Key Features
(Cranberry Cloud & Cranberry Desktop)

Our private cloud hosted desktop provides the same look and feel as a Windows PC running on conventional computers. Microsoft Office and all the specialised applications your business requires such as Bloomberg, CRM, ERP and accounting packages all work in the same way. With Cranberry Cloud, no applications run and no data is stored on local servers – everything is on cloud-hosted servers in UK datacentres designed for fault-free 24/7 operation. 

Our public cloud hosted desktop is based on Microsoft’s 365 suite of product and services. File and email data is stored and replicated across Microsoft’s UK data centres. Microsoft SharePoint is used for online file storage and collaborative working with options for detailed compliance monitoring and alerting. Microsoft’s services are customised using Tivarri’s tried and tested templates to ensure that compliance requirements are met. With Cranberry Desktop, users can work offline, e.g while travelling and changes can be synchronised when connectivity is restored

Cranberry Cloud & Cranberry Desktop

Cybersecurity

User data is encrypted end-to-end from user device to the cloud. Weekly third-party penetration tests are carried to interrogate our infrastructure security.

Highest Quality Infrastructure

All our hosted desktop servers use Hewlett Packard Enterprise servers, which offer the best performance and fault tolerance.

We take data security very seriously and we strictly control access. On both Cranberry Desktop and Cranberry Cloud, all user data is encrypted prior to any export from the datacentre, and remote access for customers is only provided over SSL secured connections.

Weekly, we commission third-party Penetration (PEN) tests to interrogate our Internet security and ensure protection from unauthorised access.

All remote user access is provided via dedicated customer gateway servers, which act to split genuine user traffic from illicit access or hacking attempts.

A third party would need to have access to your connection settings, username, domain name and password to obtain access. As long as you do not share your password with someone else and select a reasonably complex password, access is extremely difficult.

If a hacker were to obtain your username and use brute force password cracking, we automatically lock the account for 30 minutes after five failed attempts, and simultaneously alert our 24/7 security team who can analyse the logs and, if necessary, contact the customer to discuss the event.

As an additional security feature, we recommend multi-factor authentication. This means that to obtain access a hacker would require your username, password, connection credentials and physical access to your unlocked tablet or smartphone device. This reduces the likelihood of unauthorised access to almost zero.

Backup And Disaster Recovery

By default, all our customer servers and data are backed up daily, depending on the service level chosen by the customer, more frequent backups are available in both the primary and secondary datacentre.  Additionally data is also replicated multiple times per day from the primary to secondary datacentre.

The minimum retention period for backups is 30 days, although many customers opt for 90 days or 5 years for FCA compliance. Regardless, we keep all backup data in an AES 256-bit encrypted format.

Desktop And Application Management

We provide dedicated cloud-hosted desktops. As a result, there are no short, forced session time-outs or loss of user data. This contrasts with entry level ‘cloud-hosted desktop’ services that impose maximum session or usage times, forcing log offs after periods of inactivity resulting in the loss of unsaved work.

Our desktop management application provides profile-based user management with protection from malware or virus attack. We work on the basis of whitelisted applications per user, which means that if a user attempts to run illicit or malware software, it cannot execute. In our experience, this is the best way to protect organisations from the impact of malware, ransomware, and the use of unlicensed or illegal software. Most of our customers require the use of Macros within applications such as Microsoft Excel. If this is not required, it can be disabled to offer a higher level of security protection.

Unlike most of the cloud-hosted desktop marketplace, we take responsibility for patching your servers. We schedule weekly maintenance windows and carry out the often complex and time-consuming patching process. We believe that server patching should be done by the experts and not forced onto the customer to take responsibility.

Consultancy

Tivarri is experienced in the migration of a wide range of applications, which makes it easy for us to migrate new clients with minimal risk.

Unless a service provider has specific application knowledge, most will struggle to get essential business applications working or performing. This is the area in which our unrivalled experience in migrating applications comes into its own. Many of our customers have come from other Cloud-Hosted desktop providers because they were unable to get their business applications working satisfactorily.

Given our experience, we can provide in-depth consultancy for our customers and guidance on applications to use, possible issues and compatibility problems, etc.

We can also provide bespoke server solutions for specific applications such as Bloomberg Professional with full Bloomberg keyboard support.

Datacentre Resilience

It is incredibly difficult to gain access to our datacentres; they are more like a bank vault than a business location, and they are equipped to keep on running no matter what.

All data centres we use meet the following requirements:

All are ISO 27001:2013 compliant, the data management standard, which ensures your data is protected, and only security-cleared staff have physical access to datacentres.

Our services are monitored by an independent third party that provides verification of our uptime record against our SLA and alerting purposes. All sites are security monitored 24/7.

All physical site access is recorded; work on servers is recorded to video.

Access is only granted to pre-authorised and vetted agents, and the authorisation includes Disclosure and Barring Service (DBS) (previously Criminal Records Bureau [CRB]) checks.

Access to the data hall is either restricted to datacentre staff or our own engineering staff.

Our datacentres have:

Multiple redundant data feeds from different connectivity providers.

Fully redundant cooling and failover power.

Onsite battery backup for a minimum of 1 hour with diesel generators ready to go with 4 hours of fuel held in underground tanks and contracts in place to expedite the supply of additional diesel fuel if required.

Key to many of our financial services clients is that we only use datacentres located outside Central London, so less likely to be affected by a terrorist incident.

The Benefit Of Experience

Our team has been providing Private and Public Cloud solutions to financial services organisations and operators of critical national infrastructure for over 20 years, longer than anyone else in Europe. In fact, we were even involved in the development of the underlying communications protocols used to deliver these services.

As early adopters of the Microsoft SPLA (Service Provider Licence Agreement) which is Microsoft’s pay monthly licensing programme, we propose the most cost-effective and compliant licencing solution for our customers. Most Cloud-Hosted desktop service providers do not focus on subscription licencing, because it is the customer who is liable if mistakes are made. We do not think that is right. Therefore, we act on behalf of our customers to ensure they are correctly licenced for their usage.

We know how to build large scale IT infrastructure for businesses, and we have applied our experience to building a reliable Cloud-Hosted desktop infrastructure for many organisations. We do not simply create desktops in the Cloud; we build all the surrounding elements, such as domain controllers, file servers, database servers and secure access gateways that you find in large enterprises. This provides the most secure and reliable platform.

Low-cost or inexperienced providers will typically attempt to run everything from a single Internet facing server, but this means that a customer server with live data is exposed directly to the Internet through open firewall ports, which are often the subject of brute force attacks from hackers. Having dedicated security devices to which all users authenticate before being passed to their dedicated resources and data affords the best security protection.

Market-leading Cybersecurity

Security is the number one priority. Our IT platforms are built and operated using industry best practice to meet compliance requirements.

Our Cloud-Hosted desktop platform employs higher security levels than that of our competitors, and we are constantly evolving our offering to respond as hacking attacks become more sophisticated. For example, today we provide failed login reporting, something often required by regulatory auditors and is focused on stopping unauthorised access. We also offer an optional threat analysis system which is aimed at detecting and alerting of unusual activity by authenticated users. This uses machine learning to analyse network data at a packet level, looking at both authentication attempts and patterns of network activity synonymous with hackers searching for potentially valuable information.

We carry out regular penetration tests on our complete infrastructure and now offer customers monthly penetration test with detailed reporting against an individual customer’s servers to assist with regulatory audits.

One of the advantages of using a Cloud-Hosted desktop services is that data is held securely and centrally. If required, we can prohibit access to remote drives and USB sticks. As an additional service we can block access to specific email providers or applications such as Dropbox that might be used by staff to transfer data out of the business. Website filtering is also available to restrict user access to non-core websites and services. 

Migrating to our email services will allow the deployment of enhanced Microsoft Exchange email features including user activity monitoring, enhanced email security, email archiving and Mobile Device Management (MDM) which all help to protect users against computer viruses and suspicious emails.

Not ready for a fully hosted desktop?
Introducing Cranberry Desktop

Cranberry Desktop is a secure IT system with centralised storage, auditing and data backup using cloud-based services. Cranberry Desktop is designed to meet FCA and ISO 27001 standards and provides the key benefits of our Cranberry Cloud hosted desktop service while running on your local PCs.

Cranberry Desktop provides extra layers of user control and cybersecurity to better protect your company data and better meet the requirements of regulators and investors. It also gives a secure, seamless and controllable way for users to work remotely, on their own computers or devices.