NEXT GENERATION USER EXPERIENCE LTD

Enterprise Bare Metal

NextGen UX have partnered with Cyxtera Technology to offer Enterprise Bare Metal services providing custom or preconfigured customer dedicated physical servers or co-location services in Cyxtera Global data centres.

Features

• Deploy enterprise grade servers and storage
• Cloud like financial flexibility
• Rapid deployment of services
• Extend cloud agility to on-demand capabilities
• Control, security and performance of services
• Dedicated co-location racks available

Benefits

• Control of data locality and ownership
• Retain full control of the platform from BIOS to apps
• Enhance connectivity through 62 global data centres
• Click to provision through the Cyxtera Portal
• Create cloud-like agility with dedicated services
• Meet Cloud First business objectives
• Bring your own devices utilising connected co-location services

£175 a server a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jack.masters@ngux.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

205627864837866

Contact

Jack Masters
02045268080
jack.masters@ngux.co.uk

Service scope

• Service constraints: Cyxtera are responsible for managing and maintaining all physical hardware components, meaning that the customer's responsibility lies solely on performance monitoring, operating systems and applications.
• System requirements:
  • Hypervisor licensing (other than Nutanix)
  • Operating System and other software licensing

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The priority of the service call is also agreed with the Customer ranging from P1 (critical) with a 15 minute response through to P5 (information request) which is entered into our ticketing system. The NextGen UX Service Desk has a team of Analysts who provide 24x7x365 support for P1 & P2 calls on a rotational basis.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: NextGen UX Flexible Support solutions are tailored to individual business IT requirements, and provide out-tasking and out-sourcing options for customer Platform Management and Support. NextGen UX may augment existing operating models with technology expertise to call upon when required, or provide full monitoring and maintenance all managed via our UK Operations Centre.; ; NextGen UX follow the ITIL framework and introduce a communication programme that suits your availability and will conduct Service Reviews either via conference call or face to face at your premise. Our Executive Report concentrates on your business and will be delivered 5-10 days before we meet so this gives you time to digest and feedback during the Service Review.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding documentation is available via https://docs.cyxtera.com/; ; Additional training is available from NextGen UX for ad-hoc services or further advice.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: This is the responsibility of the end user. Cyxtera and NextGen UX has no access to end user data as Bare Metal Servers are dedicated resources with only end user access to data logically.
• End-of-contract process: Customers can either move to month to month contract following fixed contract terms, or negotiate longer fixed term periods. Otherwise customer equipment will be fully disconnected for the Cyxtera Ecosystem.

Using the service

• Web browser interface: Yes
• Using the web interface: The Cyxtera Portal is a powerful tool to view, monitor, and manage the data centre remotely. All infrastructure, digital and co-location in one place. ; ; • Overview is the home page of the portal and includes Orders, Tickets, and Billing information.; • Spaces is the new way to view assets. This item expands to provide a selection of data centres and cages/racks within the data centre. Selecting a data centre navigates to the dashboard for that data centre. Choosing a cage or rack allows the user to see racks and interconnections within that space.; • Contacts is the place to manage your contacts, data centre access authorisations, and visitor logs.; • Digital Exchange navigates to the Cyxtera digital exchange (formerly CXD Command Center).
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Not applicable at this time
• API: Yes
• What users can and can't do using the API: API management is achieved through the the portal at accounts.cyxtera.com.; ; The API Keys section allows you to create and revoke API Keys and their associated secrets. API Keys provide you the ability to automate actions on behalf of your account while keeping your password and other login information secure. In the future, you will be able to create keys with a reduced scope of access so a key is only able to access and update certain types of account information. For example, only contact information but no billing or colocation asset information.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Full logical access is available to lights-out on the servers.

Scaling

• Scaling available: No
• Independence of resources: Bare Metal Services are customer dedicated resources and not shared with other customers
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cyxtera Technology UK Limited

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: NextGen UX or Cyxtera do not provide SLA's around the availability of the hardware (customers should architect the Enterprise Bare Metal environment with the N+1, N+2, etc. redundancy required). Cyxtera are ultimately responsible for replacing any failed equipment with next business day Service level objectives (SLO). Service level objectives are outlined in the Appendix section document Cyxtera Platform Services Service Level Agreement.; ; See - https://www.cyxtera.com/pdfs/legal/Cyxtera-SLA-CXD-Services.pdf
• Approach to resilience: Enterprise Bare Metal customers are able to configure dedicated servers to meet their requirements. Base server options include dual power supply and separate power sources. In the event of failure, generators are on standby to take over.; ; Network resilience is provided through diverse connections into the data centre. Full schematics may be provided upon request.
• Outage reporting: Outage and incident reporting is available via email alerts and customer portal and API's available. This includes planned change notifications in line with standard change control processes.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: WAF is enabled on app gateway, 2FA is supported and users can configure it and it will be applied during login.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman
• ISO/IEC 27001 accreditation date: 13/07/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Schellman
• PCI DSS accreditation date: 05/08/2021
• What the PCI DSS doesn’t cover: Specific customer environments – The certification is of Cyxtera as a service provider. The ROC and AOC are available on request.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SSAE 18/ ISAE 3402 (SOC 1)
  • SOC 2
  • ISO 27001:2013
  • PCI DSS 3.0/3.1 REPORT ON COMPLIANCE (ROC)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Leading security practices, contractual obligations, and regulations and industry standards, including Sarbanes-Oxley Act (SOX),the Payment Card Industry Data Security Standard (PCI-DSS), International Organization for Standardization (ISO) 27001 and SOC 2 mandate that risk management policies must be in place and executed at minimum annually and extend to those third parties used by Cyxtera.; ; Accordingly, Cyxtera must assess, minimise, and approve the risks associated with its products and its relationship with third parties. The primary focus of the program is to assess information security risks that may be created by new and existing internal practices and third party relationships and the process and adherence is owned and managed by the Governance Risk and Compliance Team reporting to the VP and General Manager of Cyxtera Federal.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All compute and network equipment are tracked in our CMDB, upon installation a CI is created for each device and on decommission it is removed.; ; Cyxtera only procures hardware and software through authorised Resell & Distribution parties of Vendor
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The risk identification process consists of the identification of company assets and the vulnerabilities assigned to those assets as they relate to the key values of information security, confidentiality, integrity, and availability. A documented risk assessment methodology is in place to guide personnel in the identification, selection, and development of risk management activities. Control activities serve as mechanisms for managing the achievement of the security and availability categories.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Cyxtera utilises procedural, manual and automated monitoring tools to monitor control activities. Any suspicious activity resulting in a breach of security are tracked and resolved according to the Incident Response Plan.; ; An incident response plan is in place to guide personnel in the restoration of operations inline with agreed Service Levels and Key Performance Indicators together with post-incident root cause analysis, impact analysis, resolution, lessons learned, and action items.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: An incident response plan is in place to guide personnel in the restoration of operations inline with agreed Service Levels and Key Performance Indicators together with post-incident root cause analysis, impact analysis, resolution, lessons learned, and action items.; ; Major Incident reports are available to customer in line with contractual agreements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: As a global leader in colocation and interconnection services, Cyxtera is committed to empowering customers and partners to build sustainable businesses, minimising their own environmental footprint, fostering diverse and connected communities and increasing trust and transparency.; ; Cyxtera has established proactive sustainability and efficiency measures that enable them to minimise energy demands without compromising reliability. ; ; From establishing proactive sustainability and efficiency measures in building our data centers to focusing on renewable energy sources to moving into a more circular use of materials and smarter, cleaner way of consuming resources, we are committed to taking the necessary steps to protect the planet as we operate and grow our business. ; ; Made a commitment to long-term goal of achieving 100% carbon neutrality across our global portfolio and data center platform. ; ; On track to increase our renewable energy by 20% in 2021 ; ; 2.2M SQ FT of Data Center Space has been Energy Star Certified across 22 data centers ; ; 34 Data Centers total to be Energy Star Certified by 2023 ; ; Reduced PUE by 10% with ongoing program to drive further reductions

Social Value

• Fighting climate change:

  Fighting climate change

  The NextGen UX potential impact on the environment stems largely from office-based operations and, to a large extent, this dictates where the company can make progress in improving its environmental performance. We have shut one office and staff work from home. NextGen UX recognises the global challenge posed by climate change and other environmental issues; and also recognises its responsibility to reduce the environmental impacts of its business operations. The company is committed to reducing its carbon (CO2) emissions and is also committed to managing its direct environmental impacts in a responsible manner. Key areas where we can focus attention are property management, information technology, business travel and purchasing & contracts. The company aims to protect the environment through effective management of these areas and by adopting best practice where reasonably practicable.; NextGen UX will:; • Ensure compliance with the requirements of all relevant environmental legislation and codes of practice.; • Reduce the amount of waste generated and improve levels of recycling.; • Raise awareness and encourage use of audio and video conferencing and live meeting facilities to reduce the dependency on business travel.; • Develop and maintain processes / systems to monitor and record environmental performance data.; • Set targets for continuous improvement.; • Incorporate specific environmental requirements into contracts with suppliers.; • Specify products from sustainable sources wherever reasonably practicable.; • Ensure that colleagues are aware of relevant environmental issues, and understand their own responsibilities in meeting any targets set by the company.; These commitments are backed by a programme of continuous assessment, checking achievements against targets and seeking opportunities to raise awareness of environmental policy amongst employees. Responsibility for environmental policy rests with the company Executive Management Team.
• Covid-19 recovery:

  Covid-19 recovery

  We look at five areas as recommended by Deloitte.; • Reflect. - Create the time to reflect on what’s next and think about what has worked, what you learned, and what has been missed in the response.; • Recommit. - Reinforce commitment to well-being and purpose through a focus on physical, physiological, and financial concerns.; • Re-engage. - Redeploy workforce and maximise the workforce’s contribution and potential, while preparing the workforce with the skills and capabilities for the return.; • Rethink. - Utilise new business priorities to rethink and reconfigure the work, workforce, and workplace and balance ongoing and evolving business needs.; • Reboot. - Realign HR and people operations priorities with the most pressing business and workforce priorities.; As we emerge from the pandemic, our objectives for COVID-19 recovery as recommend by the UK Government are as follows:- to support the staff to take action and look after their mental wellbeing to prevent the onset of mental health difficulties, by taking action to provide assistance through managerial support also using private medical assistive help line numbers to ensure private medical services to continue to expand and transform to meet the needs of the staff who require specialist support We also point to various Government resources such as the NHS website; Public Health England etc.
• Tackling economic inequality:

  Tackling economic inequality

  With extreme poverty already on the rise as a result of the pandemic and with climate change threatening to deepen inequality still further as vulnerable communities are hit first and worst by its effects an economic system that is fairer, more trustworthy and capable of addressing humanity’s most profound challenges is urgently needed. Business is, of course, a critical actor in forging that system. With revenues bigger than some countries and supply chains that wrap around the globe, business exerts incredible influence over societies and ecosystems. Rightly, people increasingly expect the companies they work for, buy from and invest in to channel their knowledge, resources and influence toward tackling society’s toughest challenges, including social inequality. At NextGen we believe that income levels are set correctly along with opportunities for further education and training of employees.
• Equal opportunity:

  Equal opportunity

  At NextGen we are committed to encouraging and achieving a working environment which is underpinned by fairness to all individuals, where equality and diversity are recognised, encouraged and valued, and the concept of individual responsibility is accepted by all. All Employees have a duty to co-operate with us to ensure that this policy is effective in ensuring equal opportunities for all employees and to help prevent all forms of discrimination and/or harassment and victimisation. Failure of individual employees to comply with our policy will be treated as a disciplinary offence. Serious breaches of the equal opportunities policy will be treated as gross misconduct and could render the employee liable to summary dismissal. Employees can be held personally liable as well as, or instead of, the organisation, for any act of unlawful discrimination. Employees who commit serious acts of harassment may be guilty of a criminal offence. Individuals will be made aware of the policy at the time of their induction and through details provided in the Employee Handbook.
• Wellbeing:

  Wellbeing

  At NGUX we focus on nurturing employee well-being and understand that it is critical to developing workplace resilience. There are seven key areas we focus on.; • Physical ensuring the employee has routine in their role and enough time for exercise; sleep; work-life balance and food.; • Career. Ensuring the employee has learning and development programs; • Financial. Ensuring employees are rewarded and there is no financial stress which has been more prominent due to the pandemic.; • Social. We at NGUX ensure there are social events especially now with people having lived through isolation; • Community. Engaging where possible with local schools, colleges and apprenticeship companies; • Emotional. Supporting employees and offering 121's or an external forum for assistance and guidance; • Purpose. Regular team meetings set the purpose for weekly work and what the company as whole is working towards

Pricing

• Price: £175 a server a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: NextGen UX and Cyxtera offer customers a proof of concept which will be defined and agreed in lines with the Cyxtera Authorized Use Agreement. Each request will be reviewed on its individual merit and customer requirements to allow full evaluation of services.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jack.masters@ngux.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.