Cloud Hosting
Allows clients to deploy, manage, run software by
providing virtual machines and storage or network resources.
Features
- Hosting virtual machines
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
- Software as a Service (Saas)
- Real-time monitoring
- Remote access
- Secure environment
Benefits
- Centralised management
- Publish content from multiple devices
- Increase Scaleability
- Provides Flexibility
- Cost effective
- Increase Security
Pricing
£0.00 a unit an hour
- Education pricing available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at neal.chauhan@redpalm.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
8 8 4 4 7 5 3 2 1 5 1 7 2 0 9
Contact
Redpalm Technology Services
Neal Chauhan
Telephone: 03330063368
Email: neal.chauhan@redpalm.co.uk
Service scope
- Service constraints
- As a business we have not encountered any constraints whilst offering these type of services.
- System requirements
-
- Operating systems must be supported versions
- Applications must be supported versions
- Configured in a secure manner
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Dependant on user SLA to which are tailoired to the clients requirements, e.g from a 15 min response to a NBD response.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Users can interact with our engineers in real-time to answer any questions or issues.
- Web chat accessibility testing
- Our webchat allows the font and contrast to be changed to make it easier for visually impaired users.
- Onsite support
- Onsite support
- Support levels
-
Support levels are tailored to each clients requirements.
Every client will recieve a dedicated account manager. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide onsite training, online training and user documentation
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- Dependant on the service a copy can be downloaded or Redpalm can provide this copy directly.
- End-of-contract process
-
At the end of the contract all services and support will be terminated.
Renewal of contracts is straightforward via our automated renewals manager.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Users are able to log in and easily make any changes via the web interface.
Some advanced customisations need to be done via a command line, but this is still achieved through the web interface. - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface is accesible through all supported web browsers.
- Web interface accessibility testing
- Font and contrast changes for visually impaired users
- API
- Yes
- What users can and can't do using the API
-
Our API allows applications to access data and interact with external software components, operating systems, or microservices.
They bring applications together in order to perform a designed function built around sharing data and executing pre-defined processes. - API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Most things can be implemented via the command line interface. There is supporting documentation around this.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Resources pools are used to guarantee performance and that users are not affected by others.
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft Azure and Amazon Web Services
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Virtual Machines
- Databases
- Configuration
- Media
- Data
- User accounts
- Backup controls
-
Users can select what they would like to be backed up and how they would like this scheduled.
The Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for the user can be customised dependant on their requirements. - Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We offer a 99.999% service uptime.
- Approach to resilience
- Available on request.
- Outage reporting
- Via a a public dashboard and email alerts.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- We restrict access in management interfaces and support channels by using role based access so only those users who require access will be granted it. These login's are secured via MFA
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device over multiple services or networks
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British assessment bureau
- ISO/IEC 27001 accreditation date
- 30/03/2022
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Available upon request.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All changes go through an ITIL aligned Change Advisory Board (CAB) Process.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- As per Cyber Essentials we patch all critical and high risk vulnerabilities within 14 days. We use a number of sources to understand and gather information on potential threats, which can be provided upon request.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- .Proactive monitoring from a number of systems is used to alert potential compromises. Any potential compromise will immediately raise a ticket in our service desk system and will be assigned to an engineer to investigate almost immediately.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Major incidents can be logged by users to our service desk via email, phone or web portal. This initiates our major incident process which details a timeline of events and the root cause with remdiation on how to stop a reocurrance of this type of event. This report is provided to all customers after a major incident.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- Through the use of isolated environments.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Microsoft and AWS follow the EU code of Conduct.
Social Value
- Fighting climate change
-
Fighting climate change
where possible we try and minimise our impact upon the climate/environment. - Covid-19 recovery
-
Covid-19 recovery
Part of our business continuity plan. - Tackling economic inequality
-
Tackling economic inequality
This falls under our CSR policy - Equal opportunity
-
Equal opportunity
This is covered by our staff handbook. - Wellbeing
-
Wellbeing
This is covered within the staff handbook.
Pricing
- Price
- £0.00 a unit an hour
- Discount for educational organisations
- Yes
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at neal.chauhan@redpalm.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.