Reading Room

Cloud hosting - technical design

Reading Room is an expert in cloud technology and can advise you on the principles of cloud architecture. We can design and steer your requirements, based on your business needs, offering the most flexible, highly scalable and cost-efficient way for you to host websites and web applications.

Features

• Understanding your technical landscape.
• Help choose the right cloud platform including public and private.
• Full cloud and hybrid solutions.
• Managing system load.
• Requirements for high availability systems.
• Solution scalability
• Business continuity requirements
• Planning for provision of technical support.
• Plan integration of 3rd party systems and software.
• From small micro-sites to large enterprise architecture.

Benefits

• Plan migration of existing or new services to the cloud
• Design the hosting architecture to best meet your needs.
• Bespoke infrastructure architecture design, addressing your specific requirements.
• Streamlined hosting designs that avoid repetition of architecture
• Hosting designs that are user-centric
• Cost effective infrastructure reduces Opex and saves on Capex

£1,000 to £20,000 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Marisa.Hadleigh@rippleffect.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

230472709411549

Contact

Marisa Hadleigh
07412362920
Marisa.Hadleigh@rippleffect.com

Service scope

• Service constraints: N/A
• System requirements:
  • .Net
  • IIS
  • MS SQL
  • PHP
  • MySQL
  • Apache
  • NGNIX

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times are dependent on the support package agreed.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support options; -- 24/7/365; -- Business hours; ; You will be assigned a technical account manager.; Cloud support engineers work in an agile pool.; Named individual support engineers can be assigned if needed for vetting purposes.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We evaluate our client’s current solution to ensure that our services, skills and expertise are suitable to provide the levels of support required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We offer an export of all their code and upload it onto a secure location for the client to obtain.
• End-of-contract process: The client would decide to either renew the contract or end it. If client decides to renew, hosting is reviewed and agreed. If they wish to end the contract, a one off backup of data is supplied to the client.

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: Call out functionality, from and to other third party services
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• Command line interface: Yes
• Command line interface compatibility: Linux or Unix
• Using the command line interface: • can deploy, review and make changes to Live code.; • scripts can be modified to set up web services.; • certain users will have different privileges enabling further tasks.; • designed specifically for each instance.; • IP restrictions applied, IP address of source has to be added to the accepted list.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: If their hosting solution is having auto scaling then this will be automatic, otherwise this will be done manually. When this work is carried out, users will not be interrupted as a new instance will be added into the load balancer pool.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Other
• Other metrics: Ping check
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: AWS and Azure

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Complete service and data back-up
  • Config and data files
  • Pplication servers and databases
• Backup controls: Backup is automated.; Restore is either part of a system larger system restore or requested by users via a service desk ticket. We will then have this assigned to a technician to action.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Password protected
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Password protected

Availability and resilience

• Guaranteed availability: 99.95%
• Approach to resilience: The data is resilient by having as data is backed up daily. Where possible, front end servers are load balanced and databases are mirrored/clustered to ensure uptime.
• Outage reporting: We have a monitoring service called Nagios which monitors URL's, CPU, Disk, Memory and if a service is pingable. If there are any alerts, this is sent via email, displayed on a dashboard and if it is a 24/7 client, it will ring a mobile.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: User access control allowing certain users with defined privileges and IP restrictions.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 08/02/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Reading Room is Cyber Essentials accredited and ISO 27001 accredited.
• Information security policies and processes: Reading Room are Cyber Essentials accredited and ISO 27001 accredited. We are adopting those policies specifically relating to information, information systems, networks, physical environments and people. Internal audit and information security awareness training is already being conducted to review progress towards policy compliance. Risks raised through internal are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are subject to approval and sign off following review by a senior approver. Roll back and security impacts are considered as part of the change control process. Changes are tracked through their implementation and a record of changes is kept.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We agree with the client on what vulnerability test are required and arrange a 3rd party supplier to carry out this work ensuring each step is managed with all 3 parties. We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches. We recommend clients undertake vulnerability testing quarterly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Security incident reporting process summary: incidents or suspected incidents are raised to service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced and provided to customer securely.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security incident reporting process summary: incidents or suspected incidents are raised to service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced and provided to customer securely.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: EC2, Azure
• How shared infrastructure is kept separate: They are separated based on virtual servers and are also placed on dedicated infrastructure if required depending on the client and the agreed contract.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: For public cloud services hosted through AWS:; ; AWS is committed to running our business in the most environmentally friendly way possible. In addition to the environmental benefits inherently associated with running applications in the cloud, AWS has a long-term commitment to achieve 100% renewable energy usage for our global infrastructure footprint. We’ve made a lot of progress on this commitment. In January 2018, AWS achieved 50% renewable energy usage.; ; To date, we have announced nine new renewable energy projects (three wind farms and six solar farms), and these projects will deliver a total of 2 million MWh of energy annually onto the electric grid powering AWS data centers located in the AWS US East (Ohio) and AWS US East (N. Virginia) Regions. The electricity produced from these projects is enough to power the equivalent of over 190,000 U.S. homes annually, which is approximately the size of the city of Atlanta, Georgia.; More information is available on the AWS and Sustainability page.; ; AWS introduced its first carbon-neutral region in 2011. Today, AWS offers customers five AWS Regions that are carbon-neutral:; ; • US West (Oregon); • AWS GovCloud (US-West); • EU (Frankfurt); • EU (Ireland); • Canada (Central)

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  As a business we are committed to training and engaging with aspiring young talent. We have a policy of recruiting a team with junior members who are then assigned mentors to grow and develop their skills.; ; Our culture is inclusive and our workforce diverse - wether its demonstrating active roles for female role models in our leadership team or promoting gender neutral policies - we advocate for the people, not the race, colour or creed.

  Equal opportunity

  As a business we are committed to training and engaging with aspiring young talent. We have a policy of recruiting a team with junior members who are then assigned mentors to grow and develop their skills.; ; Our culture is inclusive and our workforce diverse - wether its demonstrating active roles for female role models in our leadership team or promoting gender neutral policies - we advocate for the people, not the race, colour or creed.

Pricing

• Price: £1,000 to £20,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Marisa.Hadleigh@rippleffect.com. Tell them what format you need. It will help if you say what assistive technology you use.