QUISTOR UK LIMITED

Oracle Cloud Infrastructure hosting and database services

IaaS and PaaS hosted on Oracle Cloud Infrastructure platform with billing, support and project services by Quistor.

Features

• Offbox virtualised cloud platform
• Exahotel: exascale performance with reduced costs
• Dedicated GOV regions
• Best in class hosting option for Oracle apps and Databases

Benefits

• Virtual machines without the hypervisor overhead and noisy neighbour problem
• Discounts against list pricing based on estimated volumes
• Award winning Oracle Cloud partner
• App modernisation specialists
• Quistor Cost management services help track Cloud spend
• Cloud architects to support your journey

£21.99 a virtual machine a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gotelea@quistor.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

300553339353531

Contact

Georgia Otelea
07786174775
gotelea@quistor.com

Service scope

• Service constraints: N/a
• System requirements: Consumption estimate required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Oracle aims to respond within 15 minutes and will work 24x7 to resolve severity 1 requests.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Quistor Premium support engineer costs:; Managed service base support rates per month below for a managed environment, cloud support billed hourly on top (£100 per hour); £600 p/m 12x5; £810 p/m 17x5; £1,190 p/m 24x5; £1,610 p/m 24x7; Cloud architects also available for £90 pound an hour
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Quistor can deliver remote and on on premise workshops as required to help organisations new to OCI gain the necessary skills. Oracle provides free OCI training certifications for users and all services are thoroughly documented online with downloaded materials.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can copy the tenancy back into their local environment. Data Egress on Oracle Cloud Infrastructure is free for the first 10TB. Alternatively, a data transfer appliance can be requested from Oracle (50TB per appliance). Oracle will copy the data from your storage buckets onto the appliance and ship it so you can migrate the data to your new environment. The appliance is shipped back to Oracle on completion of the exit process.
• End-of-contract process: The tenancy will renew with Oracle on a PAYG basis at the end of the subscription period if not renewed via Quistor.

Using the service

• Web browser interface: Yes
• Using the web interface: Oracle Cloud Infrastructure has both a web interface and a command line interface. The web interface is fully features and can be used to setup networking, add/remove oracle cloud services, manage billing information and to manage user access to the services. Users can also raise support requests with Oracle via this portal for service effecting issues.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: The Oracle Cloud Infrastructure APIs are typical REST APIs that use HTTPS requests and responses. Oracle Cloud Infrastructure provides a list of services available via API.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: The CLI is a small-footprint tool that you can use on its own or with the Console to complete Oracle Cloud Infrastructure tasks. The CLI provides the same core functionality as the Console, plus additional commands. Some of these, such as the ability to run scripts, extend Console functionality.; ; To install and use the CLI, you must have:; ; An Oracle Cloud Infrastructure account.; A user created in that account, in a group with a policy that grants the desired permissions. This account user can be you, another person, or a system that calls the API. For an example of how to set up a new user, group, compartment, and policy, see Adding Users. For a list of other typical Oracle Cloud Infrastructure policies, see Common Policies.; A keypair used for signing API requests, with the public key uploaded to Oracle. Only the user calling the API should possess the private key.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Off box virtualisation removes hypervisor overhead from the servers. Each OCI CPU (OCPU) Is 1x physical core with hyperthreading enabled so the user has full access to the service negating the noisy neighbour issue. If the user wishes to have full dedicated hardware access so no other users are accessing other cores they can use bare metal instances.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Oracle

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • VMs
  • Databases
  • VMWare environments
  • Storage buckets
• Backup controls: Users can benefit from user or Oracle defined backup schedules. Whole environments can also be replicated into different availability domains or cloud regions to increase resiliency in the case of datacentre failure.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: OCI Provides SLA's for availability. For availability there is a 10% service credit for 99-99.9, if service drops to 95-99 25% service credit. For availability less than 95% there is a 100% credit. To receive credits users can submit a claim via the support portal or via their Oracle Account Manager.
• Approach to resilience: Each Datacentre is split into fault domains. Each datacentre has three fault domains. Fault domains let you distribute your instances so that they are not on the same physical hardware within a single availability domain.
• Outage reporting: A public dashboard displays all service status for regions. Services can also be monitored via the monitoring service API. Email alerts can be setup to notify if any services are not running.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to network devices, servers supporting the services requires Oracle users to use multi-factor authentication and traverse three levels of access control. The network is a multi-tiered Demilitarised Zone (DMZ) environment inside a dedicated extranet that is isolated from Oracle's internal corporate network and VPNs for non-cloud services. The second step in the authentication path is authenticating to the relevant bastion server. Operator access is only permitted from bastion servers. Only approved engineers with the required entitlement can access the bastion servers. The public/private SSH key of authorised users is used in conjunction with UNIX username and authenticated via LDAP.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISAE3000D

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: ISO 27001 is in progress and the assessment is due shortly. Information security is managed via our dedicated team of Information security manager, asset owner and data protection officer. We have information security policies, mobile device policies and acceptable use policies for internet, social media, homeworking. We classify information according to its intended audience and operate on a principle of least access to ensure information is only available to those with the correct rights and who understand the controls. We run regular staff trainings and monitor awareness and possible areas to improve on.
• Information security policies and processes: Information security is managed via our dedicated team of Information security manager, asset owner and data protection officer. We have information security policies, mobile device policies and acceptable use policies for internet, social media, homeworking. We classify information according to its intended audience and operate on a principle of least access to ensure information is only available to those with the correct rights and who understand the controls. We run regular staff trainings and monitor awareness and possible areas to improve on.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Oracle Cloud Operations performs changes to cloud hardware infrastructure, operating software, product software, and supporting application software that is provided by Oracle as part of the Oracle Cloud Services, to maintain operational stability, availability, security, performance, and currency of; the Oracle Cloud Services. Oracle follows formal change management procedures to review, test, and; approve changes prior to application in the production service.; Changes made through change management procedures include system and service maintenance activities, upgrades and updates, and customer specific changes. Oracle Cloud Services change; management procedures are designed to minimize service interruption during the implementation of changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Penetration tests of the system are conducted at least annually. A commercial vulnerability scanning tool is configured to scan all external IP addresses and internal nodes at least quarterly. The results of vulnerability scans and penetration tests are reviewed by management. Vulnerabilities and threats are assessed, documented and tracked through resolution. Oracle Cloud Infrastructure has deployed security information and event monitoring (SIEM) solution which ingests and stores security-related logs and alerts from networking devices, hosts and other components within the infrastructure. SIEM is monitored 24x7x365 basis designed to defend and protect against unauthorised intrusions and activity in the production environment.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: OCI's deployed SIEM ingests logs and alerts from networking devices, and hosts. SIEM is monitored 24x7x365 basis designed to defend and protect against unauthorised intrusions and activity in the production environment. In the event of a security incident, Oracle Cloud Infrastructure activates an agreed protocol which includes GIS, Global Product Security, and Privacy & Security Legal, as applicable, to provide specialist subject matter expertise to respond to the incident. In the event that Oracle determines that it is required to report an incident involving the breach of personal information to a customer, Oracle will promptly notify the affected customer.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents, including incidents reported directly to a customer’s account manager, are recorded via an internal access-controlled electronic ticketing system. Routing, communication, and escalation of incidents vary depending on a number of factors including urgency and impact to customers. Incidents reported via My Oracle Support (MOS) or through the external user incident reporting process are routed to Oracle Cloud Infrastructure personnel and tracked in the electronic ticketing system in the same manner as an internally identified incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Oracle VM
• How shared infrastructure is kept separate: Oracle encrypts all data at rest and provides dedicated CPU cores with hyper threading for each customer (OCPU). The virtualisation layer is running off box to separate user management from the server. Oracle also works on very secure principles of zero trust.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Oracle's datacentres are run on 100% renewable energy, they are likely to be more efficient than on premise hardware as services can be more easily switched off when not running.; ; Quistor prioritises remote working over travel to reduce its carbon footprint with much Cloud hosting services able to be carried out remotely.

Pricing

• Price: £21.99 a virtual machine a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Oracle Cloud offers a $300 USD trial for 30 days whereby you can trial a list of services. There is also an always-free tier where you can run a subset of services 247 at no cost.
• Link to free trial: https://www.oracle.com/uk/cloud/free/#free-cloud-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gotelea@quistor.com. Tell them what format you need. It will help if you say what assistive technology you use.