Central Technology Ltd

Disaster Recovery as a Service (DRaaS) - Veeam Cloud Connect Replication (VCC)

CT's secure DRaaS with Veeam is a cost effective disaster recovery service. Our service guarantees RPOs and RTOs designed around your business with multiple connectivity options and regular testing. This service is designed and operated by accredited Veeam architects and engineers within CT.

Features

• Clear and Simple pricing model
• Protection from unplanned business events and disasters
• AES 256-bit data encryption applied during seeding
• RPOs and RTOs designed around your business
• Secure and compliant to government standard
• Full and partial failovers
• Single management console which is enterprise level ready
• No second site warm standby office investment required
• Data centres are all Tier3+ and located in the UK
• Supports both Hyper-V and VMware enviroments

Benefits

• Secure & Effective highly automated disaster recovery solution
• Affordable and efficient image-based replication
• Industry leading technology designed for DR
• Self manage online portal allows full DR customer management
• Simple, consistent and predictable operating cost
• Effective Recovery Time and Recovery Points
• No second site investment required for disaster recovery
• Instant service activation
• Onsite seeding service available for large amounts of data
• ISO 27001 and 9001 accredited by BSI

£90 a terabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

233617051823492

Contact

Robert Longden
01246266130
gcloud@ct.uk

Service scope

• Service constraints: CT's service provides regular replication of server images to an alternative Tier 3+ Data Centre along with infrastructure and mechanisms for making them live and available in the event of a disaster.
• System requirements:
  • Virtualised environment (Hyper-V or VMware)
  • Internet connectivity with the required bandwidth

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CT are an ITIL aligned service desk who use the Impact and Urgency model to drive the incident priority level.; ; Any CT infrastructure issues customer effecting will have the highest priority (P1) assigned. This attributes a 20-minute response although our infrastructure are consistently monitored 24/7 and updates provided every hour.; ; For operational questions, these will be raised as a service request and raised as a low priority (P4) request. This attributes a 4 hour response.; ; Note: Support is for the cloud connection service, the client is responsible for their on-premise Veeam backups.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CT's operational teams are aligned to the ITIL framework and use the Impact & Urgency matrix to determine the incident priority (P 1-4) for the CT infrastructure.; ; Our standard SLA which are applied across our services are:; ; P1 - Critical - 20 mins response; P2 - Critical - 40 mins response; P3 - Critical - 2 hours response; P4 - Critical - 4 hours response (Service Requests); ; The service desk monitoring tools and management team consistently review the SLAs ensuring the high levels of customer engagement are delivered throughout the incident life-cycle.; ; Onsite support from our dedicated engineer team is available at an extra cost and is only where all remote services have been unsuccessful in resolving the issue.; ; During the on-boarding phase one of our Veeam product specialists will ensure that the service is established, before completing a handover into our internal account management sales support team. This team will take over the client management and be in regular contact ensuring that the service continues to meet and where possible exceed your expectations.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial configuration assistance and an optional seeding service (for large data sets or slow connectivity links), along with assisting with any issues with initial replication job configuration.; ; You will have access to support documentation, unlimited telephone/email support for the initial set up and any underlying platform issues.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is securely encrypted and is controlled from the Veeam console within your full control. Customers can restore their data up until the point of the contract ends.
• End-of-contract process: Data is held encrypted for the remaining period of the contact, up until the renewal date. At the end of the contract, the customer may decide to renew/change/cease the Veeam DR service. To renew the service no changes will need to be made. If changes are required then this can quickly be achieved by contacting your account manager at CT with your requirements. To cancel the service, all data will be removed and the repository will be deleted once youve agreed all data has been removed by the customer.

Using the service

• Web browser interface: Yes
• Using the web interface: CT utilises the Veeam availability console which allows monitoring and management of the service.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Each customer is allocated a unique user credentials to access the web interface though a web browser.
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: For further information and details in relation to the Veeam API services, please visit:; ; https://helpcenter.veeam.com/docs/vac/rest/vac_rest_api_reference.html?ver=30
• API automation tools: Other
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: CT utilise logical resource segregation and resource allocation to each environment. When customer approach resource limits, auto-scaling can be applied to ensure that sufficient available resources are available without any disruption to their service.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other
• Other usage reporting: Though the Cloud Services Support engineering team who will have received proactive alerts in line with the agreed service limits detailed in the original order service proposal document.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Disk
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: VM machine instances
• Backup controls: Each customer has a dedicated UI within the Veeam console to easily manage DR routines, set RPOs, RTOs, invoke DR etc.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: AES-256
• Data protection within supplier network: Other
• Other protection within supplier network: CT ensures that data is segregated with the use of VLans throughout the network.

Availability and resilience

• Guaranteed availability: Availability Service Credits as % of Monthly VCC Backup Service Charge; ; <99.99%-99.85% - 5%; <99.85%-99.7% - 10%; <99.7%-99.5% - 20%; <99.5%-99% - 25%; <99% - 50%
• Approach to resilience: Multiple IP transits with diverse routing between Tier 3+ Data Centres ensures that the levels of resilience for the service are in-place.
• Outage reporting: CT will issue customer notifications followed by an Major Incident Report within 10 working days.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: CT implement role based access control to restrict access control within the service.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 08/09/2021 (original registration: 26/02/2013)
• What the ISO/IEC 27001 doesn’t cover: CT apply the ISO 27001 accreditation across the whole of its services and not just specific elements. This is important to ensure that we align to the security standards throughout the organisation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CT are internally audited and externally assessed on a regular basis as well as formally annually by BSI to ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CT operates a change control process in-line with our ISO 27001 procedures. This covers all the components and services delivered by CT.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CT's Security Steering Group uphold the Risk Management Policy which is aligned to ISO27001 Information Security Risk Management. This ensures risks are identified, evaluated and treated appropriately in an ongoing basis.; ; An OWASP scanner is in-place to run regular scans for detecting of vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CT is certified to ISO 27001 Information Security Risk Management. This ensures protective monitoring is in-place to identify any risks. These are evaluated and then treated appropriately in an ongoing basis by CT's dedicated infrastructure team.; ; Protective monitoring alerts are managed on a 24x7 basis.
• Incident management type: Supplier-defined controls
• Incident management approach: CT operates under the ITIL framework for Incident Management as well as the ISO 27001 standard.; ; For all Priority 1 (Critical) incidents, Root Cause Analysis (RCA) reports are provided to customers within 10 business days of the incident resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Veeam Cloud Connect customers are assigned separate user credentials to ensure segregation between the data and instances.; ; Note: Hyper-V and VMware environments are used within the service

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CT's datacentres use the latest energy saving technologies throughout the sites: cold aisle containment and free cooling chillers.; ; Cold aisle containment is still a new but relatively simple idea to get the best efficiency from air conditioning units, ensuring that air at the most optimum temperature flows through the servers. This ensures that sound and vibrations are kept to a minimum, which in turn maximises the energy efficiency of the units without compromising the capacity.

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  As an equal opportunity business, all of our services ensure that it can be consumed and managed of equal opportunity.

Pricing

• Price: £90 a terabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: CT provides a 30 day, unlimited functionality, free trial for Veeam Cloud Connect Replication with up-to 5TB of available storage on request over an internet-based connection.
• Link to free trial: https://www.ct.co.uk/cloud/secure-disaster-recovery

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.