Summary

  • Bigstep Cloud is not just a name attached to an old hosting site. Companies House lists Bigstep Cloud Limited as active, RIPE records identify ORG-BCL26-RIPE as Bigstep Cloud Limited, and RIPEstat shows AS201471 announced in July 2026. That evidence supports an operating footprint, but it does not prove spare rack capacity, current inventory depth or a tested multi-site recovery path.
  • The company sells bare-metal cloud capacity: dedicated machines with cloud controls, storage, network and support wrapped around them. Its own site advertises direct hardware access, up to 4 x 10 Gbit Ethernet, single-tenant machines, on-demand and reserved server charging, managed services, backup management and a 99.99 percent uptime claim on a pricing FAQ. Those promises depend on power, cooling, racks, top-of-rack switching, transit, hardware replacement and support response.
  • The main diligence question is not whether Bigstep can route packets. It can. The harder question is what happens when a customer needs replacement hardware, migration help, cross-site restoration, billing intervention or a verified location boundary during a bad week. Public sources point to Great Britain and Romania service selections, UK legal registration and active BGP originations, but they do not publish enough current facility, carrier-contract or stock evidence to treat the footprint as deep without direct customer verification.

The company behind the cloud label

Bigstep Cloud's public identity has two layers. One layer is the legal and registry layer: Companies House lists Bigstep Cloud Limited, company number 08966623, as an active private limited company incorporated on 31 March 2014. The same record gives the registered office as Second Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1ER, records the latest filed accounts as made up to 31 December 2024, and shows the next accounts due by 30 September 2026. The filing history also records a 2 July 2025 registered-office change and a 1 December 2025 confirmation statement, which means the public corporate file has recent administrative activity rather than only old formation records.

The second layer is the customer-facing service layer. Bigstep's own site describes "Bigstep Metal Cloud" as an on-demand bare-metal infrastructure service, with the homepage saying that the service offers direct hardware access for latency, stability and performance-sensitive workloads and the product copy promising zero virtualization and single-tenant machines. That matters because a bare-metal cloud is not the same risk surface as a conventional virtual public cloud. A customer is buying a physical server assignment, storage attachment, network reachability and some amount of operational automation.

If any one of those layers fails, the customer does not simply move from one anonymous virtual host to another; it may need a real replacement server, a data move, a support action or a route change.

The corporate control picture is also relevant. The Companies House officers page lists Lucas Roh as an active director, and the persons-with-significant-control page lists Mr Lucas Roh and Host Global Limited as active persons with significant control. Host Global Limited is shown as owning more than 50 percent but less than 75 percent of shares and voting rights and as having the right to appoint or remove directors. Those records do not say who runs a data hall on a given night or who holds a facility lease, but they show that the UK company sits inside a broader hosting-company control structure rather than being a standalone anonymous domain.

The operating-status grade should therefore be cautious but not dismissive. Bigstep has an active legal company, an active RIPE local internet registry organisation, and active BGP announcements. Its site still exposes login, signup, pricing, support, billing and contact routes. At the same time, parts of the public product estate read as old or uneven. The main site footer on several pages still shows 2013-2024, while at least one blog page footer reaches 2026. The pricing pages mix live-looking configuration selectors with stale page assets and wording errors.

The company's public blog and intelligence team cadence is not strong enough to prove current scale. Those details are not evidence of failure, but they do lower confidence in any claim that the service has a broad, recently documented capacity reserve.

What Bigstep actually sells

Bigstep's own product story is unusually physical for a cloud service. The homepage says the platform removes bottlenecks with up to 4 x 10 Gbit Ethernet connections, offers zero virtualization and makes all system resources available to applications. The pricing page presents server plans such as an Intel Xeon E3-1585L v5 system with 32 GB DDR4 ECC memory and 2 x 10 GbE, an Intel Xeon E5-2630 v4 system with 64 GB DDR4 ECC and 4 x 10 GbE, and larger dual-socket configurations with 256 GB memory. The server configurations page goes further by showing on-demand and subscription charging for bare-metal servers, storage, network and managed services.

That is a real infrastructure proposition, not a pure software subscription. The service promises the customer a machine profile, network port profile, storage attachment and support surface. The same public pricing area says "all plans include" free migration, free setup, 24/7 technical support, ISO and GDPR certifications, and add-ons such as managed services, on-demand storage and backup management. It also says the service includes monitoring and alerts, cloud firewalls and a 99.99 percent uptime SLA. Each of those points implies an operational dependency. Migration requires staff time and compatible target capacity.

Backup management requires a defined backup product and restoration practice. An uptime commitment is only as good as power, cooling, switching, carriers, storage pools and incident handling. A certification badge or GDPR reference says nothing by itself about whether a given workload can be restored in the same country after a rack fault.

The strongest way to read Bigstep is as a bare-metal capacity broker with cloud controls. The customer sees an online infrastructure editor, API endpoints, signup and support surfaces. Behind that, Bigstep must keep enough servers in inventory, attach storage, configure out-of-band management, enforce firewalls, bill consumption and support customers who may be running ecommerce databases, analytics jobs or managed applications. The company may be able to make that feel fast when stock is available, but the economics still look like hosting economics: hardware has to be bought, racked, powered, depreciated, repaired and eventually replaced.

The distinction matters in a failure test. In a hyperscale virtual environment, a customer may design for failures by spreading across regions and availability zones. With Bigstep, public pages point to selectable data-centre locations in Great Britain and Romania, but they do not publish an availability-zone map, a capacity reserve policy, a cross-site replication product for every workload, or a current statement that a given server class is available in more than one site.

A buyer can still build resilience, but the buyer has to verify that the chosen server type, storage service, image, network attachment and support agreement can be reproduced where the buyer expects.

Location evidence: service areas, not exact halls

The public location evidence is useful but incomplete. The contact page lists Bigstep Cloud Ltd at International House, 24 Holborn Viaduct, London EC1A 2BN, and lists a Romanian headquarters in Bucharest. It also gives UK sales contact details, weekday billing hours in GMT and 24-hour technical support through tickets and live chat. The RIPE organisation record also identifies Bigstep Cloud Limited as a GB local internet registry with an International House, 24 Holborn Viaduct address, registration number 08966623 and a phone contact. These records tie Bigstep to the UK market and to RIPE network-resource administration.

The product-side location evidence is narrower. The server configurations page exposes a data-centre selector with "Great Britain" and "Romania" as options. That is the clearest public hint that Bigstep presents customer deployable capacity in those service geographies. It is not the same thing as a public facility list. A country selector does not state whether Bigstep owns the data centre, leases cages, uses wholesale colocation, subleases racks through a parent company, or places gear inside a partner site. It also does not tell customers whether all listed server types, storage pools, support access and network paths are equally available in both countries at the moment of order.

The network records complicate the picture in a constructive way. RIPE records for 84.40.60.0 - 84.40.63.255 describe "Bigstep Cloud Services" with country GB. RIPE records for 185.90.48.0 - 185.90.51.255 identify Bigstep Cloud Limited but list country DE. Country fields in registry records are not a perfect map of equipment location, but they are a warning against reducing Bigstep to a single London story. The public evidence supports a GB-rooted company with European operating claims and network resources, not a fully disclosed map of racks.

For a buyer with sovereignty or latency requirements, that difference is decisive. "Great Britain" in a pricing selector is a starting point, not a control. The buyer should ask for the exact deployment country, whether customer data and backups stay there, whether remote hands or managed services are performed from outside the country, whether logs or billing data are processed elsewhere, and whether failover would move the workload into another jurisdiction. Bigstep's privacy notice says it may act as controller for data it collects and processor for hosted personal data, and says it implements physical, administrative and technical safeguards. That helps frame the responsibility split, but it does not replace a location schedule in a contract.

Network evidence: active routes with named upstreams

The strongest public evidence that Bigstep is still an infrastructure operator is network evidence. RIPEstat's AS overview for AS201471 identifies the holder as "BIGSTEP-CLOUD Bigstep Cloud Limited" and marks the AS as announced for the July 2026 query window. RIPEstat's announced-prefixes call showed 25 announced prefixes, including 84.40.60.0/22, 185.90.48.0/22, 176.223.248.0/23, 176.223.250.0/23, 66.232.128.0/21 and 2001:67c:4dc::/48. BGP.tools' AS201471 page described the network as active and listed 24 originated IPv4 prefixes and one IPv6 prefix, with upstreams including Amito, Cogent, Hurricane Electric and Easyhost.

The RIPE database adds the route-policy view. The aut-num entity for AS201471 lists imports and exports with AS12703, AS60610, AS6939, AS174 and AS39756 for IPv4, and multi-protocol entries for IPv6. RIPEstat's routing-consistency view showed several of those peers in BGP, with AS12703 present in the registry entity but not visible in BGP for that query time. That is not unusual in itself, but it is exactly the sort of detail that matters for resilience. A customer should not simply count names in a policy entity; it should ask which upstreams are active at the customer's site, which are used for IPv6, which carry default routes, whether there are separate physical entrances, and whether Bigstep has a documented route preference and DDoS mitigation arrangement.

There is no current public PeeringDB network entry returned for ASN 201471 by PeeringDB's net lookup. Absence from that database is not proof of weak connectivity; many smaller networks do not maintain public PeeringDB profiles. It does, however, remove one easy way to verify public exchange presence, facility interconnection and peering policy. For a buyer choosing Bigstep for latency, the practical test is not "does the ASN exist?" The practical test is traceroutes from expected user regions, current route collector views, written upstream diversity by deployment country, and a support commitment for routing incidents.

The network evidence grade is therefore medium rather than strong. AS201471 is active and originates meaningful IPv4 space plus an IPv6 route. The upstream set includes recognised carriers and regional networks. But public sources do not show a fresh facility map, cross-connect diversity, port speeds, committed bandwidth per site, DDoS scrubbing arrangements or a customer-facing status history. The public data proves that Bigstep has routed network resources; it does not prove that every customer workload is protected from a single upstream failure, a top-of-rack fault or a carrier maintenance window.

Installed capacity is not the same as usable capacity

Bigstep's business depends on a familiar hosting tension: the site sells flexibility, but the underlying pool is finite. The pricing page shows named machine profiles and says additional configurations are available by contacting sales. The configuration page says servers are available on demand and by subscription, and its FAQ says provisioning a server takes around five minutes while deprovisioning takes a few seconds. Those are concrete claims, but they only apply when a suitable server, switch port, storage path and address plan are available. If a customer needs a particular CPU class, memory size, local disk profile or country location, the capacity question becomes hardware-specific.

The same page shows why the billing surface is not trivial. On-demand servers, subscription servers, SSD storage, uploads and managed services are separate items in the estimator. Storage charging is based on allocated space, not necessarily the amount used inside the file system. The FAQ says sustained use does not automatically apply a lower subscription price; customers need to create a reservation if they know they will use servers constantly. This is classic infrastructure hosting economics.

A customer can buy flexibility, but cost control still depends on reservations, right-sizing and the ability to stop or deprovision machines when no longer needed.

Installed capacity can also become stranded capacity. If a service is sold as a large server with local drives, the customer may not be able to move a workload instantly to a smaller or different server class without operating-system work, application testing or data movement. If the service is sold with shared block storage or backup management, the bottleneck may move from the server to the storage pool or restore path. Bigstep's pages advertise single-tenant hardware and top-of-rack storage architecture, but they do not publish current pool utilisation or spare-part inventories.

That means a customer should ask how Bigstep handles a failed motherboard, failed boot drive, failed NIC, failed storage controller or exhausted stock for a chosen server family.

The customer impact is different by workload. A marketing site may tolerate a migration window if DNS, backups and support are organised. An ecommerce database running on a bare-metal server may face a much more serious decision if the server is healthy enough to limp but not healthy enough to trust. An analytics cluster may accept a node replacement but suffer if all nodes share the same rack or storage pool. A regulated workload may be blocked from a quick restore if the only available spare is in a different country.

These are not arguments against using Bigstep; they are the operating questions hidden behind a simple "deploy in seconds" message.

Storage, snapshots and the backup boundary

Bigstep's public pages present storage as part of the cloud-like experience. The configuration page describes storage options and says its storage architecture uses many independent small block-device pools distributed across the network and connected in top-of-rack switches for performance and latency. That description is useful because it tells customers the storage service is not just disks inside a server. It depends on rack switching, storage pools, management connectivity and the control plane that attaches volumes to compute.

The documentation exposed at api.bigstep.com/metal-cloud includes a "Drive snapshot management" document stating that each drive can have a maximum of five snapshots, that creating or reverting to a snapshot is instantaneous, and that some local disks are not automatically managed. It also includes a "Bigstep Metal Cloud connectivity and security overview" that says Bigstep management services require firewalls on each server to allow UDP ports 67 and 68 and allow traffic from 100.64.0.0/10 plus listed Bigstep subnets such as 185.90.48.54, 84.40.58.54 and 176.223.248.54. That is a strong sign of a managed bare-metal environment: customer servers remain physical machines, but Bigstep's management access and network conventions are part of keeping the service operable.

The contract boundary is sharper than the marketing boundary. The terms of use state that clients must take all steps necessary to perform regular backups of client data, configured infrastructure and other settings required for the services to operate properly. They also say clients are responsible for maintaining current data backups to prevent and mitigate data loss. In other words, backup management may be sold as an add-on, and snapshots may exist as a convenience, but the default public contract language puts meaningful responsibility on the customer.

This is where failure analysis should be blunt. Snapshots are not the same as off-site backups. A five-snapshot limit is not a disaster recovery plan. A local disk that is not automatically managed is not portable by default. A top-of-rack storage design can reduce latency but can still inherit rack or network failure modes. If a customer treats Bigstep as the only copy of its data, the customer's restore risk is high unless it has tested exports, independent backups, cross-site replication or application-level copies.

If a customer buys managed backup support, it should ask for restore-time objectives, restore-point objectives, encryption handling, location of backup copies, retention, deletion behaviour and whether Bigstep has ever run a full customer restore from the selected service tier.

Support and billing are part of the infrastructure

For smaller cloud and hosting providers, support is not a side channel; it is part of the product. Bigstep's contact page says sales can assist with product specifications, price quotes and account management; billing is available Monday to Friday, 09:00 to 17:00 GMT; and technical support is available 24 hours through tickets, live chat and support email. The pricing page says all plans include 24/7 technical support. The difference between those two surfaces matters. A hardware or routing problem may get 24-hour technical coverage, while a payment-method issue, registered payment dispute or billing-cycle change may wait for business hours.

Billing can become an availability issue when hosted capacity is sold on consumption. The terms of use say Bigstep may apply service suspension in several situations, including security risk, detrimental effect on services, fraudulent or illegal use, reaching a standard consumption limit without sufficient guarantees, or suspicion that an account is fraudulent or at risk of non-payment if verification procedures are not met. The same terms say on-demand services may be subject to consumption limits and that those limits can change based on guarantees, creditworthiness and reliability.

For a customer running production workloads, that language means account hygiene, contacts, payment methods and expected spend approvals should be treated as operational controls.

The terms also reserve change rights that affect portability. Bigstep may change or modify features and functionality, with notice if a change negatively affects the customer's use, and the customer may terminate the subscription for the modified service within 30 days. Bigstep may also change, discontinue or terminate an API connected to the services and says it will take reasonable measures to support the previous API version for six months after change, discontinuation or termination unless security, intellectual-property, technical, economic or legal constraints apply.

A customer with infrastructure-as-code, scripts, billing exports or operational dashboards should treat that API-change language as a dependency.

The practical support test is simple: ask how an incident is escalated when it crosses layers. A disk fault may begin as hardware replacement. A storage attach fault may involve the management interface. A route leak may require network engineering. A card-payment or credit-limit problem may require billing. A migration may require both sales and technical staff. If the service depends on one small team that handles many of those categories, recovery may be slower during a multi-customer event.

Bigstep may have good internal coverage, but public pages do not show the staffing depth, escalation targets or status-page history needed to assume it.

The most credible failure paths

The first failure path is a rack or facility incident. Bare-metal servers need power, cooling, cabling, switch ports and out-of-band access. A single rack event can affect multiple customer machines if the customer's servers, storage shelves and switches sit in the same physical dependency zone. Bigstep's product pages do not publish rack diversity rules, so a customer should not assume that multiple servers in one deployment are physically separated unless Bigstep confirms it.

The right evidence would be a placement policy, a billable option for separation, or a post-deployment asset view that shows independent failure domains without exposing sensitive facility details.

The second failure path is upstream or route failure. AS201471 has visible upstreams, but the customer needs to know which upstreams serve its country and product. If all traffic for a given site exits through one upstream during normal operation, a contract list of multiple peers may not prevent customer impact. The customer should ask for active carrier diversity, IPv6 treatment, DDoS response, maintenance notice practice, and whether customer-owned prefixes can be announced or moved. The acceptable use policy prohibits activities such as denial-of-service attacks, port scanning, spam and using unauthorised IP addresses, which is normal for a hosting provider, but abuse handling can also lead to port blocks or service suspension during a security incident.

The third failure path is hardware stock. Bigstep's own public pricing is organised around named server types. If a customer's selected type is no longer stocked in the chosen country, a replacement may require a different CPU generation, different disk layout, different network card or migration to a different product. The customer should ask whether reserved servers guarantee replacement stock, what happens if a server class reaches end of life, and whether Bigstep can restore an image onto a newer class without application changes.

The fourth failure path is support congestion. A single-customer ticket can be manageable; a facility or upstream incident can create many tickets at once. Bigstep advertises 24/7 technical support, but public pages do not publish median response time, severe-incident targets, named escalation contacts or a current status incident archive. The buyer should test support before moving important workloads. Open a non-emergency ticket, ask a network question that requires engineering knowledge, ask a restore question that requires storage knowledge, and see whether answers are specific.

The fifth failure path is customer-side portability. The terms place backup responsibility on the client, and Bigstep's technical documentation shows managed access requirements and storage-specific behaviours. A customer that has no independent backup, no infrastructure description outside Bigstep's console, no export path and no tested restore will be locked into the pace of Bigstep's support during any incident.

The better posture is to keep independent backups, keep system images or configuration in a customer-controlled repository, document DNS and certificate recovery, and keep a migration plan to another bare-metal or virtual environment.

Data sovereignty and locality

Bigstep's directory region for this article is GB, and that is supported by corporate registration, RIPE organisation country and UK contact surfaces. The service, however, is not only a UK story. The contact page lists Romanian operations, the configuration page shows Great Britain and Romania as deployment options, and one RIPE allocation tied to Bigstep Cloud Limited carries a DE country field. That mix is common in European hosting, but it should change the way buyers speak about sovereignty.

The question is not "is Bigstep a UK company?" The question is "where will my compute, primary data, snapshots, backups, logs, support access and emergency replacement land?"

Bigstep's privacy notice says it can act as a controller or processor depending on context, applies to visitors, customers, partners, job applicants and hosted personal data situations, and says Bigstep provides services under client instructions for personal data hosted by clients. It also says Bigstep implements physical, administrative and technical safeguards and points to UK and Romanian data protection authorities for complaints. That is useful compliance framing, but it is not a data-residency guarantee for a specific workload.

For a customer in financial services, healthcare, public sector, critical infrastructure or regulated ecommerce, the missing document is a workload-specific location schedule. The schedule should name the deployment country, the backup country, whether support staff may access systems remotely from other countries, whether service logs or billing data are transferred, and whether Bigstep uses subcontractors for facilities or network services. If the customer needs UK-only hosting, it should not rely on a UK sales phone number or a GB route object.

It should require contract language, technical configuration and a restore test that keeps the workload inside the agreed boundary.

Locality also has a performance angle. The official pages do not publish latency maps or user-region benchmarks. A customer serving UK users from a GB deployment may get good results, but route selection, carrier congestion and DDoS filtering can still change performance. If a workload is latency-sensitive, the buyer should run traces, HTTP tests and transfer tests from expected user locations before committing. The buyer should also repeat those tests after deployment, because a bare-metal server can be correctly located and still perform badly if transit changes.

Public signals that should not be overread

There are several public signals around Bigstep that are useful as hints and dangerous as proof. The first is the site itself. It remains reachable, contains signup and login links, lists support and billing contacts, and exposes product and pricing pages. That suggests an active commercial surface. But stale copyright lines, old blog assets and dated wording mean the site should not be treated as a fresh operating manual. A buyer should confirm every plan, SLA, location, support and certification point with Bigstep before purchase.

The second signal is code and infrastructure integrations. The Metalsoft Terraform provider repository describes a Terraform provider for MetalCloud, shows recent repository activity in July 2026 through GitHub metadata, and points to a lineage in which Bigstep's Metal Cloud automation is connected to Metalsoft naming. That does not prove Bigstep's public hosted capacity is expanding. It does suggest the underlying bare-metal management software has a continuing public development trail. The buyer should distinguish between management-software activity and hosted-capacity evidence.

The third signal is public customer logos and old case-study style marketing. The homepage displays customer logos and points to resources, while the blog contains use-case articles for ecommerce, analytics and bare-metal FAQ content. These are marketing signals. They may help explain the workloads Bigstep wants to attract, but they cannot prove current customer volumes, retention, support quality or spare capacity.

The fourth signal is the absence of some public markers that larger networks often maintain. No public PeeringDB net record was returned for AS201471. There is no obvious current public status page in the sources reviewed. There is no facility list with data-centre names, certifications by site, power design or carrier maps. Those absences do not show that Bigstep lacks those things. They show that a third party cannot verify them from public sources alone.

The evidence that would settle the matter would include a current customer status page, a current data-centre and carrier summary, audited location statements, recent incident history and contractual recovery targets.

Who is affected when it fails

The affected party is not just Bigstep. It is the customer whose service design assumes Bigstep will provide capacity, network reachability, support and billing continuity. A small ecommerce customer may see a server failure as checkout downtime. A software company using Bigstep for a database may see a rack or storage issue as both downtime and data-risk exposure. A managed-service customer may have less direct control during an incident because the provider's staff have to act. An analytics customer may lose batch windows if a large node or storage pool is unavailable.

A regulated customer may face reporting obligations if logs, personal data or backups become unavailable or move outside an agreed location.

The customer can reduce that exposure, but only by designing around the physical facts. Run at least two application nodes if the workload matters. Ask Bigstep whether the nodes can be placed in separate racks or sites. Keep databases backed up outside the primary Bigstep storage service. Test restore speed, not only backup creation. Keep DNS, certificates, images and secrets under customer control. Monitor routes and latency from outside Bigstep. Keep billing contacts current. Make sure support can reach the right people at the customer during a maintenance window.

Bigstep's terms define planned interruptions as maintenance, routine or upgrade work that may affect service availability, and say the company will endeavour to give at least two business days' notice for planned interruptions outside standard Saturday night to Sunday morning UTC maintenance windows, except for emergency work and requested interventions. That language is normal, but it affects customers who run 24/7 services.

The customer should ask how maintenance interacts with the 99.99 percent uptime claim on the pricing FAQ, how credits are calculated, whether emergency work is excluded, and how much notice is provided for upstream carrier maintenance.

In this respect, Bigstep looks less like an invisible commodity cloud and more like a specialised hosting provider whose value depends on operational intimacy. That can be positive. Smaller providers can give useful support and dedicated hardware where a hyperscale platform feels impersonal or expensive. But the buyer has to price the concentration risk. If Bigstep is the only place a workload exists, the customer is sharing its recovery fate with Bigstep's racks, carriers, spare parts and people.

The diligence list

A serious buyer should begin with five documents or answers. First, ask for a current service-location statement: which country, which facility type, whether Bigstep owns or leases the racks, and whether the requested server type is available in more than one site. Second, ask for a network statement: active upstreams by site, normal route preference, IPv6 support, DDoS arrangements and maintenance notices. Third, ask for a hardware statement: current server classes, replacement policy, spare stock, end-of-life treatment and whether reserved service includes equivalent replacement.

Fourth, ask for a restore statement: snapshot limits, backup retention, backup location, restore test process and whether Bigstep can restore to a different site. Fifth, ask for support and billing escalation: severe-incident targets, after-hours access, billing emergency path and named escalation contacts for production customers.

The buyer should also test the public claims before relying on them. The pricing FAQ says provisioning takes around five minutes. Run a small deployment and time it. The site advertises high-speed networking. Run sustained transfer tests and check whether performance is consistent. The contact page promises support channels. Ask a hard technical question and measure the answer. The route data shows active upstreams. Run traceroutes from target markets and compare them over several days. The privacy notice describes Bigstep as a processor for hosted data under customer instructions.

Ask for the data-processing terms and check whether they match the workload.

For existing customers, the immediate task is portability. Export critical data. Record server builds. Keep access credentials independent of the Bigstep console. Check whether SSH keys for old delegated users remain on active servers, because Bigstep documentation warns that keys are not automatically deleted from already active servers when privileges are revoked. Confirm whether local disks are covered by backup or snapshot processes. Confirm whether every server has a monitoring and alert path outside the provider itself. Then run a restore drill with a low-risk service.

For Bigstep, the clearest way to raise public confidence would be to publish a current infrastructure assurance page: active countries, product availability by country, network peers by country, support targets, maintenance window rules, backup limits, status-page history and data-location commitments. It does not need to reveal cage numbers or sensitive network diagrams. It simply needs to let customers separate current operating reality from older marketing material. In the absence of that page, the service can still be useful, but buyers must rely on direct diligence.

Operating grade

Bigstep Cloud earns a medium evidence grade for network existence and a weaker evidence grade for public operating depth. The positive case is clear: the UK company is active, corporate filings are recent, RIPE identifies the organisation as a GB local internet registry, AS201471 is announced, BGP.tools lists active originated address space and upstreams, and Bigstep's own site still sells bare-metal cloud, pricing, support and managed services. This is not a negative finding.

The caution is equally clear. Public sources do not disclose exact active facilities, rack diversity, owned versus leased facility boundaries, spare stock, support depth, real status history, customer counts, route-performance history, backup-location detail or cross-site recovery commitments. Bigstep's service promise rests on physical assets and people, and the public record does not let a buyer verify all of those assets from outside. The right conclusion is not "avoid Bigstep." It is "treat Bigstep as a specialist hosted-capacity provider whose current operating facts must be checked before production reliance."

That conclusion fits the title: Bigstep sells hosted capacity, but hosted capacity still depends on racks, transit and repair windows. A buyer that understands those dependencies may find a useful bare-metal option for workloads that need dedicated hardware and predictable performance. A buyer that treats the service as magically elastic cloud may be surprised when the real recovery path runs through a data-centre country selector, a specific server class, a carrier route, a support queue, a backup boundary and a maintenance notice.