ORION WEB LTD

Cloud Hosting for Website(s)

Cloud hosting allows websites to be hosted on virtual servers, which draw their computing resources from a network of physical servers. It offers scalability, flexibility, and reliability, as resources can be scaled up or down based on demand, and data is stored redundantly across multiple servers. It can include deployments.

Features

• scalability
• flexibility
• resource pooling
• self-service provisioning
• redundancy
• pay-per-use pricing
• geographic distribution
• automated backups
• security measures
• integration with other cloud services

Benefits

• cost-effectiveness
• high availability
• rapid deployment
• improved performance
• enhanced security
• disaster recovery
• global reach
• reduced IT management burden
• environmental friendly
• seamless scalability

£80 to £400,000 a server a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@orionweb.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

597569066606659

Contact

Marios Ioannidis
02080582056
info@orionweb.uk

Service scope

• Service constraints: Updates on the hosting infrastructure are scheduled and performed with no interruption of service.; Depending on the nature of the hosted website application, patches, plugin or security updates will need to be applied from time to time. During the deployment of such updates, minimal interruptions might be required. Such interruptions will always be scheduled and communicated with the client and any other involved parties.
• System requirements:
  • Internet connectivity
  • Web browser
  • Authentication and access controls for hosting UI
  • Compliance requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLA will include detailed response times, similar to the following: ; Urgent Issues: Response within 2 hours during business hours. ; Non-Urgent Issues: Response within 1 business day during business hours. ; Emergency Support: Response within 1 hour for critical emergencies affecting website functionality or security.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: - Tier 1: Basic help desk/support email resolution and delivery. ; - Tier 2: In-depth technical support. ; - Tier 3: Expert product and service support. ; The technical lead is commonly engaged with the support procedures and resolution path.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full and detailed documentation is available online for the web interface, the Console as well as the API and CLI.; ; We will make full use of our educational experience to create a structured framework of training (including scheduled online meetups at mutually convenient times) based on the new Cloud hosting features.; ; When necessary, we will also provide guidance and references to additional resources online, compatible with the specific needs of the client’s team for successfully configuring the hosting parameters and resources.; ; We usually schedule most of the training sessions before the initial launch of a new service, to allow for practising the concepts covered.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Given the nature of this service, user data can be contained in the website database. Upon continuation of the hosting service, the user data will remain intact. ; ; In case the client decides to discontinue the hosting service of the website, it is possible to extract the content and user data from the website in the form of exportable files, for example, .xls or .csv.; ; Admin users' data can be held in the form of administrative accounts on the hosting platform UI back office. These accounts will be fully handed off to the client at the end of the service.
• End-of-contract process: You may delete your projects at any time. We will arrange with you and/or carry out any reversibility operation (e.g., deletion, backup, transfer to another hosting provider) necessary for the conservation or transfer of your data.; Full terms and conditions can be found in the corresponding document.

Using the service

• Web browser interface: Yes
• Using the web interface: A user-friendly UI allows for setting up projects as well as managing and configuring them.; We also provide a web Console so you can interact with your projects and manage your environments.; A command line interface (CLI) is also available for users familiar with the Terminal.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The web interface enables complete configuring capabilities for the hosting parameters of the website project. Resources, account details, metrics etc. are available online for account admins.
• Web interface accessibility testing: The web interface has been tested using platform.sh in-house resources for accessibility compliance and assistive technology users.
• API: Yes
• What users can and can't do using the API: Platform.sh is a container-based Platform-as-a-Service. Our main API is simply Git. With a single git push and a couple of YAML files in your repository, you can deploy an arbitrarily complex cluster. Every Project can have multiple applications (PHP, Node.js, Python, Ruby, Go, etc.) and managed, automatically provisioned services (databases, message queues, etc.).; ; Each project also comes with multiple concurrent live staging/development Environments. These ephemeral development environments are automatically created every time you push a new branch or create a pull request, and each has a full copy of the data of its parent branch, which is created on-the-fly in seconds.; ; Our Git implementation supports integrations with third-party Git providers such as GitHub, Bitbucket, or GitLab, allowing you to simply integrate Platform.sh into your existing workflow.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: You can use and manage your projects directly from your terminal. Anything you can do within the Console can be done with the CLI.; The CLI uses the git interface and the Platform.sh REST API to accomplish tasks. Its source code is hosted on GitHub.; ; To install the CLI, use a Bash installation script. You can also install with Homebrew (on Linux, macOS, or the Windows Subsystem for Linux) or Scoop (on Windows).; To list and manage your projects, authenticate by running the following command: "platform". This process opens a browser tab for you to log in. It also creates certificates on your computer for SSH. Once you are logged in, a list of your projects appears, along with some tips for getting started. If you experience authentication issues or want to force a login, run the command "platform login".; ; Now you can run actions on your projects such as branching and merging. You can also simulate a local build of your codebase as if you were pushing a change to Platform.sh, including your services and data.; ; Get a list of all available commands with: "platform list".; ; Full documentation is available online.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Dedicated Gen 3 runs the same software as on the Grid, but on isolated hosts. Each service is replicated across three hosts in a failover configuration. If a host becomes unavailable, the other two take over so your site remains up.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Platform.sh

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Databases (content)
  • Files
  • Codebase (GIT tags/branches)
• Backup controls: The frequency of backups varies based on the backup schedule. This section details the recovery point objective (RPO) and recovery time objective (RTO) for each option.; ; For preview environments, users can manage their own manual backup and restore functions. ; RPO: User defined. The RPO is configured by plan owners.; RTO: Variable. Recovery time depends on the size of the data being recovered.; ; Basic and Advanced schedules:; RPO: 24 hours. Production environments on Basic and Advanced schedules are backed up every 24 hours.; RTO: Variable. Recovery time depends on the size of the data being recovered.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Architected for secure, compliant deployments, with a 99.99% uptime SLA (that’s only 4 minutes, 19 seconds/month downtime) on the complete stack. 24x7 support. And guaranteed response times from an expert team, spanning five continents.
• Approach to resilience: Available dedicated, triple-redundant architecture that replicates every application component across multiple instances. Each instance hosts the entire application stack, delivering superior fault tolerance to traditional N-Tier installations.; Our enterprise cloud platform handles everything from highly trafficked Drupal or Java sites or Magento storefronts to Node.js microservices. Every day.; Multitiered, global, managed content delivery network (CDN) layer provides ultra-fast time to first byte, with more than 57 edge points in every continent. So you get both feature-rich, full-page application caching and cost-effective asset caching to improve customer experiences.; Platform.sh hosting isn’t tied to a single data center or region. In concert with our cloud partners—Amazon Web Services (AWS), Google, Orange, and Microsoft Azure—we provide services in the US, Canada, Australia, Ireland, Germany, and France.
• Outage reporting: A status dashboard is publically available under https://status.platform.sh/.; ; Platform.sh monitors Dedicated clusters 24/7 to maintain uptime and performance.; ; A wide range of server metrics, including disk space, memory, and disk usage are continuously measured using in-house tools. These metrics provide a complete picture of the health of your application infrastructure.; ; As soon as a metric goes out of bounds, Platform.sh Support and Operations teams are alerted. When an outage is detected, a Point in Time report is generated so Platform.sh Support can triage the cause of the outage.; ; On top of internal Platform.sh tools, a third-party availability monitoring system is configured for every Dedicated project. This further guarantees that issues are spotted and addressed as quickly as possible.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We retain tight control and governance over user access via fine-grained, per-environment permissions.; The websites we produce include a back office that allows for full administrative control as well as content moderation and editing. Admin users authenticate through a pair of username and password. On top of that, two-factor authentication can be implemented as well as other additional methods of access restriction (e.g. CAPTCHA, SSO etc.).
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: https://platform.sh/static/subprocessor-list-f19bac356090babe380f16053ad83a74.pdf
• ISO/IEC 27001 accreditation date: https://platform.sh/static/subprocessor-list-f19bac356090babe380f16053ad83a74.pdf
• What the ISO/IEC 27001 doesn’t cover: https://platform.sh/static/subprocessor-list-f19bac356090babe380f16053ad83a74.pdf
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: https://platform.sh/static/subprocessor-list-f19bac356090babe380f16053ad83a74.pdf
• ISO 28000:2007 accreditation date: Same as above
• What the ISO 28000:2007 doesn’t cover: N/A
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: https://platform.sh/static/subprocessor-list-f19bac356090babe380f16053ad83a74.pdf

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We apply standards from ISO/IEC 27001 and working towards being ISO/IEC 27001 certified.
• Information security policies and processes: Our information security policy is available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Drupal websites provide an adequate level of change management, auditing and reporting. This can be expanded to include additional data points (e.g. user role changes) with the use of additional plugins and logic.; The Drupal UI offers an intuitive interface with reports including items to be updated, pending Core security updates etc.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Platform.sh provides security updates for every element of the stack as soon as they’re available—without service interruption.; All of our sites adhere to our cryptographic controls policy, which mandates the use of strong, industry-standard cryptographic measures. These measures include TLS for data in transit, encrypted disks, and support for 2FA.; Each project runs in isolation, with the most minimal network surface possible. Every service is network isolated from other services.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We are happy to share our business continuity plan and incident response processes upon request.
• Incident management type: Undisclosed
• Incident management approach: We have defined and actively maintain an incident response process. We are happy to provide our process upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: LX Containers hosted on AWS VM hosts.
• How shared infrastructure is kept separate: Virtualisation technology used to keep applications and users sharing the same infrastructure apart .; LX Containers hosted on AWS VM hosts.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Green hosting is a set of initiatives to reduce web hosting; environmental impact:; + Build low-consumption datacenters; + Use green energy; + Improve material lifecycles; + Optimize idle usage through higher density; (virtualization); + Co-locate workloads to reduce energy consumption; over networks; + Reduce datacenter workloads or increase their; efficiency

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The official environmental policy of our company is available upon request.

  Tackling economic inequality

  The official equality-diversity-inclusion policy of our company is available upon request.

  Equal opportunity

  The official equality-diversity-inclusion policy of our company is available upon request.

  Wellbeing

  The official equality-diversity-inclusion policy of our company is available upon request.

Pricing

• Price: £80 to £400,000 a server a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@orionweb.uk. Tell them what format you need. It will help if you say what assistive technology you use.