easy to adopt, easy to use, easy to leave service description Compute as a Service (Production) IaaS version 6.0 Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 1 of 20 Open Contents Highlights .............................................................................................................................. 3 Overview ............................................................................................................................... 3 Example use cases ............................................................................................................... 4 Trial service .......................................................................................................................... 4 Information assurance........................................................................................................... 5 Product features.................................................................................................................... 5 Technical features................................................................................................................. 6 Service options ..................................................................................................................... 6 Backup / Recovery & Disaster Recovery ............................................................................... 7 Service levels ........................................................................................................................ 9 Pricing ................................................................................................................................. 10 Appendix ............................................................................................................................. 16 Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 2 of 20 Open Highlights UK Sovereign – an assured cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff Disaster Tolerant – two Tier 3 UK data centres separated by more than 100km and securely connected by high bandwidth, low latency dedicated connectivity enabling synchronous replication Optimised for OFFICIAL – hosted in the UK & operated by SC cleared staff, the service benefits from extensive independent validation (including CESG PGA) that it is properly aligned with CESG Cloud Security Principles making it the ideal service for all data classified at OFFICIAL (including OFFICIAL-SENSITIVE) and legacy IL0-IL4 solutions Flexible Connectivity options – Connect via our DDoS protected Internet, a government community network (e.g. PSN Assured service, PSN Protected service, N3 or legacy GCF networks including PNN, GSI, GSE etc.) or by HybridConnect – using your own dedicated circuits such as CPA encrypted tunnels, Leased Lines or MPLS Advanced Cross Domain Security Zone – A secure managed or self-managed area that can enable citizen access over the internet to data hosted on the Elevated domain Exceptional value – from £0.02 per hour for workloads which are not performance sensitive or from £0.03 per hour for workloads requiring predictable performance) Immediately available at all Security Domains – zero delay to your project Flexible and Adaptable – add, remove or change your solution via the Skyscape Portal or our fully documented API Overview Compute as a Service from Skyscape is an Infrastructure as a Service (IaaS) offering which enables organisations to rapidly provision and scale secure Virtual Machines in minutes, in a flexible and autonomous manner. Skyscape provides this service across two security domains Assured OFFICIAL (PGA IL2) and Elevated OFFICIAL (PGA IL3) and 4 Service Levels – up to 99.99% availability – allowing consumers to precisely match their application / user needs to an appropriate security domain, service level and cost instead of designing to the highest level when not needed. The service benefits from extensive independent assurance: CESG Pan Government Accredited at both IL2 and IL3 PSN Accredited for both the PSN Assured service and PSN Protected service Alignment with international standards including ISO27001 and CSA STAR Hence, the service provides the most robust levels of assurance for data classified as OFFICIAL or OFFICIAL-SENSITIVE. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 3 of 20 Open Skyscape’s service has been designed specifically for the UK public sector and is available only to the UK public sector. The service supports and complies with all relevant areas of the Government ICT Strategy and Information Principles for the UK Public Sector. Skyscape’s datacentres are some of the most energy efficient in the world and as such support the Green Government ICT Strategy in full. Example use cases Skyscape support the Government’s Cloud First policy by delivering a true Cloud computing service that has achieved PSN accreditation and adheres to the NIST definitions – resource pooling, on-demand, rapid scalability and transparent, utility style billing. The service can help organisations in a number of ways: Migrate away from existing physical environments. Delivery of new applications and services designed for cloud. Support & facilitate Agile project delivery in line with the GDS Service Design manual. Test, evaluation and consolidation of existing services. Compute as a Service provides consumers with a virtual data centre in which they build, configure and control their VMs, with their own self-managed firewall and full API available for programmatically controlling their compute estate – all for a simple, low, hourly price per VM. Simpler Better Cheaper Organisations wanting to consolidate or grow their existing infrastructure by migrating / deploying on a Pan Government Accredited Cloud platform, significantly reducing the complexity and constraints of traditional hosting models. Based on ubiquitous VMware technology, consumers can make best use of the service without having to learn unfamiliar platforms. Organisations can choose from a range of service levels to match their requirements and budgets. The platform is designed to offer on-demand responsiveness, flexibility and scalability enabling organisations to better control their environment (including an option to programmatically control their environment via the API). Based on a true Cloud utility model, organisations can reduce their costs by paying for the resources they consume on an hourly basis – there are no minimum monthly commitments and when the VMs are not needed they can simply be turned off (further reducing their charges) and then simply restarted when required. Trial service Skyscape offer a 30 day free trial. This is a defined pool of resources (equal to 5 Small VMs (10vCPU and 20GB RAM total)) which can be configured to create a combination of VM sizes up to the total resources allowed, and with a maximum of 5 VM instances. This is done by the consumer within the compute environment. The VMs will be on the Assured Domain at the BASIC Service Level and Operating systems are included in the trial. Free Trial conditions as outlined in Appendix A of Skyscape Standard Terms & Conditions will apply. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 4 of 20 Open Information assurance The Skyscape assured cloud platform is designed and optimised to meet the unique information assurance needs of UK public sector organisations. UK Sovereign cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff Suitable for all data classified at OFFICIAL, including OFFICIAL-SENSITIVE data under the Government Security Classification Policy (GSCP) Suitable for legacy IL2, IL3 and IL4 (by aggregation) systems under the Government Protective Marking Scheme (GPMS) Extensive independent validation of alignment with the CESG Cloud Security Principles CESG Pan Government Accredited at both IL2 and IL3 Accredited PSN Service enabling secure, compliant access via both PSN Assured & PSN Protected networks Independently certified against ISO27001, ISO9000, ISO20000, Cyber Essentials Plus and members of the Cloud Security Alliance Secure (List X) and resilient (Tier 3) UK data centres facilities capable of hosting data classified at SECRET Advanced Cross Domain Security Zone – designed to facilitate controlled connectivity between higher security domains (e.g. PSN Protected) and lower security domains (e.g. OFFICIAL). Protective Monitoring (aligned with GPG13) across all Skyscape platforms Product features Compute as a Service provides an accredited, secure and highly scalable compute platform which offers the following benefits: Agile – Build and configure VMs within minutes via a secure self-service Portal. Users can add more (or less) resources when needed Flexible – A range of services levels and VM sizes – chose the right service at the right price for what you and your application / data require Value – Billed by the hour / resources used – enabling significant cost savings if VMs are turned off when not needed and simply restarted when they are Innovative – Cross Domain Security Zone – designed to facilitate citizen access to secure systems (e.g. between the Assured and Elevated platforms (IL2 to IL3)), code migrations, browse down management, etc. Assured Security – the platform is Pan Government Accredited and PSN Accredited at both IL2 & IL3, hosted in highly resilient Tier 3, UK sovereign data centres and benefits from Protective Monitoring Green – the Skyscape service is based in UK data centres which offer market leading efficiency around power and cooling Geodiversity – the platform spans two UK data centres separated by over 100km Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 5 of 20 Open Technical features Underpinning the service is a range of features that make it easy to use and control. Via the secure portal or API, organisations can: Stop, start, clone and delete VMs whilst managing firewall security rules and load balancer policies Reconfigure virtual hardware “on the fly” – changing memory, processors, network and storage as and when needed Set and control access, user profiles and capabilities Upload own VM images, applications and data, or alternatively select from Skyscape’s catalogue of template based standard OS configurations Control the environment via an easy-to-use self-service portal or programmatically through a documented API Connect via a variety of networks; PSN, Internet, N3, legacy GCF networks such as GSI, GSE, PNN, etc and HybridConnect options Skyscape use VMware vSphere as the hypervisor for this IaaS service. This gives consumers the widest choice of supported operating systems within their VM’s – including a large selection of open source platforms Skyscape provide a Virtual Firewall as part of its service. The performance characteristics are outlined in the Technical Requirements section. If consumers require more advanced or specific features, they are recommended to deploy (and license) their own appliance Service options Skyscape provide four Service Levels to choose from: T&D compute is hosted in one UK DC with no backup included by default. Typical use cases can include short term testing and development projects or less critical workloads such as temporary applications. If backup is required then consumers can pay per GB at the rates above or deploy their own solution using Skyscape Cloud Storage. BASIC compute is hosted in one UK DC with no backup included by default. Typical use cases can include true cloud applications which are designed for failure, short term Pilots & PoC’s or when disposable compute resources are required. If DR/site resilience is required, consumers can deploy independent systems in each of Skyscape’s data centres. If backup is required then consumers can pay per GB at the rates above or deploy their own solution using Skyscape Cloud Storage. STANDARD compute is hosted in one UK DC and includes a remote backup for 14 days within the price of both the VM and additional storage. In addition, backups can be stored for 28 days at an additional charge. Typical uses cases include Enterprise / Production environments requiring the additional protection of automated backup included. This solution can be engineered to help a consumer design a solution that is highly resilient as consumers can deploy independent systems in each of Skyscape’s data centres (similar to the concept of availability zones). ENHANCED compute offers the consumer a turnkey solution that contains a highly resilient environment by continually replicating the live VMs over to the second DC in real time, Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 6 of 20 Open offering near zero RPO and RTO’s to help consumers with their Disaster Avoidance plans. The service includes a local and remote backup for 14 days within the price of both the VM and additional storage. In addition, backups can be stored for 28 days at an additional charge. This service leverages synchronous replication to ensure data is always available at both data centres – consumers should be aware of the additional latency this incurs. T&D BASIC STANDARD ENHANCED Service Level Agreement 99.90% 99.99% 99.99% 99.99% Compute Environment Location Single UK DC Single UK DC Single UK DC Dual UK DC Disaster Recovery between DCs No No No Yes Performance of VM Contended Uncontended Uncontended Uncontended Automated VM Backup Optional Optional Included - Remote Included – Local and Remote Storage included (GB) [1] 50 50 50 50 Protective Monitoring DDoS Protection 1 Included for the Assured and Elevated OFFICIAL platforms at the hypervisor layer and below. Specialist DDoS mitigation service included for services accessed over the internet Micro VM has 10GB of storage included. Backup / Recovery & Disaster Recovery As standard, localised component failures are tolerated within the infrastructure by eliminating all single points of failure (including physical server failure or disk failure). Depending on requirements, consumers may wish to consider building in high availability and fault tolerance at the application level (e.g. load balancing across multiple virtual machines) or purchasing capacity on the Skyscape Cloud Storage on which secondary copies of data can be stored. This can be achieved via manual data copy, scripted data copy or the use of supported backup applications such as Commvault, Networker and others. Such data can be replicated between data centres for even higher data protection. Automated VM Backup and DR can be selected as per the table below: T&D BASIC STANDARD ENHANCED Backup Availability Optional Cost Optional Cost Inclusive Inclusive Default Retention Period 14 days 14 days 14 days 14 days 28 day Retention Period Optional Cost Optional Cost Optional Cost Optional Cost Replicated Backup No No No Yes Backup Location Remote DC Remote DC Remote DC Local and Remote DC Backup Frequency Once every 24 hours Once every 24 hours Once every 24 hours Once every 24 hours Recovery Via Service Request Via Service Request Via Service Request Via Service Request Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 7 of 20 Open Automated VM Backups include the whole Virtual Machine (crash consistent snapshot) and so partial backups are not supported. Automated VM Backups do not include the Virtual Data Centre configuration (e.g. firewall rules, load balancing configuration, etc). Automated VM Backups of virtual machines utilising the ‘Shared Disk’ option are not available – consumers using this option must backup their systems themselves. Skyscape do not guarantee how quickly a restore can occur as this is based on the amount of data. A restore of a VM from backup will incur additional (hourly) charges based on the resources consumed i.e. it will be treated as another VM. Disaster Recovery For consumers choosing the ENHANCED Service Level: Skyscape will automatically replicate the VMs and associated data to a second UK locale which provides a robust solution for more substantial failure of the primary environment (e.g. site failure). This option is best for consumers looking to mitigate the risk of infrastructure failure such as; data centre failure (power/cooling), significant hardware failure, and similar. At the T&D, BASIC and STANDARD service levels: Consumers looking to mitigate a wider variety of failures (e.g. application failure, data corruption, etc) or desiring more control and visibility relating to replication, failover, failback and DR testing can design their own DR solution. Consumers can choose to deploy independent VM’s in each site and implement application level replication utilising Skyscape’s secure and scalable inter-datacentre circuits (at additional cost). In the event of a site failure, the consumer is in control of the failover their environment to the second data centre. Alternatively, consumers can choose to have backups stored at the remote site. In the event of a major failure affecting the primary data centre, Skyscape will endeavour to allow consumers to re-provision their environment within the second data centre. Consumers should note that this is subject to available capacity within the second data centre. If consumers require certainty that capacity will be available in the event of DR, it is recommended that VM’s are procured at the second data centre. Remote backups are included within the STANDARD service level. For T&D and BASIC service levels, consumers can achieve a similar outcome by backing up to Skyscape Cloud Storage. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 8 of 20 Open Service levels Skyscape will use reasonable endeavours to ensure that the availability of the Skyscape service purchased by the consumer in a given calendar month equals the applicable Availability Commitment. To define availability, Skyscape monitors a number of service elements – some generic, some service specific – which collectively enable the consumer to use or access the Service. If the availability of the Service is less than the associated Availability Commitment, the consumer may request Service Credits for the Service within 30 calendar days of the Service being deemed unavailable. For more detailed information on our SLAs please request the Skyscape SLA Definition Document. Skyscape provide both an Availability SLA and Response Time SLA for Compute as a Service as per the following table. Availability (monthly*) T&D BASIC STANDARD ENHANCED 99.90% 99.99% 99.99% 99.99% P1 – P2 – P3 – P4 – Incident response Service credits 3% of monthly spend per VM within 15 minutes within 4 hours within 24 hours within 72 hours 5% of monthly spend per VM 10% of monthly spend per VM 15% of monthly spend per VM * Availability indication based on an average 730hrs per month. - excludes Emergency Maintenance. Unavailability applies to existing VMs where the VM becomes unresponsive due to a fault recognised at the hypervisor layer or lower, for example: Fault is not caused by the consumer (OS, Applications, user networks). Fault is within Skyscape controlled components such as the virtual infrastructure, storage, power and physical firewalls & routers etc. External connectivity providers (e.g. internet, PSN), and components co-located at Skyscape are also not included in the availability calculation. In addition, Skyscape also provide an Availability Service Level Target on the Skyscape Portal and API i.e. the ability to login to manage your environment via portal, create support tickets and use other functions. Access to the API allows direct commands to be sent to the environment for programmatic control of the Skyscape Compute Service. Target Availability (monthly*) Client Portal and API Availability (monthly) Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 99.90% Open Compute as a Service (Production) Page 9 of 20 Pricing Cloud VM pricing T&D STANDARD ENHANCED Elevated Assured Elevated Assured Elevated Assured Elevated Assured RAM (GB) 2GHz vCPU Micro1 BASIC 1 (500MHz) 0.5 £0.020 £0.040 £0.030 £0.050 £0.050 £0.070 £0.250 £0.340 Tiny 1 2 £0.060 £0.100 £0.100 £0.140 £0.140 £0.210 £0.280 £0.450 Small 2 4 £0.080 £0.120 £0.140 £0.170 £0.190 £0.290 £0.330 £0.540 Medium 4 8 £0.120 £0.180 £0.260 £0.310 £0.330 £0.480 £0.430 £0.710 Medium High Memory 4 16 £0.240 £0.330 £0.390 £0.470 £0.470 £0.680 £0.680 £1.110 Large 8 16 £0.270 £0.380 £0.530 £0.640 £0.680 £0.990 £0.890 £1.460 Large High Memory 8 32 £0.500 £0.650 £0.860 £1.030 £1.100 £1.600 £1.630 £2.390 Tier 1 Apps Small 8 48 £0.670 £0.890 £1.200 £1.420 £1.520 £2.210 £2.220 £3.240 Tier 1 Apps Medium 8 64 £0.840 £1.110 £1.520 £1.800 £1.940 £2.830 £2.790 £4.150 Tier 1 Apps Large 8 96 £1.180 £1.560 £2.190 £2.570 £2.780 £4.050 £3.930 £5.970 BASIC Storage (Primary storage only) £0.20 / GB / Month £0.20 / GB / Month N/A N/A Optimised BASIC Storage3 £0.35 / GB / Month £0.35 / GB / Month N/A N/A STANDARD Storage (including 14 day backup) N/A N/A £0.25 / GB / Month N/A Optimised STANDARD Storage3 (including 14 day backup) N/A N/A £0.45 / GB / Month N/A ENHANCED Storage (including replication & 14 day replicated backup) N/A N/A N/A £1.20 / GB / Month Optimised ENHANCED Storage3 (including replication & 14 day replicated backup) N/A N/A N/A £1.50 / GB / Month 14 day Backup Retention2 £0.50 / GB / Month £0.50 / GB / Month N/A N/A 28 day Backup Retention2 £0.75 / GB / Month £0.75 / GB / Month £0.15 / GB / Month £0.15 / GB / Month 1 Micro has a fixed 10GB storage allocation (no additional storage can be added to Micro VM’s) and a single 500Mhz vCPU. 2 Additional price per GB per month to retain backups for either 14 or 28 days. All storage allocated to each VM must have the same backup policy (no backup, 14 day retention or 28 day retention) – partial backups are not supported. e.g. a VM at STANDARD allocated with 200GB storage will cost £0.15p * 200GB = £30 per month for 28 day retention. 3 Optimised Storage provides a greater write performance profile for consumers. This storage: Exclusively uses RAID10 to accelerate write intensive workloads Only uses SSD and SAS disks (no nearline disks) to ensure that even inactive data delivers consistent performance Has a significantly higher proportion of SSD capacity to deliver better performance for active data Optimised Storage is available by request and is subject to availability Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 10 of 20 Open Consumers can also buy Skyscape Cloud Storage which provides a lower priced option for data which does not need the highest levels of performance. The hourly VM charges above are incurred when the VM is running. When the VM is stopped, the storage & backup charges are incurred at a pro-rated hourly rate based on the monthly charge above. This applies also to consumer specific template images, clones and snapshots. When the VM (and associated storage) is deleted, no charges are incurred. If reconfiguring or resizing a VM outside the pre-defined templates, pricing is based the next closest sized machine in an upwardly fashion. The pricing in the above table is based on GBP (£) per hour (part hour charged as a whole hour). Dedicated Compute Pricing Skyscape offer consumers dedicated compute in easily to consume packages, which provide defined resources on dedicated physical hosts. As per our on demand VMs, consumers build, configure and manage their environment themselves; however this model offers the additional benefits of and ability to; License applications that require dedicated physical hardware such as Oracle or Windows Desktop. Deploy whatever VM size they want (up to the maximum allowed) using the resources available within the resource pool. Choose the resource contention between VMs - enabling greater flexibility between VM capacity and performance. Type Starter Pack Upgrade Pack Specification 20 cores 300GB RAM (usable) 20 cores 300GB RAM (usable) Assured £9,000 per month £4,500 per month BASIC Storage (Primary storage only) Optimised BASIC Storage3 BASIC 14 day Backup Retention2 BASIC 28 day Backup Retention2 £0.20 / GB / Month £0.35 / GB / Month £0.50 / GB / Month £0.75 / GB / Month STANDARD Storage (including 14 day backup) Optimised STANDARD Storage3 (including 14 day backup) STANDARD 28 day Backup Retention2 £0.25 / GB / Month Elevated £11,000 per month £5,500 per month £0.45 / GB / Month £0.15 / GB / Month Licencing £100 per month (Starter pack) £50 per month per Upgrade Pack £150 per month (Starter pack) £75 per month Upgrade Pack £100 (Starter pack) £50 per Upgrade Pack Windows (GSPLA) Windows (SPLA) RHEL Details: Consumers procure this service with a Starter Pack; they can then add resources by procuring upgrade packs. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 11 of 20 Open Storage is bought on a per GB basis and is not dedicated. Each resource pool and inherent VMs within can only be at either BASIC or STANDARD VMs. Consumer can only buy a maximum of 9 addition upgrade packs before they must buy another starter pack. Lead Time: from 10 days Minimum Term: 90 days Cancellation Notice Required: 90 days Ancillary Options The Skyscape Pricing Guide provides a comprehensive catalogue of pricing; including all ancillary service options available to consumers when used in conjunction with Skyscape Compute as a Service. Ancillary options include: Licenses/subscriptions for selected Operating Systems & Software. Offline facilities to support data ingestion and extraction. Connectivity options including PSN, N3, Internet etc. HybridConnect allows consumers to install their own dedicated leased lines in to the platform. Consumer can utilise Skyscape’s Data Centre Interconnect alongside their exiting form of connectivity to add their own resiliency between DC’s. Cross Domain Guard as described below. Limited support for Shared Disk configurations as described below. Support for Performance Testing and/or Security Testing of consumer’s solutions. Cross Domain Zone The Skyscape Cross Domain Security Zone enables consumers to securely transfer data between the Skyscape Assured OFFICIAL (PGA IL2) cloud platform and the Skyscape Elevated OFFICIAL (PGA IL3) cloud platform using CESG approved cross domain security patterns. The service is designed to enable consumers to achieve the goals of the Government Digital Strategy, specifically enabling PSN facing applications to be made available to citizens and Industry via the Internet. This service is available in two options: 1. Skyscape-managed Cross Domain Guard Skyscape provide a secure and scalable managed Cross Domain Guard which supports structured and inspectable HTTP based data flows. This option provides an immediately available multi-tenant Cross Domain Guard to support simple use-cases. 2. Self-managed Cross Domain Solution Skyscape provide self-service access to the Cross Domain Security Zone which enables consumers to create their own Cross Domain Solution using technology and application services of their choice. Skyscape provide an assurance wrap by managing firewalls Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 12 of 20 Open between the security zones and ensuring consumers use appropriate risk management to understand and mitigate identified risks. Pricing for this ancillary option can be found in the Skyscape Pricing Guide. Shared Disk Skyscape strongly recommend consumers implement application architectures that are designed for cloud – architectures which are typically loosely coupled and have a ‘shared nothing’ architecture. For consumers with legacy applications or designs which mandate a Shared Disk configuration, Skyscape are able to provide a limited service to meet this requirement which is only available through our Dedicated Compute option. Please contact Skyscape for more information about the limitations of this option. Pricing is included in the Skyscape Pricing Guide. Cloud Access Service Skyscape recognise that consumers may need to host physical devices in order to further enhance the security and performance of their cloud solutions hosted on the Skyscape Compute as a Service platform. Using the Cloud Access Service, consumers are able to host devices such as Hardware Security Modules (HSM), CPA Foundation Grade security gateways, WAN acceleration devices and so on as appropriate to consume and manage virtual machines on the Skyscape Compute as a Service platform. Pricing for this ancillary option can be found in the Skyscape Pricing Guide. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 13 of 20 Open Discount Schemes Customers can choose between either of the following two discount schemes: Option 1: Commitment Discount (Available for all Services, except Cloud Storage and Dedicated Storage) Consumers commit to spending a specific minimum amount each month for a minimum of 12 months. The discount level attained is based on the total spend committed. To achieve the discount, the consumer will fix a value that they will commit to spend for each month of the term. This must be in a single PO with each month as a separate line item. As consumers can consume more than their committed amount each month, they must also add an additional line item and value to cover any over spend. This must be part of the same PO. If the consumer has an existing contract, they must accept a Contract Change Notice and set the values as outlined above. Where multiple contracts are affected any changes will be made via a Side Letter. PO Value Discount Level <£250K 0% £250K-£499K 9% £500K-£749K 13% £750K-£1,499k 16% £1,500K + 19% Points: Individual projects or departments (billing entities associated with each monthly spend) can be amended during the year through discussion with and agreement from Skyscape; however the committed value cannot be reduced midterm. Consumers only get a discounted rate for each month, up to the set monthly figure i.e. not for over usage. At the end of each month Skyscape will do one of two things. o If the actual usage is above the committed value, Skyscape will take the value from the monthly commitment line item and the remaining balance from the Overspend line item. o If the actual usage is below the set value, Skyscape will bill the consumer the committed value. At the end of the 12 months, Skyscape will rebate the consumer the value of the applicable discount over the 12 month period minus any over usage for the last month. For example, the invoice for month 12 is for the committed consumption plus any overuse at standard prices with the potential for a 12 month rebate. If the Overspend PO line item value is spent prior to the 12 months, the consumer must issue a top up PO value for the remainder of the 12 months or increase their spend and commit to a further 12 months. The consumer will pay for any usage above the set amount at the standard rates. The discount is set based on the committed PO value, not the actual usage. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 14 of 20 Open Option 2: Annual Subscription Discount Customers can gain a discount off the standard rates by subscribing to pay for VM’s for a minimum 12 month period. Skyscape will take the discount of the annualised hourly cost of the VM which is payable in 12 equal monthly payments regardless of actual utilisation. Subscription Period Discount Level 12 Months 9% Customers will be required to specify the quantity of VM’s (by VM size, service level and impact level) that they wish to subscribe to. The Skyscape billing system will then automatically offset the cost of VM’s which exactly match the size, service level and impact level of specified VM’s. All other VM’s and ancillary services (e.g. additional storage allocated to subscribed VM’s) will be billed at standard Skyscape rates. Worked Example: If you know that you will be consuming a minimum of 20 Small, IL0 STANDARD VM’s for at least one year, you can make an Annual Subscription to those 20 VM’s and receive an effective 9% discount. The price of a Small, IL0 STANDARD VM is £0.19 per hour. This would usually cost £1664.40 per year (£0.19 x 24 hours per day x 365 days), so 20 of these VM’s would usually cost £33,288 per year. If you subscribe to these 20 VM’s for a year you will be entitled to a 9% discount (£2995.92) and hence the annual cost would reduce to £30,292.08 and you will be billed at £2524.34 per month. In the months that you are using less than 20 of these VM’s, you will still be billed £2524.34. In the months that you are using more than 20 of these VM’s, the additional VM’s will be billed at standard Skyscape rates. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 15 of 20 Open Appendix On-boarding and off-boarding On-boarding Within 4 hours of acceptance of an order, Skyscape will create the consumer’s Primary Administrator account and send the consumer a Welcome Pack which includes the URL for the Skyscape Customer Portal and associated authentication details. The consumer’s Administrator is then able to raise a support request to add Services. Via the portal the Administrator can create additional user accounts and allocate roles and privileges for users within their project. As Skyscape has two UK DC’s, a consumer can request to be deployed into a specific one at the time of the order if they require. Whilst unlikely to ever be rejected, this remains at Skyscape discretion. Off-boarding Prior to terminating the contract, the consumer is able to transfer all their data out of the solution (e.g. using the Skyscape portal to export Virtual Machines). When the organisation terminates their agreement with Skyscape, Skyscape ensures all of the organisation’s data is deleted. Service management As a true Cloud service aligned to the NIST definition of IaaS, the service is designed to be self managed via the secure online Skyscape portal (or API) which provides common Service Management functionality and addresses standard requirements. On rare occasions, Skyscape may decide to assign an experienced, qualified ITIL Service Delivery Manager to some consumers. In these cases, the SDM will provide additional assistance with reporting, incident escalation and continual service improvement, at all times following Skyscape’s ISO20000 certified ITIL-based process framework. For Organisations that require more of a managed service, Skyscape work with a number of Partners which have extensive capability to provide a Managed Service wrapper around the Skyscape IaaS. Skyscape will be pleased to make an introduction where appropriate. Service constraints The Skyscape platform is engineered to be highly resilient and is able to tolerate both unplanned component failure as well as planned Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 maintenance activities. Skyscape is committed to frequent and regular maintenance of the platform to ensure that the service delivers the highest levels of security and availability. Hence, the following conditions apply: Compute as a Service “Planned Maintenance” means any pre-planned maintenance of any of the infrastructure relating to the Service. In accordance with our design principles, Planned Maintenance will have no impact on the availability of the virtual machines running on the Service. However, the Planned Maintenance activity may result in short periods of degraded service (for example, temporary performance degradation). In such cases, Skyscape shall provide affected Customers with at least fourteen (14) days advance notice of the Planned Maintenance. If during Planned Maintenance there is a loss of availability to virtual machines on Compute as a Service, an SLA event will be triggered and for affected Customers this time shall be included in the availability calculation and monthly service reporting related to Compute as a Service. “Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the Service. Whenever possible, Skyscape shall: a) provide affected Customers with at least six (6) hours’ advance notice and b) carry out the emergency maintenance between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday or between the hours of 08:00 and 12:00 (UK local time) on Saturday or Sunday unless there is an identified and demonstrable immediate risk to Customer environment(s). Emergency maintenance may result in periods of degradation or loss of availability depending on the nature of the activity required. If during Emergency Maintenance there is a loss of availability to virtual machines on Compute as a Service, an SLA event will be triggered. However, this time shall be excluded in the availability calculation but will be included in monthly service reporting related to Compute as a Service. Customer Portal & API “Planned Maintenance” means any pre-planned maintenance of any of the infrastructure relating to the administrative components of the Services (i.e. the Customer Portal and API). Planned Maintenance activity may require short periods of downtime or degraded service (for example, loss of ability to manage or change the Services via the Customer Portal and API). In such cases, Skyscape shall provide affected Customers with at least fourteen (14) days advance notice of the Planned Maintenance. Open Compute as a Service (Production) Page 16 of 20 Open If during Planned Maintenance there is a loss of availability to the Customer Portal & API, an SLA event will be triggered. However, this time shall be excluded in the availability calculation but will be included in monthly service reporting related to the Customer Portal & API service. “Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the Services. Whenever possible, Skyscape shall: a) provide affected Customers with at least six (6) hours’ advance notice and b) carry out the emergency maintenance between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday or between the hours of 08:00 and 12:00 (UK local time) on Saturday or Sunday unless there is an identified and demonstrable immediate risk to Customer environment(s). Emergency maintenance may result in periods of degradation or loss of availability depending on the nature of the activity required. If during Emergency Maintenance there is a loss of availability to the Customer Portal & API, an SLA event will be triggered. However, this time shall be excluded in the availability calculation but will be included in monthly service reporting related to the Customer Portal & API service. Training Skyscape have created a number of videos, help guides, manuals and FAQs to help train and instruct users so that are up and running quickly and easily. Skyscape also have a number of Partners who are able to deliver additional services such as training, support and managed services. Skyscape would be please to introduce you to such partners where appropriate. Ordering and invoicing Billing for the service is monthly in arrears. Payment can be via Purchase Order and Direct Debit. Skyscape are preparing to be able to accept Debit/Credit Card payments (e.g. Government Procurement Card) – please enquire at time of order to check whether this is available. Service lead time Setting up a new account will typically be completed within 4 hours from acceptance of order. Once a Compute environment has been set up (Dedicated Compute has a 10 day lead time), consumers have instant access to additional compute and storage resources with no notice period required. This is all managed by the consumer themselves. Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Termination Terms At the point of termination, all consumer data, accounts and access will be permanently deleted, and will not be able to be subsequently recovered or restored. Consumers buying the Dedicated Compute option have a minimum term of 90 days and a 90 day notice period for cancellation. Costs There are no termination costs for this Service. Consumers are responsible for extracting their own data from the platform if required. Skyscape may make an additional charge for transferring data out of the service. Data restoration / service migration For service migration, Skyscape allows existing VM images built using VMware or compatible Open Virtualisation Format (OVF) to be migrated to and from the platform via the Skyscape Portal. In many circumstances, Skyscape can help facilitate a bulk migration to the platform using offline data ingest and extraction – please ask Skyscape for details. Consumer responsibilities The control and management of access and responsibilities for end users including appropriate connectivity, security and accreditation if required. Where access is required over Government Secure Networks such as N3 or PSN, the consumer is responsible for adhering to the Code of Connection and assigning appropriate IP addresses from their own allocation to their services hosted on the Skyscape platform. Management and administration of layers above the Hypervisor (e.g. OS patching, application performance monitoring, user administration, etc). As a core benefit of the Cloud Platform, consumers are expected to self-manage the environment including provisioning, stopping/starting virtual machines, AV, patching, etc. Where customers license operation systems through Skyscape, they will have access to update repositories. Consumers must be aware of the variable nature of the billing based on usage. The consumer is also responsible for ensuring only appropriate data is stored and processed by applications on this environment and that they comply with the Skyscape Security Operating Procedures (SyOps) and other information assurance requirements such as Protective Open Compute as a Service (Production) Page 17 of 20 Open Monitoring or as specified in Skyscape System Interconnect and Security Policy (SISP) and associated accreditation documentation sets. the N3 Information Governance Statement of Compliance process PSN Assured service – You will need to be a PSN Service Provider or a HMG customer that has PSN certification. HybridConnect – private circuit solutions including: Financial recompense model If the service level falls below the stated availability percentage (excluding Planned and Emergency maintenance periods), consumers will be eligible for service credits on affected VM’s only. Service credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the failure occurred (to be applied at the end of the billing cycle). o CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) o non-CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption o Site-to-Site VPN using standards based IPSEC solutions o Dedicated fibre connectivity within Ark Data Centre Service Level Service Credit T&D 3% of the affected VMs monthly spend BASIC 5% of the affected VMs monthly spend STANDARD 10% of the affected VMs monthly spend ENHANCED 15% of the affected VMs monthly spend Preferred connectivity is over a Government Secure Network such as N3, GSI or PSN N3 – for access to the Health and Social Care community. You will be required to complete the N3 Information Governance Statement of Compliance process. (additional controls may need to be implemented to enable N3 access to the higher security IL3 domain) PSN Protected service - You will need to be a PSN Service Provider or a HMG customer that has PSN certification. Legacy GCF networks such as GSI, GSE, PNN, etc via the PSN Protected service Skyscape Secure Remote Access service HybridConnect – private circuit solutions including: Client Portal and API Elevated OFFICIAL (Higher security domain) 1% of monthly spend per 1% below service level target or part thereof Technical requirements Consumers will require appropriate network connectivity such as internet access (Assured Security Domain) or accredited connectivity such as a government secure network (Elevated Security Domain) to the Skyscape Cloud Platforms. Connectivity via the internet, a government secure network (PSN or N3) or private leased line is available but may incur additional charges if the hosting of CPE routers is required - see the pricing section for more details. Where required, consumers are responsible for procuring and managing appropriate devices or software to meet the requirement for data security over the various forms of connectivity. o CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption Consumers have a number of options to choose from with Skyscape to access their environment dependant on their requirement. The list below provides a guide to demonstrate what is possible but may require further engagement with Skyscape to explain and validate further: o non-CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption o Site-to-Site VPN using standards based CPA approved solutions Assured OFFICAL (Lower security domain) o Dedicated bonded fibre connectivity within Ark Data Centre o Site-to-Site VPN using CAPS approved solutions (e.g. Ultra AEP X-Kryptor) Standard Internet connectivity over common protocols (HTTP, HTTPS, SSH, etc) N3 – for access to the Health and Social Care community. You will be required to complete Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 18 of 20 Open Virtual Firewall Skyscape offer customers a Virtual Firewall which is included as part of the service. Customers can request additional instances of this firewall but should note that each instance has the following performance limitations. Consumers should consider deploying alternative firewalls if needed. Max SSL VPN sessions: 5 Max IPSEC VPNs: Support up to 64 tunnels Firewall concurrent connections - maximum 750,000 Firewall performance - 7.2Gbps (Note that this includes traffic between tiers within the cloud environment) Load balancer concurrent connections maximum of 6000 Service description SC-SVC-02, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Compute as a Service (Production) Page 19 of 20 Skyscape Cloud Services Limited A8 Cody Technology Park Ively Road Farnborough Hampshire GU14 0LX +44 (0)1252 303300 info@skyscapecloud.com www.skyscapecloud.com @skyscapecloud © Skyscape Cloud Services Limited. All Rights Reserved. SC-SVC-02