Get a demo
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Get a quote
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Try for free
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest

CROC Cloud services on Cisco technologies

Cisco_Powered_Universal_600px_225_RGB.png

CROC’s cloud platform meets special software and hardware requirements regarding the deployment of Cisco solutions. In addition, the fact CROC is a certified Cisco Service Provider means customers can start directly from the solution deployment in the cloud, thus skipping architecture approval and Cisco hardware procurement phases.

CROC's cloud is well suited to deploying the following solutions:

Cisco Powered IaaS

CROC, jointly with Cisco Systems, offers Cisco Powered IaaS, a new cloud service, offering computational capacity, RAM, storage space, and access to network services on demand from a virtual environment constructed by CROC in the territory of the Russian Federation in compliance with Cisco recommendations and best practices. Services are available over the Internet and dedicated communication links and are billed according to consumption-based model («pay-per-use»).

Cloud environment is built on a fault-tolerant VCE Vblock hardware platform. The solution includes equipment and technologies by global leaders, such as Cisco, EMC, and VMware.

This service is aimed at large and medium businesses that:

  • already use Cisco solutions but are planning to migrate them to CROC’s cloud for using them as a service, while providing their employees and customers with access to these cloud solutions
  • are planning to deploy Cisco Powered Cloud solutions for the first time using Cisco Powered IaaS

Customers may be interested in the following Cisco Powered IaaS use scenarios:

  • VM migration from customer’s data center to CROC’s cloud
  • Deployment of new high-loaded and resource-intensive services in CROC’s cloud to avoid the need for procurement of new equipment
  • Migration of publicly available services to CROC’s cloud to ensure their independence of internal infrastructure
  • Complete migration of servers from remote offices and branches to CROC’s cloud, and integration of LAN in branches with isolated network in CROC’s cloud using network virtualization technology and Site-to-Site VPN tunnels
  • Using CROC’s cloud as backup data center
  • Deployment of Cisco Powered Cloud services:
  • - Unified Communications as a Service (UCaaS)

    - Contact Center as a Service (CCaaS)

    - Telepresence as a Service (TPaaS)

    - Disaster Recovery as a Service (DRaaS)

    - Desktop as a Service (DaaS)

    - Cloud architecture for SAP HANA o Hosted Security as a Service (HSaaS).

Competitive advantages:

  • CROC cloud is built on VCE Vblock platform installed at CROC’s own Moscow data center, which is certified by the Uptime Institute for compliance with TIER III requirements—which means 99.982% availability
  • CROC has been creating data centers and cloud services for customers since 1994
  • Full range of services: resource provision as a service, assistance in migration from an existing site to CROC’s Cisco Powered IaaS cloud environment, and subsequent technical support
  • The platform supports wide range of additional Cisco cloud services according to SaaS model
  • Round-the-clock Russian-language Service Desk certified for compliance with ISO 20000
  • If a customer abandons using a service then CROC will export all customer’s virtual machines and transfer them to customer using agreed method

Our certificates and authorizations

  • Russia’s first EMC Service Provider Velocity² Signature Solution Centre Partner; Authorized Services Network (ASN) Partner since 2008 Best Partner for License Sales in 2009 (EMC Documentum)
  • Cisco Gold Partner in 7 specializations Advanced Cloud and Managed Services Certified Partner since 2015
  • Microsoft Enterprise Solution Provider since 2007 Gold Management and Virtualization Partner;
  • VMware Premier Partner and Best Partner 2012 VMware Service Provider Enterprise in vCloud Powered category since 2012
  • Citrix Gold Solution Partner since 2004 Citrix Cloud Solutions Consultant since 2012 Authorized Citrix support center since 2005
  • Certified local 1st line support for Oracle and Siebel software since 2011, and Oracle Business Process Outsourcing Provider
  • Service Desk is certified for compliance with ISO/IEC 20000-1:2011
  • Quality management system complies with GOST ISO 9001-2011 (ISO 9001:2008)
  • Information security management system complies with ISO/IEC 27001:2013

Technical Support

Technical support is included in the service cost and provided by CROC specialists around-the-clock in the Russian language. If necessary, technical support can be provided in English (to be agreed separately).

Service level and response time shall be agreed with a customer and documented in Service Level Agreement (SLA). To view our template SLA, please visit our website.

Difficult problems are escalated directly to respective vendor.

Service payment

The service shall be paid on monthly or quarterly basis according to pay-per-use model (postpayment). Monthly service rates shall be specified in a master agreement.

The rates shall include fixed tariffs for the following service elements:

1) VMs depending on the plan, which includes a certain number of virtual processors, allocated RAM, and VM OS license in use. These parameters are checked every hour and depend on VM status (switched on/off).

2) Used storage space (GB)

3) External IP address

4) IPSec VPN

5) Network traffic

Backup of running VMs and 30-day backup storage are included in the service cost and provided at no extra charge.

Cisco Powered Managed Business Communications

CROC provides administration and technical support for Cisco Unified Communications systems. Business Communications is an enterprise collaboration solution based on Cisco Systems platform that combines various communication tools and methods. CROC can ensure the performance of the following modules, services, and features of Cisco Unified Communications:

Basic IP telephony features:

  • Call on hold
  • Configurable call forwarding between user devices
  • Call transfer between user devices
  • Connection of new participants to voice conferences
  • Video calls between employees

Supported user equipment:

  • IP telephone with options (headset, video)
  • Computer (Windows or OS X) )
  • Notebook (Windows or OS X) )
  • Tablet (Android or iOS) )
  • Smartphone (Android or iOS) )

Supported communication methods:

  • Instant Messaging, Voicemail
  • Video calls between users
  • CSF apps (Cisco Jabber)
  • Voice messages based on Unity Connection
  • Voice messages based on Microsoft Exchange

Voicemail users can:

  • Record and send voice message
  • Select and send pre-recorded voice message
  • Send messages to several recipients
  • Prioritize messages using tags
  • Alert to new messages using visual indication
  • Select and play voice message
  • Play voice records using enterprise e-mail client
  • Voice-activated control of a voicemail system

Presence and Instant Messaging (IM) indication system

Presence module helps check user availability for call and select the most convenient method of communication. User status indication system accelerates communication between employees and decision-making.

IM module adds a new fast communication channel enabling file transfer and document sharing.

CROC provides maintenance, administration, and support for the following functionality:

  • Texting (chatting) between employees
  • Persistent chat
  • Chats via employee mobile devices and PCs
  • Presence indication during calls
  • Presence indication when calendar events happen

Employee mobile workplace

One of Business Communications advantages is that employees can log in anywhere using corporate phones.

Mobile workplace features:

  • Dual-mode support on iOS and Android smartphones
  • Call transfer from fixed phone to mobile device
  • Instant messaging and status indication for mobile devices
  • VPN tunneling
  • Fixed phone control from a mobile workplace
  • Video calls between mobile workplaces

Voicemail access

Employees can play voicemails using alternative user devices. Available options:

  • Voicemail playback using enterprise e-mail clients (MS Outlook or MS Outlook Web Access)
  • Voicemail GUI for mobile devices and PCs)
  • Voicemail playback from alternative subscriber devices)
  • Centralized management of corporate voicemail within the company)

Voicemail security

To prevent unauthorized voicemail access, Business Communications allows users to control the following settings:

  • User password and PIN management policies
  • Phone number access control list
  • Additional protection tools for messages marked as private
  • Voicemail aging policy
  • Voicemail event logging

Fault tolerance assurance for the following modules and subsystems

  • Gatekeepers
  • Media resources
  • Voicemail servers
  • PSTN connection gateways
  • IP PBX cores
  • Configuring HSRP groups
  • Configuring Survivable Remote Site Telephony (SRST)

 Supported signaling protocols

  • SIP
  • H323
  • Skinny Skinny Client Control Protocol (SCCP)

Support of voice traffic prioritization in the architecture center (company headquarters, main office)

  • Configuring QoS for voice VLAN

Support of traffic prioritization at regional site level

  • Inbound traffic prioritization policy management
  • Outbound traffic prioritization policy management

General architecture of Business Communications System

Architecture components and capabilities:

  • Cisco Unified Communications Manager v. 10.5
  • Cisco Unity Connection v. 10.5
  • Support of SIP flows for PSTN connection
  • PSTN gateways
  • Transcoding support
  • Support of interaction among SIP and H.323 users

Cisco Powered Managed Security

CROC offers a wide range of solutions to secure customer's network infrastructure.

The service includes installation and configuration of the following information security system components:

Firewalls

Cisco devices with firewall modules (each processing multi-protocol traffic at 10 Gbps) are used as firewalls. To ensure redundancy and fault tolerance of server applications, duplication of device and module chassis is used. All Cisco firewall inter- and intra-chassis modules are combined in a cluster. Cluster interfaces are connected to Customer's network core switches using EtherChannel technology. To enable interaction between cluster members, an isolated VLAN is used that is declared both on firewall modules and network core devices.

All cluster members are in active mode and balance the traffic among them. If one of Cisco ASA chassis fails then traffic will be transparently switched to a working Cisco ASA chassis; if one of ASA modules fails then traffic will be forwarded to the less busy working ASA module of one of Cisco ASA chassis thus providing high availability and redundancy of network services.

Traffic passing through a cluster of ASA device

Once any of cluster modules fails, all subsequent packets are forwarded to the remaining modules that balace the load among them. 10 Gbps interfaces are used for data traffic transmission and are connected to network core switches using EtherChannel technology and LACP protocol according to manufacturer's recommendations.

Firewall clustering provides high redundancy and aggregated throughput. One module processes traffic at 10 Gbps in multi-protocol mode, while cluster of firewall modules ensures overall speed of up to 28 Gbps.

Firewall routes traffic using static routing and EIGRP dynamic routing. Access network of each system is accessible through corresponding interface of core switch VLAN.

Firewall protects customer's internal network against unauthorized access and various attacks. Traffic inspection is set up at application layer (Application Inspection) for the purposes of analysis. All traffic that passes through firewall is analyzed using an adaptive security algorithm.

As part of traffic analysis, firewall can also detect enterprise network security threats.

Firewall supports the following functions:

Network Address Translation (NAT)

Customer can use non-unique addresses and hide their internal address space behind one or multiple public addresses to prevent intruders from accessing these devices if they know a private address. In addition, NAT allows private IP network (local unicast) to access Internet by translating addresses to IP header.

De-Militarized Zone (DMZ)

This service is used when the customer needs to protect its Internet servers. Network is usually divided to segments with different protection levels: the highest level for internal zone and the lowest one for the Internet. Standard protection policy only allows outbound connections (not inbound connections). Both inbound and outbound interface users must have access to servers within DMZ, which usually has medium protection level (lower than inside interface but higher than outside). DMZ may not start a session to the internal network.

Stateful Firewall Inspection

Stateful Firewall Inspection monitors traffic and connection status and allows legitimate traffic pass from the Internet to corporate network. This is ensured by monitoring connected outbound sessions and creating a table with values. In addition to traffic and connection status, it monitors OSI layer from which the packet came. For example, TCP client sends a SYN to server, and server replies with a SYN-ACK if the session is established.

Authentication proxy

This Managed Security option allows network administrators to create per-user security policies, which only provide network access upon successful authentication. If user authentication fails or particular user policies do not allow for specific traffic, access to the requested resource is denied.

Transparent firewall

When firewalls are implemented without routing disruption, they remain transparent for network traffic and do not require changing settings of other network equipment. To do so, firewalls support a special mode that only requires the use of different incoming and outgoing traffic interfaces.

Stateful Inspection for encrypted traffic

If external services use encryption (VPN or HTTPS), then a firewall will be unable to view traffic content, so a special approach is used: first, traffic is decrypted (VPN or SSL decryption) and then checked for compliance with security policies. If necessary, traffic can be then encrypted again and sent to its destination.

User authentication and access provision

Firewall monitors status and number of sessions, thus ensuring protection against device memory overflow and CPU overload (in both firewall and end devices).

Access Control Lists (ACL) allow limiting user access to resources (both external and internal), while split tunneling technology describes rules to encrypt (or not encrypt) user traffic.

Application control

Packet inspection allows firewall to detect and block (when required) IM and point-to-point traffic. Packets are also checked whether their headers match their content for known packet formats (HTTP, SMTP, etc.). If, for example, non-HTTP traffic is found within a TCP/80 packet (or if HTTP header is incorrect), then such traffic shall be rejected to prevent it from affecting a server.

Inspect Internet Control Message Protocol (ICMP)

Firewalls can monitor ICMP traffic. In particular, external ICMP responses will only be allowed if a request was sent from inside. If this is the case, then only echo-reply, time-exceeded, destination unreachable, and timestamp reply packets will be expected.

Java code blocking

Thanks to packet inspection, firewall can detect Java code within HTTP traffic. Since Java code execution may be harmful, HTTP traffic with Java code can be discarded to prevent it from adversely impacting a server or end user.

Session Initiation Protocol (SIP) control

Firewall inspects content of SIP packets that are responsible for voice traffic signaling. Since SIP packet header contains information about of user IP addresses, and passing through NAT changes only IP packet headers, therefore passing through NAT disrupts SIP operation. SIP control allows for changing SIP packet header and check it for correctness and compliance with RFC.

H.323 protocol

SCCP and H.323 protocol inspection allows to control signaling and media traffic: substitute IP address in packet headers and dynamically create enabling rules for media traffic.

Firewall fault-tolerance

To ensure fault-tolerance at hardware level, High Availability solution is used enabling switchover from failed main firewall to backup firewall. In this case, all main firewall session status information is continuously replicated to a backup firewall to avoid resetting and reestablishing current sessions.

Configuration backup

Firewall can export equipment configuration both locally to a flash media and to external storage system. In addition, configuration can be imported from external storage system for recovery. Export and import functions support TFTP, FTP, HTTP, HTTPS and SCP protocols.

Intrusion detection system

The Intrusion Detection System tools enable the following functionality:

Intrusion detection

Firewalls provide rule-based access to resources and security, while IPS analyses traffic behavior, namely: viruses, worms, botnets, spyware, spam distribution, etc. Since any malware has specific behavior, which can be described using some pattern, IPS detects traffic matching such pattern previously defined in the system (such pattern are referred to as signatures).

Service profiling

Since checking traffic for matching signatures is a resource-intensive process, the best approach is to analyze Customer's network and network traffic and determine if any signatures need to be added. For example, if access rules prohibit outbound SMTP traffic then there is no need to check the entire traffic for SMTP signatures. If Customer's end users only use Linux devices then there is no need to check traffic for Windows vulnerabilities.

Intrusion monitoring

Signatures have so called 'engines' that describe substantially different malware behavior patterns. The choice of a particular engine when describing a signature defines traffic monitoring method: by single packet content, character sequence in a packet set, number of end user devices exchanging traffic, attack vector, etc. Upon detection of signature matching, a message is generated with details of threat type and rating.

Signature management

Signature base is continuously updated from Cisco.com (subject to subscription). You may also write your own signature to describe traffic using one of engines. You can enable/disable detection of certain signatures and change response to such detection (notify, reset, reset TPC, change content, etc.).

Incident handling

Behavior patterns of certain malware are based on repeatability of actions: either a system can be attacked 100 times during a certain period, or a group of 100 endpoints can be attacked. In both cases, IPS will detect 100 events with a specific signature. Such behavior complicates problem analysis and increases the number of entries in a log. To avoid entry multiplication, Summarizer and Meta Event Generator are used. Summarizer generates only one event and specifies the quantity of similar detections, while Meta Event Generator aggregates multiple events into a single event. For example, if signatures A, B, C and D are detected (and if we know that they describe behavior of the same virus using different technologies), then only one event (E=A+B+C+D), which describes group behavior of these signatures, will be created.

IPS backup

Since IPS is an autonomous module of Cisco ASA and its failure can cause traffic interruption, a special mechanism is developed: main Cisco ASA monitors IPS status and in case of its failure switches over to a backup Cisco ASA with operational IPS, thus avoiding data loss in the event of IPS failure.

Cisco Powered Managed Security benefits:

  • Quick deployment and configuration
  • Flexibility and scalability
  • No support and maintenance costs
  • Proven and certified security solutions

Cisco Powered DRaaS

In recent years, IT infrastructure maintenance budgets have been steadily shrunk, causing equipment aging and maintenance staff reduction. However, role of IT in companies' activities and business is still growing, and IT services have become an integral part of corporate life. That is why disaster recovery is so important to keep infrastructure up and running.

Technical failures and force majeure events, such as tsunami or hurricanes, can cause serious damages.

To address this challenge, CROC, jointly with Cisco Systems, offers Cisco Powered Disaster Recovery as a Service (DRaaS), a new disaster recovery cloud service designed to ensure business continuity via provision of acceptable balance between potential damage caused by customer's own data center failure and cost of preventing such risk.

Additional computing capacity is available on demand from a virtual environment constructed by CROC in the territory of the Russian Federation in compliance with Cisco recommendations and best practices. Services are available over the Internet and dedicated communication links and are billed according to consumption-based model ("pay-per-use").

This cloud service is based on a fault-tolerant VCE Vblock hardware platform and Zerto software. The hardware platform includes equipment and technologies by global leaders, such as Cisco, EMC, and VMware.

The service is aimed at large and medium businesses using or planning to use Cisco solutions in their infrastructures.

Customers may be interested in the following Cisco Powered DRaaS use scenarios:

  • Migration of virtual machines from customer's data center to CROC's protected cloud
  • Deployment of new servers in CROC cloud and virtual machine protection
  • Protection of virtual machines that already exist in CROC's cloud

Competitive advantages:

  • CROC cloud is built on VCE Vblock platform installed at CROC's own Moscow data center, which is certified by the Uptime Institute for compliance with TIER III requirements—which means 99.982% availability
  • CROC has been creating data centers and cloud services for customers since 1994
  • Full range of services: resource provision as a service, assistance in migration from an existing site to CROC's Cisco Powered IaaS cloud environment, and subsequent technical support
  • The platform supports wide range of additional Cisco cloud services according to SaaS model
  • Round-the-clock Russian-language Service Desk certified for compliance with ISO 20000
  • If a customer abandons using a service then CROC will export all customer's virtual machines and transfer them to customer using agreed method

Our certificates and authorizations:

  • Russia's first EMC Service Provider, Velocity² Signature Solution Centre Partner; Authorized Services Network (ASN) Partner since 2008 Best Partner for License Sales in 2009 (EMC Documentum)
  • Cisco Gold Partner in 7 specializations Advanced Cloud and Managed Services Certified Partner since 2015
  • Microsoft Enterprise Solution Provider since 2007 Gold Management and Virtualization Partner;
  • VMware Premier Partner and Best Partner 2012 VMware Service Provider Enterprise in vCloud Powered category since 2012
  • Citrix Gold Solution Partner since 2004, Citrix Cloud Solutions Consultant since 2012, Authorized Citrix support center since 2005
  • Certified local 1st line support for Oracle and Siebel software since 2011, and Oracle Business Process Outsourcing Provider
  • Service Desk is certified for compliance with ISO/IEC 20000-1:2011
  • Quality management system complies with GOST ISO 9001-2011 (ISO 9001:2008)
  • Information security management system complies with ISO/IEC 27001:2013

Technical Support

Technical support is included in the service cost and provided by CROC specialists around-the-clock in the Russian language. If necessary, technical support can be provided in English (to be agreed separately).

Service level and response time shall be agreed with a customer and documented in Service Level Agreement (SLA).

Difficult problems are escalated directly to respective vendor.

Service payment

The service shall be paid on monthly or quarterly basis according to pay-per-use model (postpayment). Monthly service rates shall be specified in a master agreement.

The rates shall include fixed tariffs for the following service elements:

1) The number of protected virtual machines

2) Storage space used by backup copies of protected virtual machines (GB)

3) Internet data traffic (GB)

4) Computational resources required to deploy protected virtual machines if main data center fails

Customers that have already benefited from Cisco solutions may transfer them to CROC’s cloud and continue using them as a service, while providing their employees and customers with access to these cloud solutions. When deploying Cisco solutions for the first time, customers can leverage Cisco Powered IaaS.

In addition, Cisco Powered IaaS can interact with global clouds (Amazon, Microsoft) and other Cisco service providers.

See also

  1. Cloud Certified for Compliance with Personal Data Protection Law ( (152-FZ)
  2. Security
  3. Infrastructure Services
  4. Private Cloud
  5. CROC's proprietary cloud platform
  6. Technology vendors