a service at an additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via an online portal
• Web chat accessibility testing: None.
• Onsite support: Yes, at extra cost
• Support levels: All ANS customers have access to ticket and telephone-based support, unless they choose to take an unmanaged service.; ; Customers have access to a named Account Manager who takes overall responsibility for the customer's commercial, technical and support relationship with ANS.; ; Customers are assigned a support "pod" based on the type of solution they have with ANS. This ensures customers will always be supported by the same core team of support engineers who are technical experts in their particular solution.; ; Enterprise and public sector customers also have access to a named Service Manager in addition to their Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer services to enable seamless on-boarding and collaborate to design a bespoke solution to meet your requirements. An onboarding process would typically include - Discovery process / Timeline setting / Risk assessment / Implementation process / Quality Assurance
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the contract any customer data stored will only be extracted by ANS with the prior consent of the customer.; ANS shall purge and destroy (as defined in security accreditation for different ILs) customer data from any of its own equipment after the contract ends.
• End-of-contract process: A similar process to on-boarding is provided for customers wishing to leave ANS. We provide full transitional services at an additional charge (please refer to the pricing document for more details). An example phased off-boarding process is as follows:; 1. Discovery: ANS meets the customer’s new provider who will lead the project; 2. Timelines: Timelines are agreed where possible and alternatives offered when needed; 3. Risk: ANS identifies any risks that may not be apparent to the new provider or that are inherent to the ANS solution; 4. Implementation: ANS assists the new provider if needed; 5. Quality Assurance: ANS offers a debrief and review meeting if the new provider requires.

Using the service

• Web browser interface: Yes
• Using the web interface: Glass is the customer's web interface where they can manager all aspects of their solution - for example creating/managing/deleting/scaling virtual machines, managing reports and monitoring alerts, firewall configuration and more.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Glass is in the process of being rebuilt from the ground up. This will deliver a fully-accessible web interface.
• Web interface accessibility testing: Testing against WCAG has been performed to understand requirements for Glass rebuild.
• API: Yes
• What users can and can't do using the API: Manage Servers; Manage firewalls
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Puppet
  • Other
• Other API automation tools: Any appropriate tool can be used
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Service designed to scale within the capabilities outlined by the platform the containers are hosted upon.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Application Services
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Option to encrypt data at rest using additional applications.
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Folders
  • Virtual Machines
  • Databases
  • Operating Systems (Linux and Windows)
  • Microsoft Exchange Servers
  • Active Directory
  • Container State Files
• Backup controls: ANS will agree and implement a robust and granular backup schedule on the customer's behalf
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Via Private Network or Public Sector Network

Availability and resilience

• Guaranteed availability: Infrastructure availability - 99.95%; Availability is based on the total number of operating hours of a given calendar month and excludes planned and emergency maintenance.; Service credits of up to 10% of the standard monthly support fee are payable for any month where the availability SLA is not met.
• Approach to resilience: ANS owns and operates a 5.52MW tier 3 1,000 rack data centre estate. This contains multiple physically separate buildings, connected by dedicated fibre. High voltage power connections are provided from separate primary sub-stations. All mission-critical services including Standby Generation, Cooling systems and UPS (uninterruptible power system) are provided at N+1 or greater across the whole facility. The complex has a power density of over 6KW per square foot, providing diverse A & B power to each data rack, and all eCloud service platforms are supported from quadruple power feeds. The data centre complex is supported by 9MW of standby generation with over 100,000 litres of fuel storage and eight hour fuel supply SLA. All critical services are supported by 4.6MW of UPS power and 4.9MW of data centre cooling. The public sector hosting suite has fully resilient networking, switches, carrier-redundant leased lines, power and backup generators, all separated from the rest of the ANS network and data centre complex.
• Outage reporting: A public status page is available on the ANS website, which shows live status of our core network and infrastructure along with details of any incidents. Customer notifications are managed via our ticketing system accessible via Glass.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Separate accounts are required for Administrative Access, with authentication and authorisation controls applied to all Administrative functions. SSH access to the Virtual machines command line, and RDP sessions requires key-based authentication from a specified source location into a bastion host, which then requires further authentication and account escalation at each onward connection to the specific administrative services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Other
• Description of management access authentication: Management access is typically from dedicated OOB Management networks, external access is restricted by source address and requires key based auth to a bastion host server from which secondary logins and privilege escalation is required.
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LQRA
• ISO/IEC 27001 accreditation date: 06/04/2017
• What the ISO/IEC 27001 doesn’t cover: Any specific processes or procedures agreed with Accreditors or regulatory bodies where required to meet specific organisational requirements for protectively marked data.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: URM Consultancy Services Ltd
• PCI DSS accreditation date: 28/07/2021
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Advanced Security Architecture Account Manager Representative (CQS-ASAAMR - 1)
  • Advanced Security Architecture Field Engineer Representative CQS-ASAFER – 1)
  • Advanced Security Architecture System Engineer Representative CQS-ASASER -1)
  • Content Security Systems Engineer Representative (CH-CSSER – 1)
  • Cisco Certified Networking Associate Security (CCNA-Sec- 10)
  • Cisco Certified Network Professional Security Specialised ( CCNP-SEC -1)
  • Cisco Certified Internetwork Expert Security (CCIE-Security – 2)
  • ISO 27017:2015 - Information security controls for cloud services
  • ISO 27018:2019 - Protection of PII in public clouds
  • ISO 22301:2020 - Business continuity management systems

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Formal Accreditation from CyDR, Cyber Essentials, IASME Governance

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Internal ANS Change is managed through the application of standard project management process with all projects progressing through approval, CAB review and sign off by stage. All ANS Business Change includes the following managed stages (whether these are deployed on a formal or informal basis is determined by the size of the project, by cost, resource application and risk):; ; • Executive or Higher Management sponsor; • Business Case and Success Criteria; • Scope definition; • Documentation; • Risk & Opportunity assessment; • Milestone or stage review; • Stage sign off; • Final Review; • Testing; • Deployment; • Lessons Learned
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: ANS monitor threat sources, including CERT to gain information about potential threats. Vulnerabilities and Remediation activities are assessed to determine the priority, with patches being applied within the hour for critical security issues through to monthly patching for routine updates.; Though these are developed in line with ISO27001 and Cyber Essentials, the vulnerability management approach is dictated by the specific requirements of the Service and customer requirements.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: ANS employ protective monitoring services in compliance with Protective Monitoring for HMG ICT systems (formerly GPG-13).
• Incident management type: Supplier-defined controls
• Incident management approach: In addition to our ITIL based in-house incdient management processes, ANS provide compliance incident manaement for Government departments and their suppliers , providing communication, alerts, reporting and shared monitoring with customer security and assurance teams. Users should report incidents to the first line Service Desk team, either by phone, email or via the web-portal. Incident reports are provided as part of the reporting cycle, with exceptional RCA and incident reports provided for security incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: VLAN Separation
• How shared infrastructure is kept separate: Customers are offered their own dedicated hardware which is separated out at the Vmware layer. Independent network VLANs are offered to each customer and all virtual machines are housed behind their own dedicated firewalls. Finally, customers are offered their own storage partitions from either a dedicated or shared SAN implementation.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: As part of ANS's continual improvement programme, ANS will develop and implement an environmental management system which is in line with ISO 14001:2004 standard and contains only those initiatives which can be objectively audited.; ; In addition ANS will continually monitor and measure its Carbon Footprint as directed by the ISO 14064-1:2006(E) standard and guidance issued by both the DECC and Defra. Further, ANS will ensure that all ANS Business Operations may be demonstrated to be Carbon Neutral by adherence to the PAS 2060:2010 specification.; ; Through the ANS environmental programme, ANS will strive to:; ; Achieve 100% carbon neutrality for business operations.; To reduce business operation CO2e by 2%, year on year.; Achieve the award of a Carbon Trust Stamp for the ANS EMS and carbon offset actions.; Achieve 100% carbon neutrality for client solutions.; Continue to achieve independent, third party PAS 2060 certification in respect to demonstrating carbon neutrality.

Social Value

• Fighting climate change:

  Fighting climate change

  As a company built on our culture and values, we are committed to protecting the natural world and being socially responsible. From sourcing 100% of our electricity from renewable sources, to reducing the waste arising from commercial activities and increasing the percentage of waste recycled each year, we have instilled eco-friendly practices into everything we do. In the past few years ANS has:; - Sent over 10 tons of old servers for recycling with all profits going to charity; - Going 100% LED for our lighting in 2022, saving 50% in energy use; - We’re relocating data centre cooling equipment in 2022 to reduce the solar gains and save energy; - The majority of staff PCs are now laptops and we’ve removed old, inefficient computers; - We report our data centre energy use to TechUK and through our efficiency receive reductions in the climate change levy part of our electric bill; - We are ISO 14001 certified for environmental management and audited twice a year.; ; It doesn’t stop there. We encourage our employees to be environmentally conscious through our environmental training, cycle to work and electric car schemes, providing video conferencing tools and work from home programs to avoid unnecessary travel, targeted digital messaging and eco-friendly campaigns.
• Equal opportunity:

  Equal opportunity

  ANS recognises equity and fairness throughout the business and that discrimination in any form is unacceptable. Equal opportunities has long been a feature of our employment practices and procedure, that’s why we have an equal opportunities policy in place. Breaches of the policy will lead to disciplinary proceedings and, if appropriate, disciplinary action. ; ; The aim of the policy is to ensure no job applicant, employee or worker is discriminated against either directly or indirectly on the grounds of race, colour, ethnic or national origin, religious belief, political opinion or affiliation, sex, marital status, sexual orientation, gender reassignment, age or disability. We ensure the policy is circulated to any agencies responsible for our recruitment and a copy of the policy will be made available for all employees and made known to all applicants for employment. ; ; ANS are proud to be a Disability Confident Employer. The scheme, set up by the Department for Work and Pensions, is designed to help employers recruit and retain disabled people and people with health conditions for their skills and talent. As a Disability Confident committed employer, ANS is providing inclusive and flexible recruitment processes such as offering video interviews and supporting flexible working patterns where possible. We also ensure our workplace is suitable to support any employee that may have a disability.

Pricing

• Price: £165 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@ansgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.