THRIVE OPERATIONS LIMITED

Thrive - Infrastructure as a Service (IaaS) - Managed & Un-Managed

ThriveCloud delivers infrastructure-as-a-service from Thrives tier 3+ UK data centres offering public, private and hybrid Cloud services with best-in-class technology. Including a flexible, scalable range of storage solutions, incremental back-up and recovery services are available to suit operational or compliance obligations.

Features

• Enterprise grade infrastructure – Cisco, Dell, HPE, Pure, FortiGate, VMWare
• ISO27001 accredited UK based Tier3+ Datacentres and 100% uptime guarantee
• Pay-as-you-grow utility pricing model that scales when required
• Intuitive orchestration platform to manage applications and day-to-day tasks
• Server and application level item back-up and recovery
• Near continuous data journaling provides recovery points every 5 seconds
• Fully secure end-to-end data encryption
• Automatic data healing to prevent corruption and de-duplication
• Data compressed at source to minimise network and storage requirements
• 24 hour monitoring through Thrive TAC/SOC and Integrated SIEM

Benefits

• Leverage best-in-class hardware and software without upfront capital expenditure
• Automatic failover and full redundancy improves business continuity and resilience
• Eliminate the costs of managing an expensive, on-site technology estate
• Scale your ICT effortlessly in response to changing business needs
• Reduce operating expenses through server consolidation and desktop virtualisation
• State-of-the-art physical and virtual security protects critical data and applications
• UK shored secure tier 3+ Datacentre protecting your data
• De-risks IT assets with flexible underpinned SLAs

£18.17 a virtual machine a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

233684530789855

Contact

Phil Cotterill
01582 429999
pcotterill@thrivenetworks.com

Service scope

• Service constraints: Max vCPU per Virtual Machine is 16 cores
• System requirements: No system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Range of SLA's from P1 (15 min confirmation, 30 min engineer response & 2 hour resolution) to P4 (Service request: 1 hour confirmation, 24 hour engineer response and 48 hour resolution)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Thrive's web chat is accessible through our customer portal, using our current solution ServiceNow. User's Can do the Following:-; Log support tickets; Provide/obtain updates on current tickets; Update contact details
• Web chat accessibility testing: These have been tested in a live environment through our own platform
• Onsite support: Onsite support
• Support levels: Each incident raised is classified in accordance with the impact it has on the customer; P1 - Major Incident 15 minutes response. P2 - Critical Incident 30 minutes response. P3 – Urgent Incident 60 minutes response. P4 - Normal Incident 4 hour response. Thrive Engineers resolve issues through telephone support, diagnostics tools and vendor support. All resolution activities are documented within the client portal and the incident is closed upon the customer’s approval.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: This depends on the user's circumstances. i.e. for a new service, Thrive provision all the customer's VM's and help them build the OS's required.; ; Flexible migrations service that is co-ordinated with the customer's circumstances depending on many factors - where are the current applications/VM's, are they being moved as is or being upgraded at the time of migration.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The customer owns the data and VM's within ThriveCloud. Customers can either copy data out or Thrives can provide copies of VM's on to suitable storage provided by the customer. Thrive can provide additional services for off-boarding, however these would be unique to each situation.
• End-of-contract process: The contract can be renewed.; If the contract is not renewed the data and or VM's would need to be removed off of the platform by the contract end date. However the contract end date can be extended for the amount of time required for off-boarding to be completed.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can access their virtual datacenter to complete the following tasks;; Power on and off VM's & reboot; Access to VM console - including mount ISO's; Delete a VM; Provision a VM; Edit the settings of a VM
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Via HTTPS connection over the internet
• Web interface accessibility testing: This is provided by the vendor as above
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Customers are given reservations on their resource pools.; Thrive use capacity management tools on the ThriveCloud service to ensure there is a minimum capacity resource of 30% available. Additional components are added to maintain a minimum of 30% capacity availability.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Other
• Other metrics: VM availability
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Both physical and virtual servers
  • Most database applications; SQL, Oracle
• Backup controls: Backup requirements are agreed with the customer during service implementation, different requirements can be accommodated as required.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: The main method for security is complete seperation at the vSwitch / VLAN level.

Availability and resilience

• Guaranteed availability: Thrive offer service credit backed 100% availability on its Cloud Services.
• Approach to resilience: The ThriveCloud Service is built on Enterprise Technology with a fully redundant design containing no single points of failure. The networking at every layer is redundant. The internet service uses three separate ISPs diversely delivered into two datacentres.
• Outage reporting: The systems are monitored 24/7 and use e-mail alerting into the Thrive24/7 support team. Outages are monitored for all hardware and networking.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: To access the web portal each customer is granted an admin user with which they can manage their own security for each of the vm's within the platform. Access to individual applications within the platform is the customers responsibility, however Thrive have helped with this in many areas such as VDI with dual factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS UK Limited
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All items not defined by our scope of certifcation and statement of applicability version 3.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Personal Information Standard BS10012:2017, Cyber Essentials Plus.
• Information security policies and processes: The information security policies and processes followed by Thrive are in line with the ISO27001 specification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management process adheres to the ITIL best practice framework. All changes are monitored of business impact before the change request is concluded.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are managed within Thrives in house service management system. Vulnerabilities are identified through vendor notification, onsite tools and systems. Each vulnerability is assessed to ensure high priority items are actioned immediately in accordance with Thrives change processes. All vendor security patching and vulnerabilities are actioned immediately. Other vulnerabilities are reviewed at Operations Meetings and scheduled for assessment and rectification appropriate to the issue. Thrives cloud design is highly resilient with multiple layers of security to ensure vulnerabilities are minimised or removed. The mature platform has been operational for many years with no client outages or client affecting security impacts.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Thrive staff are located both remotely and on site at Thrives datacentre premises to continuously monitor all aspects of the ThriveCloud Services. Thrive use multiple monitoring applications across all aspects of the service from environment, security, VMware, OS and infrastructure. All monitoring platforms alarm on triggered events but also threshold breaches. By monitoring in this way Thrive mitigate all impacts before they become client effecting. ; ; All elements up to and including Microsoft or Linux Operating Systems are monitored and alerts are sent to the service team 24x7. Security patching and vulnerabilities from Microsoft or VMware are actioned immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are captured from customers, Thrives engineers and monitoring platforms, and adhere to the nine ITIL Incident Management activities. Each incident Event is logged on Thrives management system and categorised in agreement with the customer according to the business impact; Priority 1 - Network down 30 minutes engineering response. Priority 2 - Major loss of service 30 minutes engineering response. Priority 3 – Non-urgent 4 hours engineering response. Thrives Engineers work to resolve the issue through telephone support, diagnostics tools or vendor support. All resolution activities are documented and the incident is closed upon the customer’s approval.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Separate virtual datacentres are provided for each customer using VMWare vCloud Director

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Thrive Datacentre has an energy power usage efficiency (PUE) rating of 1.3 and achieves this through the use of Fresh Air Cooling Systems (using outside ambient fresh air rather than chillers whenever possible) as well as utilising hot isle containment and efficient UPS systems. Thrive also have a Policy of continual energy efficiency, Heat reclamation system and hot and cold air segregation.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Thrive are providing additional environmental benefits in the performance of the contract such as flexible working, car share programs for office based staff and are actively working towards net zero greenhouse gas emissions as well as ISO14001 certification.

  Covid-19 recovery

  Thrive are a high growth business operating in a high growth sector and have created new employment opportunities, offer re-training via our Rising Tide program and other return to work opportunities for those left unemployed by COVID-19.

  Tackling economic inequality

  With our cloud and cloud managed cyber security offerings Thrive are creating a number of new roles across our organisation. In the last year the team has grown by over 300 people as we create employment and training opportunities. The current skills shortage in the UK for cyber security staff currently stands at 11,200.; Thrive has also been supporting educational attainment relevant to our G-Cloud offerings, including training to address skills gaps and result in recognised qualifications.

  Equal opportunity

  Through our "Rising Tide" program, that has been in place since 2020, Thrive are fully supporting in-work progression to help people, including those from disadvantaged or minority groups, to develop their careers and move into higher paid work by developing new skills many that are relevant to the services we are offering through the G-Cloud program.

Pricing

• Price: £18.17 a virtual machine a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.