Sarax Limited

Sarax network connectivity and infrastructure as a service

A fully configurable service that provides secure network connectivity and infrastructure as a service. The service is policy-driven, enabling users to implement greater levels of automation and orchestration for infrastructure tasks. Services include detailed billing, monitoring, log access, security, load balancing, clustering, and storage resiliency: backup, replication and recovery.

Features

• Fully configurable solution based on client requirements
• Interoperability with a wide range of services
• One platform supporting many infrastructure solutions
• Policy driven solution allowing unique user defined infrastructure configurations
• Service billed according to usage
• Flexibility to change configurations as demand changes
• Multiple UK datacentres provides resilience
• 24/7 support with user defined response times
• Internet connectivity across all UK Government networks
• Easy to expand and reduce service according to demand

Benefits

• Experienced Sarax consultants helping you to achieve a deliverable strategy
• Compliance with Digital by Default Service Standards and GSDM
• Ensures alignment with corporate business objectives and Enterprise Architecture (EA)
• Service dovetails with other Sarax Cloud support packages
• Compatible with agile or waterfall delivery approaches
• You will achieve state-of-the-art Cloud technology
• Aligns your objectives with the potential of the Cloud
• Drives maximum value from Cloud-based working
• We are completely impartial and offer independent advice

£5,024 to £25,102 a virtual machine a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.balaam@sarax.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

144072276058621

Contact

Mark Balaam
07775 930125
mark.balaam@sarax.co.uk

Service scope

• Service constraints: The ability to add move or change the Customer solution will be achieved via the Service Request process and may be subject to appropriate financial approvals.; ; VMs shall be decommissioned via change control and images will be shut down. ; ; Decommissioned machines shall be quarantined and can be restored to full operational state ; ; VMs shall be decommissioned via change control and images will be shut down
• System requirements:
  • Server minimum hardware, 2 CPUs, 8GB memory, 40GB storage
  • Install Microsoft .NET Framework 3.5.
  • Install Microsoft .NET Framework 4.5.2 or later.
  • A copy of .NET

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Tickets are responded to based on the SLA agreed with client. These SLAs reflect the priority of the service being supported. The faster guaranteed response times increase support costs.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Webcast accessible through new window initiated by application.
• Web chat accessibility testing: Inhouse testing by testing teams with continual user feedback on accessibility and usability.
• Onsite support: Yes, at extra cost
• Support levels: Tickets are responded to based on the SLAs agreed with client. These SLAs reflect the priority of the service being supported. The faster guaranteed response times increase support costs. Some example of agreed support levels are:; ; • Monday to Friday 09:00 until 17:30 excluding Bank Holidays. Only trained & qualified engineer's assist with support issues either remotely or on site.; ; • 7 days, 24 hours support including all holidays. Only trained & qualified engineer's assist with support issues either remotely or on site.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Sarax engineers work with clients through a discovery and assessment process to create an infrastructure requirements list based on current and future user demand and loading. This includes detailed billing, monitoring, log access, security, load balancing, clustering, and storage resiliency: backup, replication and recovery. Identifying SLA and high availability requirements. Application interdependencies, network configurations and security and compliance requirements are established. Subsequently a planning phase is executed to define the cloud infrastructure including services such as networking and security to ensure the right mix of storage. The pilot and testing phase validates the test data migration and synchronization, measures performance validates security controls. ; ; Client teams are supported through the migration, typically using a phased approach, to allow ongoing progress review and plan adjustment if material diversions from the plan occur. Migration is monitored, reviewed and adjusted accordingly and then transitioned into IT to successfully manage ongoing operations. We will work in partnership with clients to determine the business needs that drive change and will help identify the optimum information and technology to best meet those needs. ; ; Effective change management reduces the potential impact of any change upon the current service and ensures a faster response to implementing agreed changes
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: The client has complete control of how data is stored and managed within their virtual environment. Data can be extracted either from within the servers at any time.
• End-of-contract process: Clients may terminate the relationship with Sarax for any reason by providing notice and closing their account for the appropriate services. They may also scale back services depending on their requirements.

Using the service

• Web browser interface: Yes
• Using the web interface: Users will use the AWS Management Console.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Users have full access to the AWS Management Console
• Web interface accessibility testing: Inhouse testing by testing teams with continual user feedback on accessibility and usability.
• API: Yes
• What users can and can't do using the API: Bespoke API generation for each clients needs, allows a flexible approach to integration, each API will be tailored but will allow setup of services as required and changes where necessary. User constraints can be applied on a client by client basis.
• API automation tools: OpenStack
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility: Windows
• Using the command line interface: Through the command line interface users can setup a bespoke service, this allows a flexible approach to change where necessary. User constraints can be applied on a client by client basis.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: We scale resources in minutes as data requirements change . Users no longer need to wait to procure tapes, disks, and other IT resources to increase storage infrastructure. This ability to scale on demand improves operational flexibility, innovation, and business agility.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS and Azure

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • File-based backup applications let you choose which files and folders
  • Restore individual-files or folders or restore to a different server
  • Amazon S3 services
  • Elastic file system
  • Block storage
• Backup controls: User can cost-effectively archive items. The S3 Glacier and S3 Glacier Deep Archive are designed to deliver up to 99.999% durability, users can create nightly backups, and then store database backups in S3 and the S3 Glacier storage class for long-term archiving.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The solution can achieve 9.999 but will be tailored to a client's need through the bespoke design and configuration settings
• Approach to resilience: The load balancer is connected to the internet facing side of the WAF cluster and enables traffic to be shared between the WAF. If a WAF fails in the cluster, each WAF will be aware of the failure and traffic will be passed by the remaining WAFs. To enable inter WAF communications the instance security groups are configured to allow ports TCP 8000, TCP 8001, TCP 8002, TCP 32575, UDP 32576. ; ; The traffic which passes through the WAF is allocated to a service. Each service is load balanced between a group of attached servers. There is an option to change the load balancing type to prioritise servers which have more free resources, this is the preferred approach and will be tested alongside the other queuing options. ; ; The WAF will be configured to monitor the health of each server by recording the time it takes to access the DETS service. If a server is underperforming, traffic will be sent to the next server in the queue.
• Outage reporting: Via tailored reporting solutions, including email, notification and telephone.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Clients will have memorable passwords and phrases that they will be asked to validate before accessing services with our staff.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Sarax implements formal, documented policies and procedures that provide guidance for operations and information security. Policies address purpose, scope, roles, responsibilities and management commitment. Employees maintain policies in a centralised and accessible location. Line managers in association with our security team are responsible for familiarising employees with security policies. We are working to establish governance processes and policies in line with the CSA CSM 3.0.1 cloud controls matrix. Our goal is the reach CSA STAR level 1 within the next 12 months.
• Information security policies and processes: Sarax implements formal, documented policies and procedures that provide guidance for operations and information security. Policies address purpose, scope, roles, responsibilities and management commitment. ; ; Employees maintain policies in a centralised and accessible location. Line managers in association with our security team are responsible for familiarising employees with security policies. ; ; The output of internal security reviews include any decisions or actions related to:; ; • Improvement of the effectiveness of the ISMS. ; • Update of the risk assessment and treatment plan.; • Modification of procedures and controls that affect information security to respond to internal or external events that may impact the ISMS. ; • Resource needs. ; • Improvement in how the effectiveness of controls is measured

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Staging environment shall be used to test proposed changes prior to their deployment within the production environment. The Staging environment shall be configured to replicate the Production environment as far as practical. A defined change process will be agreed with each client.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: While vulnerability management is critical in traditional or cloud environments, workloads change more rapidly in the cloud. We adapt our approach for recurring scans, more automation and deeper analysis.; ; We scan often with no impact on workloads we run server analysis with no impact on running servers. We then prioritise with quick evaluation of real and residual risk of information systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We provide protective monitoring of platforms and applications within the infrastructure. We ensure that appropriate security events are passed to a appropriate log and audit system With automated and manual analysis tools to identify suspicious behaviour.
• Incident management type: Supplier-defined controls
• Incident management approach: We ensure that there are clearly identified support routes for reported incidents. We ensure monitoring is performed with appropriate contact details in order to report incidents. ; ; We ensure appropriate business continuity plans for disruptions to the cloud service. And ensure robust and reliable services with; Incident management plans for the infrastructure service.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Settings will be either configured at a global level or on a per tenancy basis. Settings may be globally set either as because technical / functional reasons mean they can only apply as a whole, or as result of conscious decision to enforce a particular setting.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Wherever possible we will comply with the EU Code of Conduct on Data Centres' Energy Efficiency The initiative is voluntary aimed at reducing the environmental, economic, and energy-supply security impact of data centres. We will where possible follow the code of conduct.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sarax has an 8-point plan to combat climate change, through our products, employees and our actions. We would be willing to discuss how we can measure these outcomes on each of the G-Cloud call off contracts. ; ; 1. Measure and Analyse Greenhouse Gas. We measure CO2 emissions through a number of several approved applications and we have a 5-year plan to reduce our emissions. ; ; 2. Reducing Energy Consumption. As a business Sarax follows best practice regarding energy consumption things simple things such as turning off the lights in the office in the evening, slightly lowering the heating or the air conditioning.; ; 3. Reduce Waste and Fight Obsolescence. We actively reduce the amount of waste we generate. Whether it is the industrial waste from installations to avoiding disposable cups, all of our staff and customers are encouraged to adopt an eco-entrepreneur mindset.; ; 4. Optimise Employees’ Transportation. As we know, transportation is one of the largest sectors of greenhouse gas emissions. We encourage employees to take public transit, to carpool with other colleagues living close by.; ; 5. Choose Greener Infrastructures and Equipment. We will always choose more environment-friendly infrastructures such as new printers, air conditioners, laptops, screens, bulbs or office materials.; ; 6. Choose Sustainable Suppliers. We strive to partner with suppliers who demonstrate they have good environmental practices we will change to more sustainable suppliers if the old ones refuse to change practices.; ; 7. Raise Awareness Among Employees, Clients and Other Stakeholders. We proactively raise awareness on our employees, consumers, through our guidance and reporting capabilities this best practices is then reproduced at home and transmitted to friends giving a snowball effect.; ; 8. Promote Environmentally Friendly Ways of Working. We promote flexible working patterns such as telecommuting and video conferences that avoid employees traveling by car for meetings with clients.

  Covid-19 recovery

  The complex global environment of factors such as the Covid 19 pandemic it is now more critical than ever to make it possible for us and our customers to continue their operations and help respond to the unique demands that businesses may be facing. ; ; Sarax has been in business for decades delivering the mission-critical work that keeps every organisation – especially those in the public sector – operational and successful. At this challenging time, our customers can count on us to support their organisation.; ; Sarax leadership is continually reviewing and assessing the landscape that now exists in the present and the future due to Covid 19, looking to appropriately respond to the crisis as it evolves. We believe that everyone’s health and welfare are a priority, as most of Sarax employees are now working remotely or from home. We have developed online collaboration capabilities to help ensure business continuity and we’re working tirelessly to help everyone stay safe while at the same time continuing to serve our customers. ; ; We will work with each G-Cloud call off contracts to define the levels of safe working and how we can assist in defining outcomes for Covid recovery in the geographical region where they are based.

  Tackling economic inequality

  Sarax has a number of initiatives that help tackle economic inequality. We will work with each G-Cloud call of contract to define the outcomes appropriate for that contract. We will then have a monthly reporting mechanism to demonstrate how these outcomes are being achieved. Some examples of these initiatives are: ; ; 1. Employment and education, Graduates. Sarax is proud to offer consulting, technology, and design graduate roles to kick-start graduate careers in all of our industry sectors. Successful candidates work on real projects, with real clients, all whilst being supported to gain as much as possible from the experience.; ; 2. Employment and education, Internship. Sarax offers a growing number of students the opportunity to sharpen their skills and find their place in the professional world. Typically our interns join for a year-long period, with a view to gaining experience whilst brining value to the business. The 12 months with us are filled with opportunities to network, learn new skills, attend training, take part in events, and much more.; ; 3. Business Growth and Creation, Prompt Payment. Sarax is committed to paying suppliers on time, giving clear guidance to suppliers and encouraging good payment practice. On average our suppliers are paid within 22 days following receipt of invoice.; ; 4. Business Growth and Creation, Supplier Diversity. Sarax is committed to working with small, diverse, high-quality suppliers. Our supplier diversity policy endeavours, on a good-faith effort basis, to work with and develop small, minority, and women-owned businesses. We are always looking for small and diverse suppliers that can deliver creative, high-quality products and services. Ultimately, our goal is to diversify our supplier base by encouraging these small and diverse suppliers to compete for business.

  Equal opportunity

  Sarax is an equal opportunities employer and is committed to ensuring that no person is discriminated in our company or supply chain for any reason. We have a number of initiatives that promote a diverse workforce and will work with each G-Cloud call of contract to define the outcomes appropriate for that contract. We will then have a monthly reporting mechanism to demonstrate how these outcomes are being achieved. Some examples of these initiatives are: ; ; 1. Accessibility. Sarax is committed to creating accessible technologies and products that enhance the overall workplace environment and contribute to the productivity of our employees, our customers, and our customers’ customers. We recognise the need for our applications, and our customers’ and partners’ products built with our tools, to be usable by the disabled community. Our accessibility philosophy definiens and recommends the corporate standards for accessibility and developing materials to train all employees so that they can successfully create products that meet those standards. ; ; 2. Mandatory training. Sarax promotes mandatory training for equality for all employees, this includes a compliance training programme and for employees and all new hires joining Sarax; ; 3. Harmony at work. As a business we embrace full inclusivity and belonging within a progressive modern workplace. We deliver education through our guidance catalogue for employees and customers. We aim to raise awareness and share best practices on improving wider representations amongst employees with protected characteristics.; ; 4. Modern slavery policy. Sarax is fully committed to a work environment and supply chain that is free from human trafficking and slavery. We will not tolerate or condone human trafficking or slavery in any part of our organisation, be it supply chain or internal.

  Wellbeing

  Sarax is committed to the well being of our employees, customers and the wider public. In particular we have developed solutions to addressing personal safety for all. We will work with each G-Cloud call of contract to define the outcomes appropriate for that contract. We will then have a monthly reporting mechanism to demonstrate how these outcomes are being achieved. Some examples of these initiatives are: ; ; 1. Targeted Wellbeing Campaigns. Sarax utilises the imabi Pro workplace application that provides targeted wellbeing campaigns such as sleep training, mindfulness, and mental health awareness. We use imabi as a wellbeing communication channel, with all employees now utilising the application with high levels of engagement. A monthly wellbeing employee newsletter is generated and delivered to employees with a dedicated application containing all the available resources in one place.; ; 2. Wellbeing Training. Imabi regularly delivers both manager and employee training on a variety of wellbeing topics, including mental health, which are available in real-time and on demand. Examples include, Stress Awareness and Mental Health. We also provide employees and their dependants with access to a free and confidential Employee Assistance Programme, offering emotional and practical support should they need.

Pricing

• Price: £5,024 to £25,102 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.balaam@sarax.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.