DTP Storage Gateway powered by AWS

Service scope

Service constraints: The High Availability features of AWS Storage Gateway are currently only available for deployments in a VMware environment (on-premise, or VMware Cloud on AWS).
System requirements: VM with 4 or more CPUs

12 GB or more RAM assigned to VM

80 GB or more disk storage assigned to VM

On-premise VM implementation supports ESXi 6/7 or Hyper-V 2019/22 hypervisors

User support

Email or online ticketing support: Email or online ticketing
Support response times: AWS Support case response time depends on severity. The support response times for Developer, Business, Enterprise and Enterprise On-Ramp Support tiers are listed below:

Developer Support:
General guidance <24 hours; system impaired <12 hours.

Business Support:
General guidance <24 hours; system impaired <12 hours; production system impaired <4 hours; production system down <1 hour.

Enterprise Support:
General guidance <24 hours; system impaired <12 hours; production system impaired <4 hours; production system down <1 hour; business-critical system down <15 minutes

Enterprise On-Ramp Support:
Same as Enterprise, except response time when business-critical system goes down is <30 minutes

Information: https://aws.amazon.com/premiumsupport/compare-plans/
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Yes, at an extra cost
Web chat support availability: 24 hours, 7 days a week
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Authorised users can sign in to the Support Center at: https://console.aws.amazon.com/support/home#/ by using the email address and password associated with your AWS account.
Web chat accessibility testing: None
Onsite support: Yes, at extra cost
Support levels: Basic Support:
Included for all AWS customers, 24/7 access to customer service, documentation, whitepapers, and AWS re:Post, core “Trusted Advisor” checks, AWS Health dashboard. No designated Technical Account Manager (TAM).

Developer Support:
As above, plus business hours access to Cloud Support Associates, via email (one primary contact). No TAM. Minimum spend of $29 or 3% of monthly AWS usage charges.

Business Support:
As above, plus 24/7 access to Cloud Support Engineers via web, chat and phone (unlimited contacts); Use-case guidance, access to Trusted Advisor checks, AWS Support API; Third-party software support. Access to AWS Countdown Premium for an additional fee. Greater of $100 or spend-dependent percentage (pm).

Enterprise Support:
As above, plus proactive architectural reviews, cost analysis, consultative guidance. Access to TAM, training, AWS Countdown playbooks by AWS experts. For an additional fee, access to AWS Managed Services (AMS), AWS re:Post Private, and AWS Incident Detection and Response. Greater of $15,000 or spend-dependent percentage (pm).

Enterprise On-Ramp Support:
As above, plus concierge access to billing , pool of TAMs, security review, one AWS Countdown each year. AWS Countdown Premium available for an additional fee. Greater of $5,500 or spend-dependent percentage (pm).
Support available to third parties: Yes

Onboarding and offboarding

Getting started: DTP and AWS provide a range of resources to help customers get started on our services. These include: comprehensive documentation (in multiple formats), introductory videos, hands-on labs, online and in-person training, access to a large network of partners and support from the public sector account team.
Service documentation: Yes
Documentation formats: HTML

PDF

Other
Other documentation formats: Kindle
End-of-contract data extraction: Data may be copied out using AWS and HPE API tools to download data.
End-of-contract process: Buyer may terminate the relationship with Supplier for any reason by (i) providing Supplier with notice and (ii) closing Buyers account for all services for which Supplier provide an account closing mechanism.

Buyers pay for the services they use to the point of account termination. Please see the AWS UK G-Cloud 14 Pricing Document affiliated with this Service in the Digital Marketplace.

Supplier customers retain control and ownership of their data. Supplier will not erase customer data for 30 days following an account termination. This allows customers to retrieve content from Supplier services so long as the customer has paid any charges for any post-termination use of the service offerings and all other amounts due.

Using the service

Web browser interface: Yes
Using the web interface: The AWS Management Console provides a simple web interface for Amazon Web Services. Users can log in with your AWS account name and password. If you’ve enabled AWS Multi-Factor Authentication, you will be prompted for your device’s authentication code. Almost all functionality for each of our services is exposed through the AWS Management Console. It facilitates management for all aspects of the AWS account in a consolidated view whilst providing access to all services and their respective functionalities.

In some cases, specific configuration parameters of a service are dedicated to, and only available from, the AWS Command Line Interface, AWS SDK, or the API.
Web interface accessibility standard: None or don’t know
How the web interface is accessible: Authorised users can sign in to the Support Centre at https://console.aws.amazon.com/support/home#/ by using the email address and password associated with your AWS account.
Web interface accessibility testing: None
API: Yes
What users can and can't do using the API: All functionality is exposed via an API.
API automation tools: Ansible

Chef

SaltStack

Terraform

Puppet

Other
Other API automation tools: Wide range of third party services work with AWS APIs.

SDKs for Python, Ruby, PHP, JavaScript, Java, .NET, Node.js
API documentation: Yes
API documentation formats: HTML

PDF

Other
Command line interface: Yes
Command line interface compatibility: Linux or Unix

Windows

MacOS
Using the command line interface: All functionality is available via the CLI.

Scaling

Scaling available: Yes
Scaling type: Manual
Independence of resources: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.

Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.

AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.
Usage notifications: Yes
Usage reporting: API

Email

SMS

Analytics

Infrastructure or application metrics: Yes
Metrics types: Disk

Other
Other metrics: Cache metrics

Latency metrics

Performance metrics

Backup metrics
Reporting types: API access

Real-time dashboards

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: AWS and HPE

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Other
Other data at rest protection approach: AWS adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”).

AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).

Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed

Hardware containing data is completely destroyed
Equipment disposal approach: In-house destruction process

Backup and recovery

Backup and recovery: Yes
What’s backed up: Block Volume
Backup controls: Manual or scheduled API call.
Datacentre setup: Multiple datacentres with disaster recovery
Scheduling backups: Users schedule backups through a web interface
Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Bonded fibre optic connections

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Other
Other protection within supplier network: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. AWS gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.

AWS enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use.
API calls can be encrypted with TLS/SSL to maintain confidentiality; the AWS Console connection is encrypted with TLS.

Availability and resilience

Guaranteed availability: AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on our website via the link below: https://aws.amazon.com/legal/service-level-agreements/

Well-architected solutions on AWS that leverage AWS Service SLAs and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.
Approach to resilience: The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting: Public dashboard; Personalised dashboard with API and events; Configurable alerting (email / SMS / messaging).

Identity and authentication

User authentication: 2-factor authentication

Identity federation with existing provider (for example Google apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Other
Other user authentication: AWS’s Identity and Access Management (IAM) system allows you to control access to AWS services/resources. No actions are permissible without authentication. IAM facilitates the issuance of access permissions per user/group. MFA is available at no extra cost.

AWS CloudTrail allows you to log, continuously monitor and retain events related to API calls across your AWS infrastructure.
Access restrictions in management interfaces and support channels: AWS IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via Multi Factor Authentication devices. API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with IAM). API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Other
Description of management access authentication: AWS controls access to systems through authentication that requires a unique user ID and password. AWS systems don't allow actions to be performed without identification or authentication. Remote access requires multi-factor authentication. All remote administrative access attempts are logged and reviewed by the Security team for unauthorized attempts or suspicious activity. Incident response procedure is triggered in case of suspicious activity. AWS employs the concept of least privilege, allowing only the necessary access for users to accomplish their job. User access to AWS systems requires documented approval from authorized personnel.
Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: You control when users can access audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: EY CertifyPoint
ISO/IEC 27001 accreditation date: 22/11/23
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: Yes
CSA STAR accreditation date: 22/11/23
CSA STAR certification level: Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover: N/A
PCI certification: Yes
Who accredited the PCI DSS certification: Coalfire Systems Inc.
PCI DSS accreditation date: 13/12/2023
What the PCI DSS doesn’t cover: N/A
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: ISO 27017

ISO27018

SOC1/2/3

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: CSA CCM version 3.0

ISO/IEC 27001

Other
Other security governance standards: ISO 27017, ISO27018, Cyber Essentials Plus, SOC1/2/3
Information security policies and processes: AWS implements formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment.

Employees maintain policies in a centralised and accessible location. AWS Security Assurance is responsible for familiarizing employees with the AWS security policies.

AWS has established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives.

Policies are approved by AWS leadership at least annually or following a significant change to the AWS environment.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Changes to AWS services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.

Teams set bespoke change management standards per service, underpinned by standard AWS guidelines.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.

Emergency changes follow AWS incident response procedures.

Exceptions to change management processes are documented and escalated to AWS management.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/.

Security and Compliance is a shared responsibility between AWS and the customer, and the customer must perform some of the vulnerability management process. See https://aws.amazon.com/compliance/shared-responsibility-model/ for more details.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth-usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

AWS security controls are reviewed by independent external auditors during audits for our SOC, PCI DSS and ISO 27001 compliance.

Security and Compliance is a shared responsibility between AWS and the customer. See https://aws.amazon.com/compliance/shared-responsibility-model/ for more details.
Incident management type: Supplier-defined controls
Incident management approach: AWS adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase

To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.

The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Supplier
Virtualisation technologies used: Other
Other virtualisation technology used: AWS proprietary.
How shared infrastructure is kept separate: Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: AWS is committed to running our business in the most environmentally friendly way possible. In addition to the environmental benefits inherently associated with running applications in the cloud, AWS is focused on efficiency and continuous innovation across our global infrastructure. We are committed to powering our operations with 100% renewable energy by 2025. New servers purchased to host the cloud hosting for AWS data centers in the European Union (EU) meet the requirements of EU 2019/424 (“Lot 9"). More details are available via: https://sustainability.aboutamazon.com/environment/the-cloud

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

DTP takes its role as an environmental steward extremely seriously and is well advanced towards its target of being a Carbon Neutral organisation by the end of 2024.
DTP has invested significantly into achieving this for the last decade, with its own packaging re-cycling plant, and education and in-office recycling programs that mean that we have not been sending anything to landfill since well before the CV19 pandemic, combined with a hybrid vehicle policy and the creation and use of renewable utilities in terms of solar and the purchase of power from renewable sources. All of which are part of our ISO14001 accreditation, and have been recognised by multiple awards in this area over a number of years.
DTP as well as focusing on its own carbon footprint also works with clients to help them on their own initiatives and carbon neutral journeys, and provides consultancy services and carbon offset services as part of our offering, whereby a client who subscribes to a product or service for a period, its carbon footprint covering manufacture, distribution, usage and environmental disposal can be offset, which is achieved via UK tree planting, within new forests in the Scottish Borders and the Lake District, and other initiatives such as a UK Seaweed Farm, with Seaweed growing much faster so sequestering higher levels of Carbon. These offset services can be purchased as an annual certified service or for the planned duration of any contracted period.
DTP has also hosted many client and user events to promote best practice in the area of environmental stewardship, with lectures for students, roundtables as part of events such as Leeds Digital Festival, and webinars for clients, all of which have been well received.

Covid-19 recovery

DTP has done a massive amount of work with clients and the wider community in terms of voluntary activities in supporting them during and through the CV19 pandemic.
As an organisation with a wide focus in terms of the technologies and services we provide to clients we have been at the forefront of providing devices and wrap around services that has allowed our clients to move to initially remote, and more recently hybrid working and teaching, not only for staff and students, but also other initiatives around supporting underprivileged students with the means to continue their studies by providing compute and connectivity solutions as subsidised rates.
As well as access to functionality for staff and students we were also heavily involved in governance and business continuity related projects during the early stages of the pandemic, helping clients with their back up, recovery and disaster recovery policies and the technology and expertise that underpins these. We have also worked with clients as part of this to refine their security as well, including anti-ransomware services and solutions.
Outside of work related CV19 activities we have also supported our local communities in terms of food banks, providing volunteer support, and also bulk product in terms of anti-bacterial wipes to be part of food parcels, and also in the early stage of the pandemic providing these also to university student cohorts, which has resulted in us donating over 1m packs of anti-bacterial wipes.
As we move out of the pandemic we are working closely with clients to enhance their ability to maintain their position as hybrid working and teaching environments, implementing cloud based solutions such as collaborative working, desk booking and meeting room booking, as well as technologies that allow for hybrid meetings – with participants at home or in the office.

Tackling economic inequality

As an SME ourselves we understand the importance of economic equality, especially as our two Leeds Centres are based in less prosperous areas, namely Hunslet and Holbeck.
Also as a small business working in the area of IT we realise that we cannot always compete for new staff in todays era of the Great Resignation, and with the IT sector growing at an exponential rate, we have to look at alternative and a mixture of ways to bring new talent into the business, and retain existing talent.
We also have to recognise that certain demographics are more likely to struggle in todays world, especially young people and those on lower incomes, and we have focused on bringing in talent from both areas into roles where they can gain a foothold on the employment ladder, and have a roadmap for progression, and hopefully the flexibility to allow groups such as single parents to be able to progress without it adding further pressure to what can be already challenging balancing acts in terms of working/living.
DTP also monitors the cost of living and its baring on those entry level, part time and lower level rolls, and especially utility prices within the current economic situation, with us able to support as appropriate which we believe will be particularly relevant this coming winter.

Equal opportunity

DTP heavily committed to promoting diversity within it workforce, and ensuring we have diversity friendly policies and approaches to all aspects of our operations. DTP has put in place specific initiatives geared towards the training and advancement around gender inequality, with the target of promoting specific traditionally male orientated roles to a more diverse community. These include sales, technical and management at all levels within the business.
If any specific targets are needed to be put in place for individual customers these will be agreed with each customer at contract commencement, such as targeted training, work placement targets, or apprenticeships as required.

Wellbeing

Wellness in the workplace is a key DTP focus area, even prior to the CV19 pandemic we had put in place the structure, training and resources through a team of DTP Mental Health First Aiders, who as well as an employees line manager can be the first point of contact when an employee is struggling with a wellness issue or concern.
During CV19 we doubled down on wellness support as we realised that although working from home was convenient, it was not always the best working practice for some employees optimum wellness, and as such we put in extra measures including anonymous contacts for issues/concerns, and more sign posting support to the correct support or resolver resource whether that be DTP or external.
DTP also became a launch member of This is Me Yorkshire when it launched at the end of Lockdown 1.0, and which is a charity focused on ending any stigma around wellness issues within the workplace. This is Me Yorkshire (TiM) is aligned to the national This is Me network and focuses on creating content covering senior managers and business owners own mental health and wellness journeys, to show that if your bosses can talk about their mental health then it is safe for employees to do so also. TiM also focuses on storey telling support for people wanting to be articulate their own journey and of course sign posting materials and events that promote wellness in the workplace.
DTP has also run a number of wellness in the workplace events for both staff and customers, including webinars and round table events to promote best practice and top tips around wellness – whether individually or for the organisation.

Pricing

Price: £0.01 a gigabyte a month
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: The first 100 GB written to AWS per account is free.
Link to free trial: https://aws.amazon.com/free

DTP Storage Gateway powered by AWS

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

DTP Storage Gateway powered by AWS

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents