1Cloud - Cloud Infrastructure as a Service (IaaS) Platform
1Cloud is an Infrastructure as a Service (IaaS) solution that provides customers with a highly secure, resilient, virtualised hosting environment in which to host their data. This may include their website, email and any other applications as required.
Features
- Infrastructure – using purpose built HPE Blades
- Sits within the telecommunications network, providing low contention
- Monitoring – accessed via internet, in real time
- Resilient – dual DC locations, with carrier grade network connections
- Ability for customers to create/amend/delete any virtual machine
- Ability to assign virtual machines to any VLAN
- Ability to create internal VLANs
- Console access to individual machines
- Add alarms to individual machines; alerts sent to nominated email
- Import customer templates and build machines from them
Benefits
- Better access - from any location with an internet connection
- Ease of use - from multiple devices (laptops/workstations/mobile phones)
- Better uptime, providing a better experience for the user
- Scalability and flexibility
- The ability to react quickly to business demands
- On-demand access for better cost control
- Only pay for resources that are used
- User-friendly web portal eliminating change complexity
- Geographical and software resilience, ensuring high-availability
- Individual customer firewalls maximising customer security
Pricing
£13.20 a virtual machine a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 5 6 9 1 7 5 6 1 8 2 4 8 7 4
Contact
TALKTALK BUSINESS DIRECT LIMITED
Andrew Stokes
Telephone: 07976911843
Email: andrew.stokes@talktalk.business
Service scope
- Service constraints
-
We may upon five (5) Business Days’ notice or, in an emergency (as determined by us), give as much notice as is reasonably practical, perform Scheduled or Emergency Maintenance (including temporary suspension of Service where necessary) to maintain/modify the 1Cloud platform or associated Services and/or to prevent or resolve Incidents. Service suspensions for the purposes of Scheduled or emergency network modification, or preventative maintenance, will not be counted as outage time for purposes of any Service Level.
For ongoing assurance, we will provide support to the customer for everything up to, and including the orchestration layer of the platform. - System requirements
-
- Virtual machine operating systems
- SQL databases (chargeable), customers may use their own
- For data centre replication, TTB can provide a managed service
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- All questions and queries will be acknowledged immediately upon receipt and we will endeavour to respond as quickly as possible during the working day with further information as it become available.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
-
TTB will offer a single level of support accessible using email or telephone, 24*7*365. Following the receipt of a new incident, TTB will allocate a unique “Case Reference Number” that shall be inputted to the fault management system.
Priority Classification
Priority 1 - Loss of Service - DOA End User has been migrated onto the TTB
Network and the service has never worked within first 8 days. Total loss of Sync/Connection to TTB Network Expedites are available on request – 7 Hour response
Priority 2 Partial Loss of Service - Intermittent or unstable connection – 34 hours
Priority 3 Quality of Service – Destination Failure Speed or browsing issues – 48 hours
Priority 4 Queries or RFO requests Fault/ Service enquiries and RFO requests – 48 hours
TTB, at the time of making the incident/fault report, will agree the priority level of the incident. Once opened, a support case will remain open until the incident has been resolved.
All support levels detailed above are included as standard within the Service Contract. All customers will be allocated a named Account Manager who will have a team of dedicated Technical specialists that will support on any customer requirements. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
TTB will provide a blend of online and face to face training around the relevant user interfaces, including providing the relevant documentation to customers post enablement.
Alongside this the platform comes with a quick start guide in PDF format that will support the user to manage the service effectively.
All documentation and communications from TTB will be via email to customers in their preferred format and communications method, and include all relevant contact details for aligned support and customer service requirements. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- 1Cloud quick start guide
- Video demonstration
- Technical documentation
- Online knowledge base
- End-of-contract data extraction
- The user can simply download a copy of their data from the relevant virtual machine. However, if they needed the specific .VMDK or .OVA server templates, we will levy an hourly charge for the required professional service to provide them.
- End-of-contract process
- At the end of the contract term, pricing will automatically revert to the standard hourly billing rate as per the agreed rate card. The option to renew the contract with the inclusion of the relevant discounts would typically be discussed 3 months prior to the contract end date. Standard charges include compute, storage, windows licensing, SQL licensing, public IP addressing, VM Backup and shared internet access. Additional costs would apply for managed services.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Users will be provided with access to the 1Cloud web interface using their login Username and password. The below actions can be undertaken with no limitations on the frequency of these actions to set up the service. Changes can be mad by the user via the portal interface to amend the following:
• Create/amend/destroy/spin-up/spin-down any Virtual Machine
• Assign virtual machines to different VLANs
• Create "Internal VLANs"
• Console access to individual VMs
• Add an alarm to a VM to email a nominated address upon it being unreachable - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
-
Users will be provided with access to the 1Cloud web interface, which uses videos, images and documentation to ensure accessibility, by using their login Username and password, and users will be able to do the following:
• Create/amend/destroy/spin-up/spin-down any Virtual Machine
• Assign virtual machines to different VLANs
• Create "Internal VLANs"
• Console access to individual VMs
• Add an alarm to a VM to email a nominated address upon it being unreachable - Web interface accessibility testing
- No interface testing has been completed currently, this will be a future roadmap consideration.
- API
- Yes
- What users can and can't do using the API
-
Requirements would typically be discussed with our cloud architecture team who will provide guidance on the correct APIs to use to deliver the desired outcome, meaning we should eliminate/mitigate any limitations identified.
Users will be able to set up the service and make changes through the following API functionality (not an exhaustive list):
Create a VM with the API
Get a VM and deploy it
Get a group of VMs with the API
create a tenant via API
add a public IP to a VM via API
Upload and replace template disks via API
add a NAT rule to a VM via API
Retrieve users of all enterprises via API
Reconfigure virtual machine volumes via API
Reconfigure a virtual machine to add a hard disk via the API
Reconfigure a virtual machine to add a NIC via API
Reconfigure a virtual machine to remove a hard disk via the API
Manage virtual machine metadata via API
Add a hard disk to a VM via API
Add a VM template in a data centre via API
Create virtual datacentres via API
Enable VM monitoring and metrics via API
Update enterprise properties via API - API automation tools
- Chef
- API documentation
- Yes
- API documentation formats
- HTML
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Manual
- Independence of resources
- Through the implementation of LogicMonitor, alongside natively built systems, TTB closely monitors the consumption of physical resource that underpins the 1Cloud platform to ensure that no more than 60% is consumed. This means users will not be affected by the demands other users are placing on the service. Customers are also able to monitor their own resource consumption and add more resources if required. There is also the ability to reserve compute resource should the customer wish.
- Usage notifications
- Yes
- Usage reporting
-
- API
- Other
- Other usage reporting
- All notifications and alerting will automatically be provided from the platform orchestration layer via email. Notification profiles will be set by the user.
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Memory
- Number of active instances
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- PlatformX Communications Limited (PXC)
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Full virtual machine backups can be taken
- Virtual machine snapshots can be taken at any point
- Backup controls
- The customer will be able to choose from fixed backup schedules and their VM will be added to it. TTB provides a full VM backup, so individual applications should provide a mechanism to commit any live data to disk prior to the backup job running. Servers electing for backup will undergo a snapshot and the snapshot compressed and backed-up at the relevant datacentre. A maximum of 7 restore points are held. The status of a backup job can be reviewed at the VM level and successful backups restored.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
-
All devices in the core, edge, and newer Customer Premises Equipment are centrally controlled by a Software-Defined Networking (SDN) platform. Access to these devices is restricted through a local security profile.
TTB maintains its equipment at a current software version. New software versions undergo rigorous testing. Physical access to equipment is protected by housing it in a controlled environment.
Fortinet firewalls safeguard the server perimeter. Regular vulnerability scans using Nessus probes help identify and address potential security weaknesses. TTB maintains accurate RIPE and PeeringDB records as per best practices.
Availability and resilience
- Guaranteed availability
-
The service availability target of 1Cloud relates to 1Cloud hosting an active Virtual Machine, which is operational and reachable by an administrator over the management network, as measured and determined by TTB. The service level is 99.95% monthly service availability.
1st trigger for SLA claim is at <99.95% monthly service availability @ of 10% service charge.
2nd trigger is at <98.0% monthly service availability @ 30% monthly service charge.
3rd trigger is at <95% monthly service availability @ 50% monthly service charge.
Where the service availability target isn’t met, a claim can be made via our support team. - Approach to resilience
-
TTB runs two cloud nodes in geo-diverse, tier 3 datacentre locations, for resilience.
Depending on the customer’s solution demands, our infrastructure can be utilised to deliver as much resilience as required based on the needs of the end user.
Full details are available on request. - Outage reporting
-
TTB has an Integrated Operation Centre (IOC) that will send the Incident Communication as per the Major Incident Communications Content & Distribution Lists document via email alerts.
TTB will prioritise the incident according to the criteria and record the appropriate value for each of the following categories:
· Service
· Incident Type
· Work Type
· Reported Source
· Product Categorisation Tier
Our Internal and/or External Communications teams will send an email to all recipients in the Major Incident Communications Content & Distribution Lists document, describing:
· Impact
· Symptoms
· Manual workaround (if available)
· Instructions or additional information for customers and/or agents (if available)
· Provide a progress update
Email alerts will be provided in the event of a major service outage (MSO).
Identity and authentication
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Not applicable as customer data within the Cloud Exchange VLANs is not visible to us. This is a network service.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
- Devices users manage the service through
- Dedicated device on a segregated network (providers own provision)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 23/01/2021
- What the ISO/IEC 27001 doesn’t cover
- Gfast and FTTP
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- SecureTrust
- PCI DSS accreditation date
- 21/08/21
- What the PCI DSS doesn’t cover
- The service doesn’t require card payment facilities/capabilities so is not applicable to PCI DSS.
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- ISO 22301
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- ISO 22301, Cyber Essentials, NIST Cybersecurity Framework
- Information security policies and processes
-
TTB has a Master Security Policy in place and operates an Information Security Management System via its Security Operations Centre (SOC) for the reporting of all potential security breaches. The system is based on industry good practice (NIST CSF, PCI DSS) and is externally certified to ISO 27001. This covers a range of policies and procedures to ensure the confidentiality, integrity and availability of information, e.g., Master Security Policy, the Privacy Policy and the GDPR Policy.
The reporting of any security incidents is done directly to the Security team security@talktalkplc.com via the phishing report message button in the email toolbar. All incidents logged will go into the Security Team to process and escalate into the Head of Security, if required. All colleagues attend mandatory annual security training to ensure they meet audit standards around data handling requirements and encourage them to share the responsibility for protecting data at all times.
Mandatory training is provided via the E-Learning portal for new employees upon induction and for all current employees to do annual refresher training. This ensures accreditation standards are adhered to. If someone hasn’t completed a course, it will be escalated to management to ensure completion.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Change management is assessed, logged, and tracked through our Service Management tool, from the point at which we raise the initial change request until that change is closed off.
Quality comes as standard throughout the change process, with everyone involved in this process having the requisite training. Managers of teams carrying out changes will be accountable for the quality of the work undertaken by their teams. There is zero tolerance for unauthorised changes.
Security impact will be assessed through a risk assessment and structured model to ensure all risks are captured and clearly identified. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
New releases of vendor software are reviewed/tested on a simulation platform for at least fourteen days, with schedule of critical feature tests to assess threats.
When certified for use, the new version is rolled-out with limited issue and gradual application. All devices will be patched within 90 calendar days (maximum), unless the following situations arise during testing:
• Failure of the software to complete testing
• Failure, poor performance or unexpected behaviour of the limited roll-out.
If these situations arose, we would perform a technical review.
We get security vulnerability feeds from various sources, including vendors associated with our infrastructure. - Protective monitoring type
- Undisclosed
- Protective monitoring approach
-
TTB operates a security incident management program for the alerting of potential compromises and deploys endpoint protection technology. All potential compromises will be logged on the action plan tracker and updated with notes/associated actions to mitigate risk.
Users can report Priority level 1/level 2 incidents by telephone, and a response will be given within 1 hour. Incidents can be reported by email/web portal.
Incident reports are provided upon request. For network incidents, these reports are distributed to impacted customers via email. Reason for Outage reports for priority 1 faults are provided by email within 10 working days from root cause. - Incident management type
- Undisclosed
- Incident management approach
-
We have a pre-defined process for common events and fault related reporting through our 24/7 Technical Support Centre (TSC).
Users can report Priority level 1 and level 2 incidents by telephone (08454566541/08453103444) and by email/web portal.
Incidents, when resolved, will be notified to the customer as part of the logged ticket fault. Reports will be provided upon request for network incidents, and these reports distributed to impacted customers via email.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
-
Customer separation is delivered via the vCentre.
1Cloud consists of an Orchestration layer sitting on top of VMWare vCentre. The Orchestration layer is there to simplify the operation of the vCentre services and to capture data to allow for things like billing and reporting. It also leads towards consideration of the underlying vCentre security as the main method for data partitioning / separation.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
We have an ISO50001 and ESOS compliant data centre; and have reduced our emissions in our data centres by 94% over a 5-year period and reduced our energy consumption by 28% over the same timeframe - FY18 to FY23. We have air to cool rooms installed to reduce reliance on refrigerant-based cooling systems and have nearly completed our switch over of generators from diesel to HVO.
We follow and implement (where possible) all initiatives recommended in the EUCoC, including (but not limited to) the following:
• Air flow management
• Hot/cold aisle configuration
• Regularly reviewing cooling settings (increased temperature/disabling humidity control etc.)
• Selecting high efficiency plant and equipment
• Comprehensive energy monitoring
• Decommissioning of redundant platforms and consolidation of systems
• Accreditation to ISO 50001
Audits are held annually to ensure compliance and adherence to the EUCoC.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
The TalkTalk Business’s Executive Committee meets regularly to review identified and emerging risks, which inform our strategic planning process. This is reviewed by the Board, which has identified and is monitoring emerging risks around the long-term implications of climate change and will be featured in upcoming climate-related financial disclosures.
In November 2020 TalkTalk Business committed to a Science Based Target (by signing the Business Ambition for 1.5 Degrees) for its carbon emission reductions, to achieve net zero by 2050. Since then, our near-term targets have been validated.
Key actions include:
• Switching to a renewable electricity tariff, which we have completed, and switching to green gas by 2026
• Changing from diesel to biofuel for back-up generators, to be completed in 2024.
• Company car policy requiring all fleet vehicles to be petrol, hybrid or electric. Transition has commenced, with initial EV orders placed for the fleet
• Third party environmental policy with requirements to measure and report carbon footprint and specific product carbon footprint – as of 2023, over 80% of our suppliers have committed to, or set, science-based targets.
TalkTalk Business has reduced scope 1 and 2 emissions by 94% over 5 years (FY18-23) and reduced energy in its operations by 23% in the same time period.
TalkTalk group has science based targets to reduce scope 3 emissions by 42% between FY20 and FY30.Covid-19 recovery
The COVID-19 period challenged TalkTalk Business, and during lockdowns, mitigations included:
• Measures to ensure the health and safety of our workforce and customers whilst we continued our provision of critical services.
• Focusing on employee wellbeing by introducing training for People Managers, implementing new guidance around wellbeing support and regularly surveying colleagues on their wellbeing to inform our policies.
• Prioritising service of customers with vulnerable end-users and enhancing our digital service support for all customers
• Working with key partners to expedite home-working solutions for customers to ensure they could continue to operate effectively.
We adapted our corporate responsibility work to tackle acute needs and support the most vulnerable in society. We made donations to local efforts to counter exclusion and vulnerability due to the pandemic, including:
• Salford Food Share Network to provide emergency food support
• Donating laptops to Salford College to support home-learning.
• Working with local charity the Hamilton Davis Trust to support the production of Personal Protection Equipment for local health workers, providing financial support and office space to their operations for several weeks.
Post COVID-19, we turned our attention to how we could help our customers and communities to recover:
• We worked with Salford Community & Voluntary Service and NHS Salford to fund a Youth Wellbeing Fund, which offered funding to projects aimed at boosting wellbeing
• We offered free broadband to jobseekers via the DWP
To continue supporting post-pandemic recovery, we are helping organisations focused on reducing isolation and loneliness. For example, we provide connectivity to The Branch free of charge, which supports their Computer Corner, through which they support service users to develop online skills. We also provide a dedicated leased line to The Samaritans Manchester branch at no cost, allowing them to manage inbound calls more effectively.Tackling economic inequality
As well as paying our colleagues the real living wage, our commitment to good employment, previously as part of the wider TalkTalk Group, has been recognised by the Greater Manchester Combined Authority, as we were accredited as a Member of its Good Employment Charter. To achieve membership status, we took part in a thorough assessment, which was reviewed and approved by a technical review panel and Charter Board. We offer employees training with clear development paths that address skills gaps and result in recognised qualifications to support further career ambitions.
We are proud to be a Salford business committed to building strong connections within our city. We’ve been involved in initiatives to promote social wellbeing and economic growth in the region, including:
• Working with the Department for Work and Pensions (DWP), supporting local employment initiatives and hosting virtual jobs fairs for vulnerable demographics.
• Participating in the Kickstart scheme to offer paid placements to young people, with 3 of the young people securing permanent roles within TalkTalk Business.
• Our Employee Networks partner with local organisations like the Proud Trust, Salford Pride and the University of Salford, and we promote local volunteering opportunities to our colleagues, including trustee positions in local charities.
We will develop working practices and partnerships with activities to support relevant sector-related skills growth in the contract workforce during the Framework.
For example, we currently provide connectivity to The Branch, free of charge, which supports their Computer Corner, through which they help service users apply for jobs and learn computer skills. We also provide a dedicated leased line to The Samaritans Manchester branch at no cost, allowing them to manage inbound calls more effectively, and providing a lifeline to people struggling to cope with socio-economic and personal challenges.Equal opportunity
TalkTalk Business celebrates diversity and is an inclusive place to work, treating everyone fairly with diverse representation at all levels and areas. There are no barriers to progression and appointments are based on merit.
Our programmes to promote equal opportunity include:
• Women in leadership roles - we have strong female representation right at the top; and have set aspirational targets when recruiting women, with a particular emphasis on middle and senior leadership. As a result, our proportion of women in these roles has grown over the last 12 months. We seek formal development paths for our female talent and participated in a ‘Women in Leadership’ apprenticeship programme that was created in partnership with the apprenticeship provider, Raise the Bar. This saw a 70% increase in promotions for participants.
• We provide support for Ambitious about Autism, the national charity standing with autistic children, young people and their families. As part of the pioneering internship programme, Employ Autism, we have recruited interns to teams across the business, in roles from regulation to procurement and commercial.
• We publish our Gender Pay Gap report annually. Our mean pay gap of 10.4% has reduced from 12.9% in 2019. This reduction has been due in part from promoting female talent.
• As part of TTG, our employee networks were very successful. Our BAME employee network, Empower, mentors young black students at the University of Salford, responding to higher than average drop-out rates. This has had a positive impact in its first year. At TTB, we are looking to continue this success by establishing our own employee network groups.
As part of TalkTalk Group we’ve previously achieved the ‘Inclusive Top 50 UK Employers List’ for best practice across all strands of diversity.Wellbeing
Initiatives to support the mental and physical wellbeing of our workforce (which we will continue during the framework) include:
• Our Give Something Back policy offers three paid volunteering days per year and encourages local volunteering to promote community connection. We are currently organising a ‘donate your time and talent’ programme to support local care homes during Dementia Awareness week in May 2024.
• Our Wellbeing Community employee network shares resources and hosts events on physical and mental health and wellbeing, e.g. discussions on male mental health. Network members are champions across the business, creating blogs, interviews and podcasts about wellbeing.
• We recognise mental, physical, financial and social risks for various roles and offer employee support resources
• Employee Assistance Programme with free 24/7 access to advisors or website resources in app form, which has been very positively received.
• A Financial Wellbeing Portal helps colleagues to manage and monitor their financial health.
• Employer contributed Private Medical Insurance offered to all colleagues, along with Digital GP service and regular wellbeing Webinars from provider Aviva.
• Hardship loans to support colleagues with short term no interest loans in times of financial crisis. Our employee forum, OneVoice, includes quarterly Health, Safety and Wellbeing meetings to ensure colleague confidence in our processes.
Pricing
- Price
- £13.20 a virtual machine a month
- Discount for educational organisations
- Yes
- Free trial available
- No