virtualDCS Ltd

Infrastructure as a Service (IaaS)

Our Infrastructure as a Service cloud hosting solution, offers secure, cost effective, and highly available alternative to other cloud providers such as AWS and Azure.
Our simple pricing can be fixed, or based on consumption, to simplify your budget, organisational requirements, and avoid hidden costs.

Features

• Infrastructure patching and upgrades included, with no downtime
• High availability as standard for all workloads
• UK Based 24x7 monitoring and support, 365 days a year
• Resilient connectivity
• Scale platform resources as required
• Self-service or fully managed service options available
• ISO 27001 accredited, Tier 3 + data centre locations
• Uncontended RAM and storage I/O
• 99.99% Uptime SLA
• Hybrid On-Premise / Azure / AWS integration

Benefits

• High availability as standard
• Avoid purchasing and maintaining your own infrastructure
• Reduce your carbon footprint with green cloud computing
• Guaranteed application performance with uncontended resources
• Simple and clear pricing
• UK based support team available on the phone 24x7
• Wholly UK-based. Sales, Delivery, Support, and Hosting
• Bespoke solution design available
• Veeam Platinum Partner, Microsoft Tier 1 CSP
• VMware by Broadcom Advantage Partner and VCSP

£250 an instance a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@virtualdcs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

587188164767609

Contact

Kerri Milburn
03453 888327
sales@virtualdcs.co.uk

Service scope

• Service constraints: No limitations, subject to implementation design
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Level 1 - Critical—(Severe Business Disruption) Business unit is unable to operate; critical system component failed or severely impaired (Response Immediate); ; Level 2 - High—(Major Business Disruption) Critical user or user group unable to operate, or the business unit is experiencing a significant reduction in system performance (Response 2 Hours); ; Level 3 - Medium—(Minor Business Disruption) A single user is unable to operate with no available work around (Response 8 Hours) ; ; Level 4 - Low—(Minor Disruption) A single user or user group is experiencing incidents, but work around is available. (Response 24 hours); ; Level 5 - Planning (Response 48 Hours)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The virtualDCS support service covers a vast range of options so that you receive the right level of service for your organisation. This also; ensures that you do not pay for more than you need and that you have the freedom to run your systems with the in-house skill sets that; you have available.; Some of these options include proactive support, where we monitor and address issues as they occur; reactive support where we are on; call to help you when you need it; and managed support, where we do it all for you.; The cost of these solutions is dependant on the resources being supported.; For large contracts, a named Service Manager is allocated to provide a consistent support service to your organisation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our solutions are custom built to address the specific IaaS solution required. Our engineers will liase with your in-house staff to determine a suitable handover and/or plan for user training.; We scope all of this early in the pre-sales process to ensure expectations are met, and services are delivered in a timely manner.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can download their data from the IaaS solution directly, or export them in OVF format within vCenter with no egress costs.
• End-of-contract process: At the end of the contract, once the client confirms they have alternate access to any data still required, the remaining data is securely removed from our platform. No additional costs are incurred for this removal.

Using the service

• Web browser interface: Yes
• Using the web interface: Management of customer environment is conducted via the VMware vCloud Director, or vCenter interface. Customers have full access to setup and can make changes to their services and network infrastructure through this management interface.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The vCloud Director and vCenter interfaces are accessed online via a browser. Supported browsers include Internet Explorer 10+, Microsoft Edge, Firefox, Safari and Chrome. The interfaces are accessible on a range of devices with supported browsers including PC, Mac, Smartphone and Tablet.; ; The interfaces are largely text based and user inputs and action links are all descriptive. Where icons do exist they have descriptive text tags. There is no audio or visual only alternative available.
• Web interface accessibility testing: None.
• API: Yes
• What users can and can't do using the API: The vCloud Director interface is compatible with REST API which allows users to perform the complete range of operations that are available to users via the GUI interface.; ; A full list of the operations available in vCloud via the REST API are available on the Broadcom website:; https://developer.broadcom.com/xapis/vsphere-automation-api/latest/vcenter/
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
  • Other
• Other API automation tools: VMware vRealize Automation
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Customers can manage vCloud Director using vcd cli. ; For full details of how to install vcd cli and the operations and commands available via this interface, please visit the official VMware vcd cli web page at: https://github.com/vmware-archive/vcd-cli/blob/master/docs/commands.md; ; Customers can manage vCenter resources using VMware PowerCLI.; VMware PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides more than 600 cmdlets for managing and automating vSphere, vCloud, vRealize Operations Manager, vSAN, NSX-T, VMware Cloud on AWS, VMware HCX, VMware Site Recovery Manager, and VMware Horizon environments.; For full details of how to install PowerCLI and the operations and commands available via this interface, please visit the official VMware reference at:; https://developer.broadcom.com/powercli

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Contention for resources is managed at the disk, network, and computer layers. Guarantees and limits are configurable depending on SLA agreed.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual Machines
  • Databases
  • Applications
  • Configurations
• Backup controls: Backup is provided as part of a managed service, and can backup on a custom schedule if required. Granular restores of item level are also included e.g. files, folders, database tables, emails etc.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All user environments, and data storage is contained within discrete VLAN separated networks.

Availability and resilience

• Guaranteed availability: Network availability - 99.99%; Infrastructure availability - 99.99%; Availability is based on the total number of operating hours of a given calendar month and excludes planned and emergency maintenance.; Service credits of up to 10% of the standard monthly support fee are available for any month where the availability SLA is not met.
• Approach to resilience: Our platform has been designed to be incredibly resilient and self-healing. This means that in the unlikely event of a failure, you will be up and running again within minutes. Our enterprise platform has been designed to provide 99.999% up-time and is monitored 24 x 7 x 365 by our team of highly skilled support team.; Our datacentres have:; 24 Hour Manned Security; 3 x N+1 Generators; Resilient UPS; N+1 Air Conditioning Systems; Fire Suppression Systems; CCTV & Intruder Alarms; Diverse Fibre Entry from all major carriers; Multiple T1 Carriers for Internet Transit
• Outage reporting: VirtualDCS operate a separate status website, with automated email updates to inform customers of potential issues with the environment. Email alerts are also delivered via the service desk to registered users.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: System level management access is restricted to virtualDCS operations networks only. ; Per customer management access to services can optionally be restricted to specific IP addresses or networks as required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 13/07/2024
• What the ISO/IEC 27001 doesn’t cover: The ISO 27001 certification covers our whole service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We operate an ISO27001-compliant information security management system. ; ; These policies and processes are audited annually by an independent audit assessment body.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate a change management process in accordance with our ISO 27001 certification. As part of this process, assessments are made of the risk and impact associated with any change, along with conditions required to mitigate the risks of any approved changes. Full details of our change management process are available on request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: VirtualDCS uses a specialist vulnerability monitoring service which continuously monitors our services for vulnerabilities. We aim to deploy patches to security related vulnerabilities within one day of the vulnerability being discovered.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: VirtualDCS uses an automated audit and alerting solution continuously monitors our services for irregular activity. We invoke our standard response process in the event of a suspected compromise; the response time target for such an incident is 1 hour.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is administered through the service desk as a 'ticket'. This allows customers to log incidents (with an associated priority according to severity) with our specialists. Customers are kept updated through the service desk on the incident and are advised when progress is updated or when it is resolved. The 'ticket' is recorded and archived in the service desk and this 'ticket' forms the incident report. For severe incidents (Priority 1) a separate incident report is published and delivered to the customer on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: We provide secure multi-tenancy using VMware by Broadcom VCF (VMware Cloud Foundation). Individual customer data is isolated to their own VMs and constraints within the hypervisor technology. VLAN tagging technology is used to isolate customer networks. Internet access is secured using dedicated virtual or physical firewalls.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: By applying good practice, and continually improving efficiency and operations to reduce energy consumption. Improving energy performance is factored into all processes. ; Our datacentres are certified as being compliant with ISO 50001: 2018 Energy Management

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  virtualDCS CloudCover services combat climate change by consolidating servers and reducing energy usage. They also reduce the demand for physical hardware, leading to decreased energy consumption and lower carbon emissions associated with manufacturing, operating, and disposing of such equipment. Supporting remote working initiatives through highly available data helps to reduce commuting and further lowers carbon emissions.

Pricing

• Price: £250 an instance a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Users requesting a free trial are generally provided 14 days, but extended free trial periods are possible in some circumstances.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@virtualdcs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.