Trust Systems Ltd

Trust Cloud

The Service provides a production ready Infrastructure as a Service (IaaS) offering to clients, using Hyper-Converged, Edge Landing, intermediate Local Area Network (LAN) and Firewall technologies.

Trust provides a Bronze Monitoring and Reporting Managed Service. Additional services are available via LOT3 Trust Cloud managed Silver and Gold.

Features

• Hyper Converged environment using Nutanix Hypervisor, via Secure IPsec VPN
• Dedicated environment is not multi-tenanted
• Solution sized for 75 VM’s using
• Redundancy factor RF2 by default
• Product tier CPU & RAM utilisation max with N+1
• Disk customisable
• Designed for 4vCPU:1Core utilisation
• 150GB Cold Data and 25GB Hot data per VM
• Self Service Portal provides pre-configured BluePrint/API deployment scripts
• Self Service for management, ISO templates and Performance data

Benefits

• Nutanix Acropolis Hypervisor (AVH) and Self-Service Portal (SSP) included
• Dedicated environment not multi-tenanted
• Bronze Managed Service for Monitoring, Reporting and Service Desk included
• Crown Hosting UK Location Secure Government Security Classifications standards
• Nutanix default security baselining (with auto-remediation)
• Nutanix Security Technical Implementation Guide (STIG) included in platform operations
• Self Service Portal provided by Nutanix Prism Central and CALM

£8,500.69 an instance a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud.sales@trustsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

170626106628635

Contact

Trust Sales
01285 898054
cloud.sales@trustsystems.co.uk

Service scope

• Service constraints: Trust Cloud provides a "Template" sized dedicated HCI environments for client workloads reference Trust Cloud Hosting service description.; Customers to provide and perform: ; -VM OS update toolsets ; -VM OS update management ; -Option Bring Your Own Licensing (BYOL) VMware licenses are required; Customer must provide Trust access to the appropriate licensing portals to obtain patches ; -Where BYOL has been provisioned for Windows or Linux services, the customer is responsible for VM OS support. ; -Planned Maintenance to be advised as in the Service T&Cs ; -Access via SSP is limited in relation to the underlying infrastructure provisioned on the nodes of the cluster
• System requirements:
  • Customers provide BYOL for Operating System and Applications
  • Anti-Virus must be provisioned by customer (Bronze service)
  • Additional Trust Cloud services including Anti-Virus are available via LOT3
  • Internet landing implemented via IPsec VPN by default
  • Direct NW presentation e.g., WAN need design engagement LOT3

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Trust provides a Bronze Monitoring and Reporting Managed Service. This includes Service Desk ticketing and email support. ; ; This provides 30-minute initial response, resolution target is subject to incident severity grading. ; ; Service desk email and ticketing support to 24x7x365 (subject to agreed service level) with no change in response time outside of normal business hours. ; ; A web interface is available to customers to raise, view and manage current and historic incidents and changes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Trust Cloud Hosting includes 'Bronze' Support. The cost for this Managed Service is included in the IaaS monthly cost. (See LOT1 Price document); 1. Managed Infrastructure platform, including: ; a. All patching ; b. Support of infrastructure (hardware and software) by Cloud Support Engineers; c. Hardware Break-Fix management of All components ; d. Minor and major upgrades for all elements ; e . Configuration transparent to customer ; 2. Managed Firewall and network configuration, with changes made based on default change package included with service - additional available under LOT3 when base provision exhausted; ; Additional levels of Managed Service are available via LOT3 Trust Cloud Enhanced Silver and Gold Services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The onboarding service will include: ; ; 1. Identify requirements for platform to be running, including VMISO template uploads ; ; 2. Identify existing migration requirements, and offer additional services to assist with: ; ; a) Migration of VM’s onto platform; b) VM creation/setup ; ; 3. Onboarding Familiarisation process (2-hour process): ; ; a) Remote based session overview of the management platform, with tutorial of activities including basic remote login, through to deploying, managing IaaS objects and of viewing utilisation ; b) Setting up new objects, IaaS object removal ; ; 4. Standard documentation overview, handover of documents to customers, documentation of setup customer specific platform (including end to end specification) ; ; In addition, the managed service operations: ; ; 1. Support contacts ; 2. Support Portal interface ; 3. Support documents ; 4. Service Delivery Manager contacts, and support escalation contacts ; 5. Service Delivery approach, reviews ; 6. Service Transition including Service Operational Runbooks
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: A Customer ‘exit’ project is started, after notice is served. If the customer requires data secure removal and migration off the IAAS platform the process is: ; -Identify size of requirement/approach (WAN copy/local copy); -Confirm the scope of Professional Services engagement (including day estimate); ; For customers wishing to remove data: ; 1. Formal Service Transition manager project initiated closing all setup service elements and dealing with transition exit according to ITIL framework with checklist of activities ; 2. Quote for required services Professional services from Rate Card ; 3. Copy option:; 3a. Customer given access to copy VM’s remotely over WAN; 3b. Trust Consultancy locally copy data to removable/portable storage media (customer supplied device); 4. HCI IAAS platform erased using Blancco software drive eraser with proof provided via certificate. ; ; Customer not requiring secure wipe (satisfied by Nutanix erase operation on data): ; 1. As per item 1, 2 and 3 above ; 2. Data erased using Nutanix native consoles by Trust
• End-of-contract process: Trust will perform exit according to industry best practice: ; ; Exit is project managed by a Service Transition Manager ** ; ; Agreed extraction and data wipe timescale ; ; Charges for use of any data software (Blancco) ; ; Data off boarding copy local or via network transfer ; ; Network and Service decommissioning ** ; ; Scope of effort and quote provided for exit ; ; Exit will provide time for customers to ‘move’ any data from the system to their own within reasonable limits ; ; Trust will assist with the exit approach if required ** ; ; Trust will perform an exit meeting to identify reasons for exit ; ; **Additional charge applies to professional services engagement; ; For a customer exiting the platform, options are available for data removal from the systems, Trust will use a COTS solution to erase data from the platform disks. The cost of this exit is an additional service cost .; ; Additional costs: ; Service Transition Manager; Professional services to assist with exit; Certificated Data wipe; Secure data copy local device at DC

Using the service

• Web browser interface: Yes
• Using the web interface: The service includes a web portal for provisioning virtual machines and managing these via a console. Three base sizes of Virtual Machines (VM) can be provisioned on Windows and Linux, with the customer able to expand required configurations. The platform allows the customer to bring own base ISO images if needed (Optional Migration Service required as per LOT3). ; 1. The toolset supports 500 projects ; ; 2. There is a Web interface and API ; ; 3. Security is via local account or Lightweight Directory Access Protocol (LDAP) to customer LDAP if customer requires/allows; ; 4. The SSP Web service uses a base HTTP that redirects to HTTPS; users authenticate and are directed to specific ‘project’ ; ; 5. This is a Commercial off the Shelf (COTS) product widely used for such purposes provided by Nutanix. The web interface will use a public vendor provided SSL certificate for security (as will all customer facing solutions utilizing SSL systems).
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: Nutanix REST APIs allow creation of scripts to run administration commands. The APIs use HTTP requests using get/post/put (etc) to query and make changes to VMs i.e. create, list VM’s, setting categories, modifying configuration, cloning/snapshotting, power changes and deletion. Output from the commands is in JSON. ; ; Multiple API automation tools can be used, Users are only limited by the supported implementation of the Nutanix REST API version and these tools. Trust do not support setup/usage in the managed service, this would be professional services support under LOT3. Trust provide HTML documentation. ; ; Other Tools: ; • Go e.g. Creating multiple VM clones; • PowerShell (Default PowerShell installation with Nutanix commandlets will allow scripts to be run) ; • Python (scripts utilise requests, urllib3/getpass/argparse/json) ; • JSON (Using application e.g. Postman, using JSON scripts for API requests); • BASH - Scripts are standalone and run without dependencies. Scripts utilise jq, (free sed-like JSON processor) ; • PHP (Requires PHP 7.2 or later and are complete, standalone scripts carrying out common API operations) ; • Microsoft C# (Code samples utilise Newtonsoft.Json, a JSON framework for .NET).; Access in CALM DSL and operations are limited to the permissions assigned to users, which is limited to only IAAS operations.
• API automation tools:
  • Ansible
  • Terraform
  • Other
• Other API automation tools:
  • Python
  • Powershell
  • PHP
  • BASH
  • JSON
  • GO
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Trust Cloud uses a dedicated Hyperconverged Infrastructure (HCI) environment to ensure clients are not impacted by the demands of other users on the system. ; ; Trust Cloud uses FortiGate firewall products which will allow for rate limiting of the segmented workloads using Traffic Shaping. The system will be set-up to have up to 10 customers sharing a pair of physical FortiGate devices, and the source/destination interface paths will be configured with traffic shaping according to the limits of the ingress bandwidth service or a 10th share of the overall bandwidth to the upstream LAN switches, whichever is the greatest.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Software encryption Leveraging a NIST certified FIPS 140-2 level 1 compliant encryption module
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Virtual Machines
• Backup controls: Base Nutanix system snapshots (stored locally on the cluster) once per day, per IAAS VM; ; Customer self-restore capability ; ; Off box backup can be provided via Lot3 Trust Cloud Managed services. ; ; Snapshots have a removal of 30 days using GFS model: ; ; Daily backup – 7 for 1 week ; ; Weekly backup – 4 for 30 days ; ; Backups will be setup via initial onboarding for Scheduling. ; ; Backups will be scheduled via the SSP (Self Service Portal) ; ; Restores provided by cloning a second VM from a snapshot ; ; The customer to maintain supported OS and backup scripts.
• Datacentre setup: Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Customer can connect via any IP connectivity option that is secure, examples include MPLS, SD-WAN
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% availability on the TrustCloud platform as standard.; Where:; “Availability" = ((Total Uptime - Total Downtime) / Total Uptime) x 100; "Total Downtime" = the total amount of time (in minutes) where there is a complete loss of the defined service. ; "Total Uptime" = the total number of minutes in the relevant Service Measurement Period.; ; Service Credits Payable where the Supplier fails to meet the Target Availability:; 4hrs or less: None; In excess of 4 hours but not greater than 10hours: 1% per hour*; In excess of 10 hours: 15%*; *Percentage of the monthly equivalent of Trust Cloud
• Approach to resilience: Available on request .
• Outage reporting: The Trust Service Desk monitor the platform 24x7x365 through various toolsets (PRTG/Auvik/Nutanix/AlertLogic). The service desk provide 30minute response SLAs to all alerts/events from these tools. On receipt of a service affecting event an incident will be created and email alerts sent to affected clients. The normal incident management process determines update frequency and resolution targets based on incident severity. For example, a P1 incident receives 30minute status updates.

Identity and authentication

• User authentication:
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: LDAP Integration for username/password authentication
• Access restrictions in management interfaces and support channels: Trust Management Service and support Teams use Duo two factor authentication with AD authentication to access the RDS support VM’s. From there, they must provide named access with LDAP authentication to the individual systems access:; 1. OpenGear – used via RADIUS, AD and NPS to access all console ports and IPMI ports on the Nutanixs; 2. Network switches, IPMI ports, OOB management – integrated into the management Active Directory via NPS Services; 3. OpenGear uses authentication and logging via AD; 4. Management VMs – accessed via the management network from the support VM’s only, with AD to authenticate users
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 31/08/2021
• What the ISO/IEC 27001 doesn’t cover: Trust Cloud environments not in Node4 are not covered until recertification in 6th August 2024. Remediation is in place to achieve this.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Trust Systems operate an Information Security Management Forum (ISMF) to govern ISO and Compliance standards with the business monthly. This reviews Security policy and process from the staff to the Senior Leadership and Operations Leadership. The ISMF ultimately is represented at the main board to report ISO27001 items such as Risk Register and Security Incidents.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Customer changes must be raised through our RFC form. Only customer authorised contacts can raise RFCs to Trust. A request from an unauthorised contact will be referred to the service owner. Changes include the following which are communicated to the directly affected customer: ; -Firewall changes (access list change to policy) ; -Upgrades to customer platforms (new nodes) ; -Changes to existing nodes (e.g. more RAM) ; ; Trust Changes: ; Major Feature updates, System upgrades (e.g. replacement for EOL hardware). ; Changes to configurations will be raised on change management platform and assessed for potential security impact. Trust will communicate according to the defined Change process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability and Threat Management will be in conjunction with Trust Systems partner AlertLogic. AlertLogic will scan for known vulnerabilities and notify Trust Systems of issues on a daily basis. Trust will then analyse vulnerabilities and evaluate an appropriate response. ; ; Trust Systems will adhere to Cyber Essentials + and patch within 14 days of patch release aa per this framework. Any specifically raised high priority threats will be mitigated by the Service Desk team as a P1 with urgent priority.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Trust Systems subcontractor AlertLogic will provide a Threat Monitoring and Management Service; Where an Intrusion Event is detected a process exists where Trust Systems will be notified according to, subject to the SLA, 24/7 Security Operations and required technology to monitor for threats and escalate them to customers. Scanning will include: ; ; 1. PCI Scanning for vulnerabilities ; 2. File Integrity Monitoring ; 3. Network Monitoring ; 4. Log Data Monitoring ; 5. Log Analysis ; 6. Log Collection & Search with 12 Month Retention ; 7. Web Log Analytics
• Incident management type: Supplier-defined controls
• Incident management approach: Trust follows the SANS Institute incident response principals for security incidents reported via the service desk.; Prepare—establish security policies, carry out risk assessments, determine which assets are sensitive and establish an incident response team.; Identify—monitor systems to detect anomalous activity, identify security incidents or threats.; Contain—conduct short-term containment procedures to stop the spread of the threat e.g. apply fixes; Eradicate—identify the root cause of the incident, remove malware and implement measures to prevent future attacks.; Recover—restore your production systems and apply measures for preventing further attacks. ; Learn—perform analysis following an incident with documentation via PDF to the client.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Fortigate Virtualised Firewalls
• How shared infrastructure is kept separate: Compute is physically separated. Trust implements virtualisation only for the network. Fortigate Virtualised firewalls are used to segregate traffic between clients via firewall policy and individual client VDOMs. The clients are ‘landed’ through shared WAN connectivity on an IP address on the Fortigate firewall. Additionally the Mellanox switches support 802.1q Virtual Local Area Network segmentation. ; In the self service portal user configuration and information is managed via software level constructs known as ’project’, where each customer is a project, and all resources can only be access by that project. Users must separately authenticate against the portal to access their projects.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Energy efficiency is part of both Crown Hosting’s ISO 14001 and ISO 50001 certifications and management systems and is addressed in how DCs are designed. Also, contractual obligations with client and/or suppliers, guidance in documents such as rules for working in a DC as well as other requirements such as part of our CCA/CCL agreements in terms of energy efficiency.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Trust Systems has registered for ISO14001, undergone an External pre-Audit for the full Audit in July 2024. We recognise our responsibility to the environment beyond legal and regulatory requirements. We are committed to complying with all legislation and relevant regulations, reducing our environmental impact and continually improving our environmental performance as part of our business strategy and operating methods. We will encourage customers, suppliers and other stakeholders to do the same. All employees have a responsibility to ensure this policy is met. We endeavour to: 1. Paper • Minimise the use of paper in the office. • Reduce packaging as much as possible. • Seek to buy recycled and recyclable paper products. • Reuse and recycle all paper where possible. 2. Energy and Water • Reduce the amount of energy used as much as possible. • Switch off lights and electrical equipment when not in use. • Adjust heating with energy consumption • Take energy consumption and efficiency of new products into account 3.Office Supplies • Evaluate the environmental impact of any new products. • Favour more environmentally friendly and efficient products where possible. • Reuse and recycle everything we can. 4.Transportation • Promote the use of travel alternatives. • Make additional efforts to accommodate those using public transport or bicycles. • Offer employees an Electric Vehicle (EV) scheme Culture • Work in consultation with staff and stakeholders where necessary. • Work with suppliers, contractors and subcontractors to improve their environmental performance. • Use local labour and materials where available to reduce CO2 and help the community. Our chosen data Centre operator is ISO14001 certified and is committed to: Climate Neutral Data Centre Pact Supporting HMG to achieve Carbon Net Zero Their Staff - Investors in People Platinum Committed to training future staff - partnering with UTC Heathrow

  Equal opportunity

  Trust Systems is committed to a policy of treating all its employees, workers and job applicants equally. No employee or potential employee will receive less favourable treatment because of any 'protected characteristic', namely age (or perceived age); disability (past or present); gender reassignment; marriage or civil partnership status; race, colour, nationality, ethnic or national origins; religion or belief; sex; sexual orientation; and part-time or fixed term status. No employee or potential employee will be disadvantaged by any conditions of employment that cannot be justified as necessary on operational grounds. Trust Systems aims to encourage, value and manage diversity and is committed to equality for its entire staff. Trust Systems wishes to attain a workforce which is representative of the communities from which it is drawn. These principles of equality of opportunity and non-discrimination also apply to the way our staff treat customers, our business partners and visitors. Our equal opportunities policy is a commitment to make full use of the talents and resource of all its employees and to provide a healthy environment which will encourage good and productive working operations within the organisation. The policy is to be applied throughout Trust Systems, including recruitment and selection; promotion, appraisal, transfer and training; terms of employment, benefits, facilities and services; grievance and disciplinary procedures; and dismissals, resignations and redundancies. Trust Systems will ensure that all managers and supervisors with responsibility for any of the areas of particular concern are provided with the appropriate equality and equal opportunities training necessary. Other staff may also be required to attend equal opportunities training. There should be no discrimination, whether direct or indirect, because of any of the protected characteristics set out in Trust Systems’ statement of principle on equal opportunities set out above.

  Wellbeing

  Trust Systems is committed to protecting the health, safety and welfare of its employees, promoting well-being and positive mental health for all its staff, and tackling the causes of stress and work-related mental ill health. We aim to promote a positive working environment where: 1. Well-being of employees is a priority. 2. We work with employees to promote the physical and mental health of all employees. 3. All staff feel able to talk openly about their mental health and not fear discrimination if their condition is a disability or bullying or harassment. 4. People with mental health issues could participate in the workplace. We recognise that stress in the workplace is a health and safety issue and acknowledges the importance of identifying and reducing the causes of workplace stress. We also recognise that an employee’s performance or behaviour can be affected if they are experiencing mental ill health, and that appropriate support and adjustments should be explored before considering any formal measures such as disciplinary action. This policy applies to all staff, including employees, temporary and agency workers, other contractors, interns, volunteers and apprentices. Managers are responsible for implementation and Trust Systems is responsible for providing the necessary resources.

Pricing

• Price: £8,500.69 an instance a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trust cloud Proof of Concept is a cut down functional version of the service with reduced SLA and Services. Available on request.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud.sales@trustsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.