NOC365 LTD

Veeam Cloud Connect - Backup as a Service (BaaS)

Veeam Cloud connect offers backups off site to service providers avoiding the risk of losing any data. Data is fully protected and easy to access when needed.

Features

• Easy to use and provision through Veeam
• Flexible cloud-based data protection
• Veeam cloud protection from malicious inside attacks
• 256 bit encryption for data in transit and rest
• Backups are offsite to a hosted cloud repository
• No VPN Required - connection to VCC secured with SSL
• Secure and Compliant to government standard

Benefits

• Not required to deploy additional internal backup repositories
• Able to access and recover data
• Track cloud repository consumption and receive reminders for storage renewals
• Backups are completely protected and easy to recover.
• Setup and operational in minutes through Veeam Console
• Storage agnostic removing compatibility concerns
• Meets 3-2-1 Backup Rule
• No investment into additional equipment, licences fees or datacentre fees

£0.08 to £0.16 a gigabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@noc365.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

405978287729036

Contact

Zeshan Tahir
0345 862 5586
sales@noc365.com

Service scope

• Service constraints: Veeam Cloud Connect backup and replication is included within Veeam Availability Suite™, Veeam Backup & Replication™, Veeam Backup Essentials™, and Veeam Agent for Microsoft Windows for all end users at no additional charge and with no additional licensing required. However, users will need to acquire a subscription to the appropriate computer and/or storage resources from a service provider of their choice in order to use it.
• System requirements:
  • Connectivity with available upstream bandwidth
  • Must have Veeam Standard/Enterprise/Enterprise+ on-premise OR Licensed Agents

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: NOC365 UK Business Hours (9am - 5pm):; Business Impact & Target Response Times:; High - 1 Hour; Medium - 2 Hours; Low - 4 Hours; None - 8 Hours; ; NOC365 UK Non Business Hours (24/7):; Business Impact & Target Response Times:; High - 2 Hour; Medium - 4 Hours; Low - 8 Hours; None - Next Business Day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide support via email, telephone, on site and through our client portal. Where extra assistance is required that is not covered by the standard service, customers may purchase this at the rates shown in the SFIA rate card.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All new customers are assigned a Technical Manager that will provide online training (if applicable), proactive support, and advise for the first 30 days. Documentation is included for all services from NOC365.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Web
  • Video
  • Webinars
• End-of-contract data extraction: We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will return any pre-paid sums for services not delivered to you. We will also return all of your confidential information, unless there is a legal requirement that we keep it.
• End-of-contract process: At the end of the contract the ability to backup & restore will stop. We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will return any pre-paid sums for services not delivered to you. We will also return all of your confidential information, unless there is a legal requirement that we keep it.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can setup backup jobs, perform data restores and monitor backup health.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: At the time of submission our web interface has not been tested for accessibility
• Web interface accessibility testing: At the time of submission our web interface has not been tested for accessibility
• API: Yes
• What users can and can't do using the API: For a full list of API services please visit https://helpcenter.veeam.com/docs/backup/rest/em_web_api_reference.html?ver=95
• API automation tools: Other
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility: Other
• Using the command line interface: All information on the Command-line interface is within the Veeam Help Centre.; https://helpcenter.veeam.com/docs/backup/vsphere/silent_mode_syntax.html?ver=95

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: We run proactive monitoring of all resources; System, Storage and Networking and via Capacity Management we ensure that all customers have sufficient available resources. The infrastructure can scale quickly to meet demand.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Used Storage Metrics
  • Virtual Machines
  • Data Growth
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Files
  • Databases
  • Applications
  • Office 365 / Exchange
• Backup controls: Users have access to their existing Veeam Console and extend their backups to our Cloud repository. Backups are all completely customisable as daily, monthly, quarterly or annually with user-definable retention periods.
• Datacentre setup: Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We provide a 99.95% uptime guarantee SLA on our Veeam Cloud Connect Service. This excludes planned and emergency maintenance. Users are refunded with credits.
• Approach to resilience: We operate from highly available data centres (Tier 3) and every component of our solution is designed and configured to be resilient. We can run from one Data Centre in the event of a complete failure and there are no single points of failure.
• Outage reporting: All unplanned outages are picked up as part of the incident management process and reported to customers via SMS, push notifications or e-mail.

Identity and authentication

• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The control is use of rights management within the web interface of the Veeam Management Console. In addition to this, the connection to the repository requires a username/password, Certificate and thumbprint provided by NOC365
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: NOC365 Internal policies. All staff are security checked and security briefed. We are also certified for the Government Cyber Essentials PLUS accreditation.
• Information security policies and processes: Several internal security policies exist and are owned to protect customer data. These are tested regularly both formally and ad hoc. The policies are referenced and included in all employment contracts.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are subject to written approval and an audit trail maintained. Changes are assessed for risk, impact and security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular audits and tests are run against security. Devices are patched according to a standard process. CVE and vendor bulletins are monitored and applied following a risk-based approach with high risk items resolved as a high priority.; We utilise a number of industry tools and sources for threat information and also utilise a CHECK accredited company for the tests.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: NOC365 uses an automated audit and alerting solution continuously monitors our services for irregular activity. We also identify potential compromises through scans and monitoring agents installed on servers.; ; Incidents are reviewed locally in a timely manner, prioritised and escalated as appropriate and further corrective actions taken if necessary.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined processes for a set of agreed events/incidents.; ; Users can report incidents via telephone or e-mail, with a P1 response being 15 minutes, P2 45 minutes, P3 4 hours.; ; Incident reports are provided throughout the response with a detailed incident report and root cause analysis following the resolution of the issue.; ; Incidents are reviewed at the management meetings to understand their root cause and what could be done to reduce the likelihood of the same or similar incidents occurring in the future.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each customer is assigned their own private VLAN and customer separation firewall, private infrastructure resources including storage, and access is controlled by role based access controls.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Adaptive control systems, ASHRAE thermal guidelines, Cold/hot aisle containment, Energy-efficient lighting systems, Fuel cells, High temperature chilled water set points

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At NOC365, we are committed to fighting climate change through our social value priorities:; ; • Sustainability is a key factor in all procurement decisions, including a cloud first approach, and working with vendors who are actively working towards fighting climate change.; • Minimising energy usage in the office and reducing travel by promoting working from home. ; • Actively reducing travel and promoting the use of online meetings and electronic communication. ; • Investment in paperless-technology with the company now almost entirely paper-free. Examples include electronic signature software, employee records & digital business cards. ; • Seek to buy recycled and recyclable products and other consumables.

  Covid-19 recovery

  At NOC365, our workplace conditions have been adjusted to support the fight against Covid-19. Improvements range from safe social distancing, reducing in-person meetings and having virtual meetings instead, and flexible working arrangements. ; ; As an IT provider, we have also helped many organisations develop and maintain their recovery strategies, providing technology solutions (i.e. Virtual Desktops & Online Collaboration tools) to facilitate working from anywhere, anytime, allowing flexibility of working styles and patterns for users.

  Tackling economic inequality

  NOC365 is committed to tackling economic inequality and we ensure that all our employees are provided a level playing field and have the same access to opportunities and pay scales during their employment. We ensure economic equality throughout our recruitment, selection, training, and promotion procedures, ensuring all individuals are selected solely based on their relevant aptitudes, skills and abilities. ; ; We have invested heavily in our infrastructure which allows employment not just in our local community but nationally, and we are committed to offering work experience, apprenticeships, and placements wherever possible. ; ; We support our communities by donating computer equipment and offering support to organisations who are actively tackling inequality.

  Equal opportunity

  NOC365 is committed to creating a working environment in which staff, management, and our customers are treated with dignity and respect, which is free from unlawful discrimination, victimisation, or harassment. We are a dedicated equal opportunities organisation, ensuring diversity and inclusion form part of everything we do.

  Wellbeing

  At NOC365, we take the wellbeing of our staff very seriously. We regularly collect input and feedback from them to ensure we are doing our best to provide a working environment that provides a viable work-life balance for all. We are ISO 45001 accredited and have clear health and safety policies to ensure the long-term wellbeing of our staff.

Pricing

• Price: £0.08 to £0.16 a gigabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Users are able to have a free 30 day 1TB trial of our Veeam Cloud Connect service. The trial is fully supported by technical staff and includes management and support throughout the trial period. Larger capacity or longer trial periods/ PoC setups are available on request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@noc365.com. Tell them what format you need. It will help if you say what assistive technology you use.