Answers and Solutions ltd

Web Hosting Platform (Private). Cloud Applications, Websites, Intranets. No Sharing - Full Control

To install 3rd party cloud apps your administrator needs servers online and in the cloud. These servers require workspace(s) and tooling. This service provides both, allowing the installation and manage the majority of cloud solutions. Complementing our Web software, Cloud and Consulting service, you can take "hosting_only" or multiple services.

Features

• A private version of the shared platform we offer on_G-Cloud
• For the department with limited IT capability but requiring maximum_outcomes.
• Different permissions for Enterprise, Departmental and Section levels
• Specify unique security settings across an unlimited number of websites.
• Custom firewall settings available to make this 'internal use' only.
• Scales easily from the small section to an entire department
• Suitable for those not wanting 3rdParties to share this resource
• Compatible with 'off-the-shelf' Comercial solutions designed for Linux
• Pen Testing. PenTesting during Onboarding available for GDPR security
• Vulnerability scans

Benefits

• Enables the utilisation of low cost, high performance commercial solutions.
• No resource sharing so bespoke settings possible.
• No performance hit. Others can load 256+ users per server
• Suitable for Wordpress, Opencart, Magento, wiki, PHP and eCommerce applications
• Suitable for departmental service ticket, record keeping and other solutions

£600 to £3,000 an instance a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

409229995236812

Contact

Christopher Wainwright
02920733722
Christopher.Wainwright@letsdiscuss.co.uk

Service scope

• Service constraints: This is our most flexible offering. Because it is a non-shared system, we can give access to the command line shell and many of the other management features. ; ; We can configure this to work with any of the 'well respected' additional services that are available. For example, an indirect security logon system could be implemented, Internet traffic analysis services exist, giving enhanced security. These can be discussed during implementation.; ; Some products require a VPS's rather than standards compliant hosting. Please see the service description and pricing schedule for details.
• System requirements:
  • A mobile phone for 2-factor authentication
  • Some security related aspects are easier with locally installed software
  • You will need suitable domain name(s) We can assist.
  • You will need suitable SSL Certificates (We can provide these)
  • Anti-Virus licences are an available option

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Online support requests will be acknowledged and users will be able to view the status of tickets.; ; It should be noted that support is not a substitute for training.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use a commercially available, Open Standards chat client. These are well produced, with usability in mind, however, these European standards were not explicitly specified when the product was built
• Web chat accessibility testing: Tested with colour blind user/tester. This aspects covers one of the largest groups of people who suffer when badly designed user interfaces are deployed.
• Onsite support: Yes, at extra cost
• Support levels: The entire system will be hosted off-site, and all system parameters can be "configured over the wire". However, the line between an underlying platform and the installed application can get blurred. If required, we are able to provide the initial support required by most users to quickly setup and configure their systems. Chargeable telephone support, arranged via the ticking system is by appointment. ; ; This is charged at our hourly rate to ensure that those employing highly skilled staff are not being asked to subsidize those who require onsite training.; ; Re: Support to 3rd parties. This raises security, authorisation and data protection issues. Support to 3rd parties is therefore provided in limited circumstances to assist integration of a 3rd party system, rather than explaining how to alter our platform. We do not support API programming. 3rd party support only is provided to named staff and is billable.; ; Support should not be confused with training. When appropriate, we may signpost people to appropriate supplier resources.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will provide onsite requirements gathering and service expectations consultancy. This will allow the configuration engineer to build they system with the correct configuration, and to generate appropriate documentation. If the buyer has domain name details, we will set these up on the system and install any software chosen from our software services schedule. We will return to site a few days later to provide onsite training.; ; The remit of onsite training covers operation of the hosting platform, rather than any installed cloud apps. Service(s) for installed cloud apps are attached to the subscriptions to those apps.; ; We can also offer a data migration service should a customer be coming to us from a previous supplier.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data transfer to a new location will always be possible. Basic end of contract costs are included in the setup fee.; ; The incoming service buyer may install their equipment or subscribe to appropriate services as part of their onboarding and our exit plan.; ; The standard monthly transfer data transfer allowance is of course provided free of charge during month 12.
• End-of-contract process: The provision of professional services at our datacentre will probably be required. This shall be charged as per the pricing document.; ; We will offer free of charge storage of data backups made during the contracted period for a further 60 days. Once the data is 60days old it will be stale and will be deleted.

Using the service

• Web browser interface: Yes
• Using the web interface: To maintain system security, we will not supply logon credentials until after system setup. After the order has been validated and finalised the service does not take long to setup. From then on, users can make configuration changes to those settings relevant for most types of website hosting. Users can create internet domains, subdomains, domain pointer records etc and upload most typical website application software etc. They can create FTP accounts for multiple staff if required. Users can make backups, but cannot restore without our assistance. This is to avoid "accidents". The administrator can decide what rights to allocate users.; ; Note #1: Domains must first be registered elsewhere.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The interface has been well designed. Our company selected the platform in question several years ago based on the quality of the interface. Eight years on, it remains superior to others on the market, and we continue to use it on account of the quality that it was built-in.; ; I cannot however at this time advise whether it has been formally certified to the standards above.; ; A new interface is planned for released during the lifetime of G-Cloud.
• Web interface accessibility testing: 1 in 12 men are colour blind and we are very aware of this issue. We tested all the available interfaces with a colour blind user. We use the system our user preferred.; ; There are several interfaces on the market, the one we selected and offer to clients is the best we could find; we also tested it for clarity and simplicity, ensuring the options and features are logically located and easily found.; ; Most vendors submitting offerings to G-Cloud will be offering cPanel or Plesk branded systems, systems we rejected for technical reasons as well as the inferior interface.
• API: No
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Access to the CLI interface can be switched on and off by the users nominated Administrator. When switched on, the user will have standard user rights via the CLI commands. We have a pack of software utility apps available to the user's admin staff which can be installed on a local windows desktop. These apps can, for example, access a backend database without going via the relevant webpage. These software apps are using the CLI interface. The users can also directly issue Linux commands into a command editor if they have the necessary skills.; ; The user will not have access to system level services. Should those be obtained, any remediation works would be billable. A user expecting to need system level access is encouraged to choose one of our VPS offerings.; ; The system administrator can choose what level of access should be given to regular users, with a high degree of granularity.

Scaling

• Scaling available: No
• Independence of resources: This service is scaled to suit the expected workload and can easily be expanded using Virtualization technology, which offers many advantages, including hard-stops on resource hogging. If other users generate excessive workloads, it will be their system that slows down. We will be monitoring the underlying physical layer that forms our infrastructure. If loading rises we are able to add server clustering that spreads the workload across multiple physical servers. ; ; Your private hosted system will always get the allotted resource.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Disk
  • Memory
  • Network
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encryption.; ; All data moved in or out of areas protected by the above methods is protected by encryption; ; The buyer should note that the supplier has no control over the buyer's IT systems.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • The Platform has an internal backup system.
  • The DR system replicates the entire platform.
  • Databases can be backed up to an agreed schedule.
  • The backup stategy shall be agreed between supplier and buyer.
• Backup controls: This will depend of the software chosen during setup consultation
• Datacentre setup:
  • Multiple datacentres
  • Single datacentre with multiple copies
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: An IPsec or TLS VPN gateway can be configured at extra cost. A connection through a private network connection can be configured at extra cost. Both options add constraints to physical placement of hardware ie into which data center we place your service. Details are in the service description document and price schedule.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Our networks systems are within a datacentre with the minimum of physical access. Virtual networking can be deployed, but if required, this would also indicate that the client has security concerns above the usual run-of-the-mill. They may need one of our other solutions with higher levels of isolation implemented.

Availability and resilience

• Guaranteed availability: The buyer will be eligible for one free days hosting for every hour the service was inaccessible to the buyers users, capped at 100% of the days in a free month. Planned maintenance events taking place at weekends or overnight are excluded. Details are in the service description document.
• Approach to resilience: The approach to resilience within the datacentre and our equipment therein is based on the elimination of single points of failure. In techno-speak this is called n+1 , which means that if an item failed a spare one takes over.; ; Full details on request
• Outage reporting: A public dashboard available to customers will indicate any outages.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: The standard method is username and password authentication. 2-factor authentication is an option easily activated. Additional / Alternative Services such as OneLogin Further security arrangements using firewall and network level security methods could be configured. Only one method ought to be used for a given scenario. The arrangements other than 2FA and username/password will involve extra cost.
• Access restrictions in management interfaces and support channels: There are two levels here. The management interfaces for the clients side and those interfaces with heightened permissions that we use to administer the client side. ; ; 2 factor authentication is available. If the assignment warranted it, we can setup more advanced access control methods if instructed as an additional task, eg it is possible to restrict the login location to a named building.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Further security is possible using network level security, eg the dedicated link method. This allows the determination down to specified building(s) via IP address techniques if required. It is implemented at extra cost.
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: WorldPay
• PCI DSS accreditation date: 31/12/2019
• What the PCI DSS doesn’t cover: We do not store CC details on our servers; CC details are processed by our bank on their PCI DSS certified servers. Our PCI certification was issued with this processing method declared. Most payment processing applications handover to an external CC payment provider, who accepts payment before handing purchase approval back to the application that you would be running on our system. This means that our PCI DSS certification is suitable for eCommerce solutions used by most organisations . If you want to store people CC details on our servers, that can be arranged and our PCI DSS would be amended to suit. Your software solution would need to be PCI DSS compliant. Using a 3rd party processor such as Worldpay [or one of their numerous competitors] is by far the best way to handle PCIO DSS aspects of Credit Card processing.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Good Practice security governance is practiced. Our Physical server(s) are located in a restricted access datacentre. Strong passwords are enforced and stored safely.; ; ID's of clients appointed officers are stored and will be used to validate requests for support and assistance.
• Information security policies and processes: The staff at our office do not have physical access to the hardware, ensuring that data at rest is protected.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate a minimal environment for the common stack which minimises the numbers and types of software patches we need to install. Software patches are those recommended by the relevant supplier(s).; ; Clients requesting bespoke configurations are placed on fully segregated platforms. A necessary consequence of this is that clients may need to upgrade during the lifetime of a contract if bespoke settings are required after initial setup. ; ; A test environment is maintained separately from our production environment for the purpose of software patch testing.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We have selected products recognized within the industry as having an appropriate level of security and vulnerability management. Vulnerability management is based upon notification to us by our suppliers and Patch installation.; ; The biggest vulnerability comes from clients installing outdated and un-patched software, rather than the PaaS platform. Segregation of shared resource minimizes risks, but if this is a concern customers may signup for the fully isolated VPS service we also offer. ; ; Clients on the shared platform are required to notify us of applications prior to deployment. Legacy apps carrying requiring depreciated infrastructure may need hosting on a VPS.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: For security reasons, we do not publish details of protective actions taken since such details substantially increases the risks we face.
• Incident management type: Undisclosed
• Incident management approach: TBC

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: KVM hypervisor
• How shared infrastructure is kept separate: This service is hosted on several VPS machines. The only organsiation(s) using this infrastructure are those with a direct relationship to the customer. The customer decides who can share the infrastructure used to build the private hosting platform. The external separation between VPS's is enforced by the virtualization technology; comparable to the separation between physical servers. Provided the customer uses encryption, eg SSL encrypted websites, the 'on-the-wire' data is indecipherable while it traverses the network.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Renewable or nuclear energy is used as much as possible at our datacentres. Coal derived power has virtually been eliminated, and will be gone completely during the lifetime of a G-Cloud contract.; ; The biggest consumption of energy within the Datacentre is server hardware. Server virtualisation minimises the number of physical servers permanently running. Our equipment is housed in multiple 3rd party datacentres. On request, datacentre space is available in northern (arctic) climates, and we can locate your service in Finnish DC's.

Social Value

• Fighting climate change:

  Fighting climate change

  Climate change is minimised by reducing CO2 emissions. We use an energy provider that has minimized its reliance on fossil fuel power generation and sources as much nuclear energy as possible. Renewable energy is included in the mix (hydro, solar and wind). Any shortfall is topped up by a small top up from fossil fuels. We also minimise power consumption by using shared infrastructures for some clients, and where a client requires a non-shared infrastructure, we minimise energy consumption using virtualisation techniques.; ; All hardware purchases are required to meet current energy efficiency targets.
• Covid-19 recovery:

  Covid-19 recovery

  As part of our commitment to CO2 reduction and our commitment to Covid-19 recovery, we allow home working and use virtual meeting technologies as much as possible.
• Tackling economic inequality:

  Tackling economic inequality

  We place as much business as possible in areas that are short of opportunities. The economic advantages are obvious, but additional business advantages include those that accrue from having a stable workforce.
• Equal opportunity:

  Equal opportunity

  We provide equal opportunity and recruitment is based solely on ability. Individuals are free to hold any personal view they wish and no discrimination is permitted on those grounds.
• Wellbeing:

  Wellbeing

  All staff are encouraged to have a healthy work-life balance. Staff are encouraged to exercise regularly and hold diverse interests. We offer a salary sacrifice scheme for all physically active recreational activities that meet this requirement, and undertake occasional team-building events in pursuit of the wellbeing criteria.

Pricing

• Price: £600 to £3,000 an instance a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: This is a free demonstration, not a free trial. The system is reset every fortnight. Installations generating abusive traffic levels will be deleted without notice. 30-day free trial if a day's training is purchased. No access to the email / advanced features. Logon credentials provided on enquiry.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.