Answers and Solutions ltd

Dedicated Server / Hardware Hosting Service. Any OS. Any application. Any Platform

This is a fully hosted server. It is unshared and supplied with a virtualisation platform. It will allow skilled IT administrators to install an operating system of choice and to maintain their own applications.

Available with up to 2 TB of RAM memory and a variety of Hard Disc sizes.

Features

• No Sharing of Software Systems with other G-Cloud users
• Higher capacity than a VPS Pool

Benefits

• No resource sharing so bespoke settings possible.
• Full access to the power of the Physical Server

£500 to £3,000 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

150089576675671

Contact

Christopher Wainwright
02920733722
Christopher.Wainwright@letsdiscuss.co.uk

Service scope

• Service constraints: We cannot support software apps installed on a Physical server. You will be responsible for Operating System support and application support.; ; From the GDPR perspective, they are provided on the understanding that you are acting as the data processor, and will fully secure the system and your data.
• System requirements: Your staff must understand how to support all products installed

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Online support requests will be acknowledged and users will be able to view the status of tickets.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Support is limited to server reboots, OS reinstalls and adjustment to the hardware provisioned.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide logon details on creation of a valid account. VPS only accounts must be pre-funded.
• Service documentation: No
• End-of-contract data extraction: Users can extract their data using the tools provided by their choice of software
• End-of-contract process: No professional services are included. Compute resources will be released on cessation.

Using the service

• Web browser interface: Yes
• Using the web interface: A dedicated server is primarily managed via a SSH client. The system will have a VPS management system installed.; ; Initiate server reboots / server status can view viewed from a web client
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: A dedicated server is primarily managed via a SSH client.
• Web interface accessibility testing: A dedicated server is primarily managed via a SSH client. There are several clients available.
• API: No
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Users have full root access. They can do anything that their chosen OS is capable of doing.; ; By default we do not provide access to the hardware KVM, but that can be provided. The security implications will need to be discussed and agreed upon.

Scaling

• Scaling available: No
• Independence of resources: You will be the only user on the server, all the physical resources is devoted to your usage. You will be sharing the data pipe, but this has adequate capacity. If you wish, you can order a dedicated data pipe.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Virtual machines can be backed up and restored.
• Backup controls: There is no control over this. Backups user data needs to be taken using backup facilities available via the installed applications
• Datacentre setup: Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Our networks systems are within a datacentre with the minimum of physical access. Virtual networking can be deployed, but if required, this would also indicate that the client has security concerns above the usual run-of-the-mill. They may need one of our other solutions with higher levels of isolation implemented.

Availability and resilience

• Guaranteed availability: The buyer will be eligible for one free days hosting for every hour the service was inaccessible to the buyers users, capped at 100% of the days in a free month. Planned maintenance events taking place at weekends or overnight are excluded. Details are in the service description document.
• Approach to resilience: Full details on request
• Outage reporting: A public dashboard available to customers will indicate any outages.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is restricted via strong passwords
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: WorldPay
• PCI DSS accreditation date: 31/12/2019
• What the PCI DSS doesn’t cover: A VPS is out of remit for our PCI DSS accreditation since there is nothing to be accredited.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Good Practice security governance is practiced. Our Physical server(s) are located in a restricted access datacentre. Strong passwords are enforced and stored safely.; ; ID's of clients appointed officers are stored and will be used to validate requests for support and assistance.
• Information security policies and processes: The staff at our office do not have physical access to the hardware, ensuring that data at rest is protected.; ; Username and password combinations are securely stored.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Not Applicable to a Dedicated Server
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Not Applicable to a Dedicated Server
• Protective monitoring type: Undisclosed
• Protective monitoring approach: For security reasons, we do not publish details of protective actions taken since such details substantially increases the risks we face.
• Incident management type: Undisclosed
• Incident management approach: Not Applicable to a Dedicated Server

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Linux KVM
• How shared infrastructure is kept separate: This service is hosted using purpose designed VPS management software

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Climate change is minimised by reducing CO2 emissions. We use an energy provider that has minimized its reliance on fossil fuel power generation and sources as much nuclear energy as possible. Renewable energy is included in the mix (hydro, solar and wind). Any shortfall is topped up by a small top up from fossil fuels. ; ; We also minimise power consumption by using shared infrastructures for some clients, and where a client requires a non-shared infrastructure, we minimise energy consumption using virtualisation techniques.
• Covid-19 recovery:

  Covid-19 recovery

  As part of our commitment to CO2 reduction and our commitment to Covid-19 recovery, we allow home working and use virtual meeting technologies as much as possible.
• Tackling economic inequality:

  Tackling economic inequality

  We place as much business as possible in areas that are short of opportunities. The economic advantages are obvious, but additional business advantages include those that accrue from having a stable workforce.
• Equal opportunity:

  Equal opportunity

  We provide equal opportunity and recruitment is based solely on ability. Individuals are free to hold any personal view they wish and no discrimination is permitted on those grounds
• Wellbeing:

  Wellbeing

  All staff are encouraged to have a healthy work-life balance. Staff are encouraged to exercise regularly and hold diverse interests. We offer a salary sacrifice scheme for all physically active recreational activities that meet this requirement, and undertake occasional team-building events in pursuit of the wellbeing criteria.

Pricing

• Price: £500 to £3,000 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.