Central Technology Ltd

Cloud Backup - Veeam Cloud Connect with Immuitibility (VCC)

CT's Veeam Cloud Connect (VCC) service provides a fully integrated, fast and secure way to backup and replicate data into our secure cloud repository. This applies to physical and virtual backups as well as replication of VMs (virtual machines) without the cost and complexity of building and maintaining offsite infrastructure.

Features

• Simple pricing, 30 days free trial, no charge, no risk
• VM-level and file-level restores
• AES 256-bit data encryption applied in flight and at rest
• Supports VMware & Hyper-V virtual machine backup
• Backup and protect enterprise employee endpoints with free agents
• Secure and compliant to government standard
• Flexible storage quotas
• No VPN Required - connection secured with SSL
• Single management console which is enterprise level ready
• No second site investment required for off-site backup copies

Benefits

• Storage agnostic removing comparability concerns
• Meets 3-2-1 best practice backup rule
• Setup and operational in minutes through the Veeam Management Console
• Industry leading backup technology designed for virtualization and cloud infrastructures
• Enterprise level analytics to accurately forecast future backup storage needs
• Simple pricing calculator ensures you know exactly what your paying
• ISO 27001 and 9001 accredited by BSI
• You control your backups, managed from your on-premise management console
• Free 30 day unlimited functionality trial available

£18 a terabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

114313755804662

Contact

Robert Longden
01246266130
gcloud@ct.uk

Service scope

• Service constraints: Support is for the cloud connection service only, the client is responsible for their on-premise Veeam backups.
• System requirements:
  • Veeam Availability Suite or
  • Veeam Backup Essentials or
  • Veeam Backup and Replication or
  • Veeam Agent for Server or Workstation

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CT are an ITIL aligned service desk who use the Impact and Urgency model to drive the incident priority level.; ; Any CT infrastructure issues customer effecting will have the highest priority (P1) assigned. This attributes a 20-minute response although our infrastructure are consistently monitored 24/7 and updates provided every hour.; ; For operational questions, these will be raised as a service request and raised as a low priority (P4) request. This attributes a 4 hour response.; ; Note: Support is for the cloud connection service, the client is responsible for their on-premise Veeam backups.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CT's operational teams are aligned to the ITIL framework and use the Impact & Urgency matrix to determine the incident priority (P 1-4).; ; Our standard SLA which are applied across our services are:; ; P1 - Critical - 20 mins response; P2 - Critical - 40 mins response; P3 - Critical - 2 hours response; P4 - Critical - 4 hours response (Service Requests); ; The service desk monitoring tools and management team consistently review the SLAs ensuring the high levels of customer engagement are delivered throughout the incident life-cycle.; ; Onsite support from our dedicated engineer team is available at an extra cost and is only where all remote services have been unsuccessful in resolving the issue.; ; During the on-boarding phase one of our Veeam product specialists will ensure that the service is established, before completing a handover into our internal account management sales support team. This team will take over the client management and be in regular contact ensuring that the service continues to meet and where possible exceed your expectations.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial configuration assistance and an optional seeding service (for large data sets or slow connectivity links), along with assisting with any issues with initial replication job configuration.; ; You will have access to support documentation, unlimited telephone/email support for the initial set up.; ; Free trials are offered by CT to allow customers to thoroughly test the product. There are also a great deal of user documentation available direct from Veeam's help centre.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is securely encrypted and is controlled from the Veeam console within your full control. Customers can restore their data up until the point of the contract ends.
• End-of-contract process: Data is held encrypted for the remaining period of the contact, up until the renewal date. At the end of the contract, the customer may decide to renew/change/cease the Veeam service. To renew the service no changes will need to be made. If changes are required then this can quickly be achieved by contacting your account manager at CT with your requirements. To cancel the service, all data will be removed and the repository will be deleted.

Using the service

• Web browser interface: Yes
• Using the web interface: CT utilises the Veeam availability console which allows monitoring and management of the service.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Each customer is allocated a unique user credentials to access the web interface though a web browser.
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: For further information and details in relation to the Veeam API services, please visit:; ; https://helpcenter.veeam.com/docs/vac/rest/vac_rest_api_reference.html?ver=30
• API automation tools: Other
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: CT utilise logical resource segregation and resource allocation to each environment. When customer approach resource limits, auto-scaling can be applied to a predefined upper agreed limit to allow a customer to grown without any disruption to their service.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other
• Other usage reporting: Our Cloud Service support engineering team will proactivly inform customers of any increased usage through our PSA tool though managing alerts configured in line with the original agreed signed service proposal or service description.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Disk
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: The customer can configure AES-256 encryption.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Hypervisor, VMware, HyperV, Xen
  • Virtual Machine Instances
  • Files
  • Databases
  • Applications
  • Operating Systems
  • Office 365 email
• Backup controls: Each customer has a dedicated UI within the Veeam console to easily manage backup routines, set retention policies, invoke restoration, set data sets etc.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: AES-256
• Data protection within supplier network: Other
• Other protection within supplier network: CT ensures that data is segregated with the use of VLans throughout the network.

Availability and resilience

• Guaranteed availability: Availability Service Credits as % of Monthly VCC Backup Service Charge; ; <99.99%-99.85% - 5%; <99.85%-99.7% - 10%; <99.7%-99.5% - 20%; <99.5%-99% - 25%; <99% - 50%
• Approach to resilience: Multiple IP transits with diverse routing between Tier 3+ Data Centres ensures that the levels of resilience for the service are in-place.
• Outage reporting: CT will issue customer notifications followed by an RFO within 10 working days.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: CT implement role based access control to restrict access control within the service.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 08/09/2021 (first registered: 26/02/2013)
• What the ISO/IEC 27001 doesn’t cover: CT apply the ISO 27001 accreditation across the whole of its services and not just specific functions of the business.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CT are internally audited and externally assessed on a regular basis as well as formally annually by BSI to ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CT operates a change control process in-line with our ISO 27001 procedures. This covers all the components and services delivered by CT.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CT's Security Steering Group uphold the Risk Management Policy which is aligned to ISO27001 Information Security Risk Management. This ensures risks are identified, evaluated and treated appropriately in an ongoing basis.; ; An OWASP scanner is in-place to run regular scans for detecting of vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CT is certified to ISO 27001 Information Security Risk Management. This ensures protective monitoring is in-place to identify any risks. These are evaluated and then treated appropriately in an ongoing basis by CT's dedicated infrastructure team.; ; Protective monitoring alerts are managed on a 24x7 basis.
• Incident management type: Supplier-defined controls
• Incident management approach: CT operates under the ITIL framework for Incident Management as well as the ISO 27001 standard.; ; For all Priority 1 (Critical) incidents, Root Cause Analysis (RCA) reports are provided to customers within 10 business days of the incident resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Veeam Cloud Connect customers are assigned separate user credentials to ensure segregation between the data and instances.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CT's datacentres use the latest energy saving technologies throughout the sites: cold aisle containment and free cooling chillers.; ; Cold aisle containment is still a new but relatively simple idea to get the best efficiency from air conditioning units, ensuring that air at the most optimum temperature flows through the servers. This ensures that sound and vibrations are kept to a minimum, which in turn maximises the energy efficiency of the units without compromising the capacity.

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  As an equal opportunity business, all of our services ensure that it can be consumed and managed of equal opportunity.

Pricing

• Price: £18 a terabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: CT provides a 30 day, unlimited functionality, free trial for Veeam Cloud Connect with up-to 5TB of available storage on request over an internet-based connection.
• Link to free trial: https://www.ct.co.uk/cloud/secure-cloud-backup

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.