Tivarri Ltd

Cranberry Hosted Desktop Service

Cranberry Hosted Desktop provides Microsoft Windows Virtualised Desktop which, instead of running locally on your office PCs/laptops, runs on a remote server based in our secure data centre. Cranberry Hosted gives flexibility to work securely from practically anywhere— the office, home, or even abroad.

Features

• GDPR & FCA Compliance
• User data is encrypted end-to-end
• Weekly third-party penetration tests to interrogate infrastructure security
• All-inclusive, predictable monthly fee, including Microsoft licence costs
• Daily Data backups
• We take responsibility for all patching of servers
• Data stored on encrypted disks in datacentre, not local devices
• Dedicated customer servers, high specification hardware for superior performance
• Backups stored both onsite and second datacentre for added redundancy
• Failover service to pre-provisioned servers in total failure

Benefits

• Flexibility to increase (or decrease) user numbers or server resources
• Fully managed infrastructure
• All-inclusive monthly charge (including support) so costs are predictable
• Infrastructure designed for regulatory compliance
• Applications deployed to users in minutes
• Infrastructure replicated to second DC every 15mins for fast failover

£83.60 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@tivarri.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

791396851307676

Contact

Simon Ponsford
01225 428879
sales@tivarri.com

Service scope

• Service constraints: Planned maintenance occurs in the early hours of Sunday morning. This is to deploy the latest security patches. An alternative time can be selected for patching, but we do require that this occurs weekly to ensure that systems remain secure.
• System requirements:
  • Remote Desktop Software to access service
  • Internet connection of at least 1 Mbps per user

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is UK working hours. Monday-Friday.; SLA is 4 business hours, but average response time is 12 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Calls are initially handled by Helpdesk Engineers, should an issue not be resolved quickly, or if the customer requests escalation, a ticket is passed to a Technical Manager. We do not employ call handlers or 1st line technical support engineers, so customers receive immediate attention from experienced technical staff.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide documentation to get users initially connected and configure multi-factor authentication, remote desktop support to help with initial customer issues and provide a web based Knowledge Base to give user guidance. We provide a free access to our Helpdesk via telephone, email, or web portal support to assist with access and use of our service. Once connected to the service a standard Windows desktop environment is presented.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers may transfer their data from the service an encrypted file transfer service to Amazon Web Services S3 or Microsoft Azure encrypted storage. The data can also be provided on encrypted media (media charged at cost) and shipped to the customers confirmed location.
• End-of-contract process: At any point during or prior to the end of the contract a customer can request a copy of their data to be securely transferred to other service provider. There is no charge for this at the end of the contract, during the contract the cost is based on an hourly charge per request. Should the customer require data to be saved to encrypted media and shipped then time and materials (storage media) are charged.; ; 30-days following the end of the contract all user data will be deleted from backup servers.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Infrastructure is dedicated per customer. All systems are monitored 24/7 with alerts to our Helpdesk if performance thresholds are met.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • All saved documents
• Backup controls: All saved files and virtual machines are backed-up.; Data is replicated to a second data centre every 15 minutes.; Full backups of virtual machines are taken daily.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLA is 99.9%. If this isn't achieved credits are paid. Typically 99.98% or higher is achieved.
• Approach to resilience: Data is replicated to a second UK data centre every 15 minutes. Backups are taken daily, all backups are tested and verified daily. Backups stored encrypted at both data centres.; All hardware is resilient, there is UPS and a minimum of 4 days diesel stored onsite to run generators. We also maintain 100% spare parts for all live systems at the primary data centre.
• Outage reporting: We have a public status page which is hosted and managed by a 3rd party. We are also configured to send email alerts to customers through a 3rd party system.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
• Access restrictions in management interfaces and support channels: These are only accessible via a VPN which uses secure key and username/password to authenticate.; Support channels also require validated authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation
• ISO/IEC 27001 accreditation date: 11/07/2023
• What the ISO/IEC 27001 doesn’t cover: Nothing, all services offered are within scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our business policies and reporting structure follows ISO 27001:2013. All incidents are reviewed by the management team on a monthly basis. The Information Security Management System (ISMS) reports directly into the management team as does their deputy in the case of absence. Incidents and responses to them are also reviewed at board meetings.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow our ISO 27001 processes which look at potential impact and rollback practice where required.; Changes are tested on a replica system at a second data centre where deemed necessary.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We assess threats in the same day, typically within an hour or two. If necessary patching occurs the same day. If it is less urgent, then patches are applied in planned maintenance in the early hours of a Sunday morning.; We subscribe to multiple security forums and feeds including Microsoft and other vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All systems are monitored 24/7. We have software to detect unusual logon and file activity. Alerts are normally responded to within 5 minutes of a potential breach.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined processes for incident responses. We also practice these at least twice a year to ensure that all staff are familiar with the process.; Incidents are reported through two separate systems (this is used in case one were compromised).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Each organisation has dedicated hardware.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Managed by 3rd party to ensure compliance.

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We are uniquely placed to understand the carbon impact of all services we offer based on in-house custom software.

Pricing

• Price: £83.60 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: This is limited for up to 5 users for 3 days.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@tivarri.com. Tell them what format you need. It will help if you say what assistive technology you use.