G-Cloud Service Description Dimension Data Private Cloud Dimension Data – Private Cloud CONTACT INFO Andy Lancaster | E: andy.lancaster@dimensiondata.com| P: +44 12 5277 9649 1 G-Cloud Service Description Dimension Data Private Cloud Contents 1 1.1 1.2 2 2.1 2.2 2.3 2.4 2.5 2.6 Service Description ..................................................................................................... 3 Service Overview................................................................................................................................................... 3 Service Features .................................................................................................................................................... 3 Service Management .................................................................................................. 5 Support for the service ....................................................................................................................................... 5 Customer Responsibilities................................................................................................................................. 7 Client-Side Technical Requirements ............................................................................................................. 7 Service Constraints............................................................................................................................................... 8 Planned Maintenance Windows ..................................................................................................................... 8 Back Up / Restore and Disaster Recovery .................................................................................................. 8 3 Training ...................................................................................................................... 8 4 Information Security ................................................................................................... 8 4.1 4.2 4.3 4.4 5 5.1 5.2 6 6.1 7 7.1 7.2 8 8.1 8.2 8.3 9 Security level targeted ........................................................................................................................................ 8 Current security standards and certifications .......................................................................................... 9 Data Storage and Processing Locations ....................................................................................................... 9 Data Extraction and Removal ....................................................................................................................... 10 On-boarding ............................................................................................................. 10 Deployment .......................................................................................................................................................... 10 Configuration and Customisation ............................................................................................................... 10 Off-boarding ............................................................................................................. 11 Termination Policy ............................................................................................................................................ 11 Performance ............................................................................................................. 12 Service levels ....................................................................................................................................................... 12 Financial recompense model ........................................................................................................................ 12 Ordering and Invoicing .............................................................................................. 12 Billing Frequency ............................................................................................................................................... 12 Payment Terms ................................................................................................................................................... 13 Trial Service ......................................................................................................................................................... 13 Pricing Summary ....................................................................................................... 13 2 G-Cloud Service Description Dimension Data Private Cloud 1 Service Description 1.1 Service Overview Dimension Data’s approach for Cloud computing provides on-demand, self- service access to servers, applications and software development platforms; enabling clients to embrace a commoditised approach to technology and secure the best, low cost option for their hosting needs. PRIVATE COMPUTE-AS-A-SERVICE Dimension Data Private Compute-as- a-Service (CaaS) is a dedicated cloud Infrastructureas-a-Service (IaaS) that provides on-demand, self-service, pay-for- use access and control of virtual servers, tiered storage and networking. Our Private CaaS is hosted within a client’s data centre and includes enterprise-class security, controls and performance guarantees as well as a REST-based application interface (API) for easy integration into back end systems, enterprise system management tools or third-party cloud applications. Dimension Data Private CaaS provides clients with a secure and scalable private cloud environment for compute – hosted within a client data centre. A Private CaaS is available in multiple standard builds, each for a fixed monthly cost. TOP 5 FACTS ABOUT DIMENSION DATA’S PRIVATE CaaS Dimension Data’s Private CaaS is: High quality and high performance cloud computing for government and large organisations Build using industry leading hardware and software Fully automated and orchestrated via purpose-built software Comprises Servers, tiered storage and network elements coupled with WAN optimisation virtualisation technology and operating system software Deployed in a client’s data centre and is available in multiple standard build, each for a monthly fixed cost. DIMENSION DATA AND G-CLOUD Dimension Data offers a range of services through G-Cloud, we have provided commoditised services, specifically designed with the public sector in mind. Our services cover a breadth of specialist cloud services (lot 4) as well as strong infrastructure (Lot 1) services, designed to be easy to use, low cost, pay per use and secure. We are well placed to assist public sector organisations with developing and executing commoditised, multi-sourced approaches to technology and digital services, delivered through public and private cloud infrastructure. 1.2 Service Features Key features of Dimension Data’s Private CaaS are designed for government and large organsations, whilst being priced competitively and with ease of take-up and moving-away in mind. 3 G-Cloud Service Description Dimension Data Private Cloud SIMPLE-TO-USE, SELF-SERVICE Provisioning and termination of virtual servers, networks and tiered storage in minutes via our Cloud Control management system. Web-based administrative user interface (UI) and REST-based APIs Common interface across public and private cloud deployments Customisable look and feel of the home page of the user interface SECURITY, ASSURANCE AND ACCREDITATION We are targeting ‘OFFICIAL’- Assured Cloud and ‘OFFICAL-SENSITIVE’ - Accredited Cloud, in our current G-Cloud application, our ISO27001 certification is underway and will hopefully commence PGA accreditation shortly after. Our Private CaaS offers: Virtual private clouds with user-determined public Internet connectivity Unique customisable firewalls for security VPN administration of all servers Unique username/password for each administrator Role-based permissions controlling the activities of each user Audit logs of all environmental changes FULLY MANAGED SERVICE Comprehensive, ongoing management of the entire private cloud infrastructure Management of the underlying operating systems, VMware virtualisation software, hardware (servers, network and tiered storage), and cloud management system Dimension Data’s management processes address the key elements of implementation, change control, monitoring, patching, and lifecycle management so that cloud availability and performance are maintained Ongoing software lifecycle management, including evaluation of all major software releases from VMware, OS vendors, and the other components of the solution, to ensure they function as expected Dimension Data will review new features and capabilities of any releases and will update its software to allow you to take full advantage of new software USER CONTROLS Centralised control and billing In-depth usage reporting by asset Audit log reporting by user and department 24x7 phone support with ticketing/ status tracking PERFORMANCE DESIGNED FOR GOVERNMENT AND LARGE ORGANISATIONS Availability service level agreement (SLA) Latency guarantee 4 G-Cloud Service Description Dimension Data Private Cloud Industry standard technology, including VMware virtualisation, Cisco servers and networking, Dell servers, VMware virtualization, and EMC tiered storage Learn more about our Private Cloud: http://eucloud.dimensiondata.com SERVICE SPECIFICATIONS Cloud server infrastructure Operating systems supported Virtualisation platform Infrastructure providers CPU RAM Tiered Storage RedHat Enterprise Linux 6, Red Hat Enterprise Linux 5 , CentOS 6, CentOS 5, Ubuntu 10 LTS, Ubuntu 8 LTS, Microsoft Windows Server 2008 R2 Standard and Enterprise, Microsoft Windows Server 2008 Standard and Enterprise Microsoft Windows Server 2003 Standard and Enterprise VMware vSphere VMware, Cisco, EMC, Dell, Riverbed, NetApp 1-16, configurable 1 – 128GB, configurable High-performance, Standard, Economy tiers ranging from 600 GB – 10 TB, configurable 2 Service Management 2.1 Support for the service As part of buying our Private Cloud Service, Clients also get access to the following two support services included in the Cloud service pricing: PRIVATE CaaS ONGOING MANAGEMENT Dimension Data provides comprehensive, ongoing management of the entire private cloud infrastructure as part of the Private CaaS. This includes responsibility for maintaining the following: Physical infrastructure (servers, networking equipment, and tiered storage) Underlying operating systems VMware software Dimension Data CloudControl cloud management system Dimension Data’s management processes address the key elements of implementation, change control, monitoring, patching, and lifecycle management so that cloud availability and performance are maintained. 5 G-Cloud Service Description Dimension Data Private Cloud Ongoing software lifecycle management is a key component of the Private CaaS. Dimension Data evaluates all major software releases from VMware, Cisco and the other components of the solution, and tests these releases within its lab environment to ensure they function as expected. Furthermore, Dimension Data will review new features and capabilities of any releases and will update its operating system, virtualisation and Dimension Data CloudControl software to allow you to take full advantage of new software. Dimension Data’s multipoint monitoring systems scrutinise key system parameters, system availability, network and the overall user experience 24x7x365 to ensure the highest possible uptime and performance. UPTIME MANAGEMENT SERVICE Dimension Data’s Uptime Maintenance Service includes traditional break-fix support such as troubleshooting and incident restoration within agreed service levels. The service includes the following: Multi-vendor Management procures and manages underpinning contracts with multiple global and regional vendors. Incident Management enables a quick and accurate diagnosis of a reported incident and the determination of the necessary steps to resolution, thereby minimising downtime. Engineer to Site provides for dispatching of a technician to a client site when resources are unable to resolve the incident remotely. Parts to Site provides speedy replacements should any cloud hardware fail. GLOBAL SERVICE CENTRE Dimension Data’s monitoring systems report to a central aggregation engine that drives Dimension Data’s Private and Public CaaS client care and technical support for all emergency or after hours client-to-Dimension Data communications. The 24x7x365 Client Care Centre has the tools, technology, and administrative expertise to effectively support customer environments, including: 24x7x365 staffing with experienced technicians – first-level support is via our Global Service Centre; Level 1 and Level 2 industry expertise to resolve Severity 1 and Severity 2 issues immediately; In-depth domain knowledge, escalation management expertise and a focus on 100% client satisfaction. Private CaaS clients also have the choice of providing their end users with access to the Dimension Data’s Cloud Community. The community provides users and developers with the support, education and knowledge base to use the service to build applications on the Dimension Data’s Cloud. 6 G-Cloud Service Description Dimension Data Private Cloud In the case of an Incident, a client will need to provide sufficient explanation of the circumstances under which the Incident occurred or is occurring. Dimension Data will reasonably classify each call as an Emergency Incident, Other Incident or Service Request. If a call is misclassified initially, Dimension Data may reclassify it and respond accordingly. On each call, the GSC representative will assign a unique ticket number to Client, which Client can use to track its request. Following receipt of a client’s Incident report or Service Request, Dimension Data will contact the client via email or telephone to: provide them with information regarding the Incident or Service Request; and collect any additional information from them necessary or useful to facilitate Incident Correction or to respond to the Service Request. In addition to its Compute-as-a-Service offerings, Dimension Data offers to clients who have ordered Dimension Data’s Private CaaS certain additional services called Tech Ops Services. The Tech Ops Services are intended to provide basic system administration services such as operating system (OS) support, system monitoring and server backups for designated Cloud Servers. In order to enable Dimension Data to perform Tech Ops Services, a Client is required to make Dimension Data a full access Sub-Administrator for Client’s CaaS account, so that Dimension Data can help manage the Client’s CaaS environment and perform system administration tasks on Client’s designated Cloud Servers. Tech Ops Services are billed based on a monthly per-Cloud Server fee and the pricing is covered in the pricing document. For more information on Technical Support Services please see: http://www.dimensiondata.com/global/services/cloud-services/pages/caas-tech-ops.aspx 2.2 Customer Responsibilities Here are some of the key responsibilities we wish to highlight, a full list is contained within the supplier Terms and Conditions that apply to this service. ACCESS AND AUTHORISATION The client will take commercially reasonable steps to prevent unauthorized access to or use of the service and that users’ authentication details are protected. Should any unauthorised access or use occur, the client must notify Dimension Data promptly. 2.3 Client-Side Technical Requirements INFRASTRUCTURE WITHIN A CLIENT DATA CENTRE Dimension Data will install and manage the Private CaaS Service equipment at a client’s data centre, which will provide the public IP connectivity, space, power, heating, ventilation and air-conditioning for the equipment. Dimension Data will work with you to ensure that any unique data centre infrastructure specification or design guidelines are taken into account. Dimension Data also works with you to implement facility access and escalation procedures. 7 G-Cloud Service Description Dimension Data Private Cloud Dimension Data takes full responsibility for implementation and ongoing maintenance of the hardware and software layers. 2.4 Service Constraints There are no constraints with this cloud service. 2.5 Planned Maintenance Windows Dimension Data performs scheduled maintenance on the services (including maintenance related to the Software, MCP and other equipment and materials used for providing the Services) from time to time. In addition, Dimension Data may occasionally need to perform emergency or unscheduled maintenance; these maintenance activities may cause interruptions to the services. CaaS maintenance events normally occur Tuesdays or Thursdays, though we occasionally perform maintenance at the same time on other weekdays. The timing of the window for these events varies depending on the Geographic Region, but remains at the same local time (i.e. it is adjusted based on the Region's use of daylight savings time): North America: 05:45 AM US Eastern Local Time Australia: 09:00 PM Australia Eastern Local Time Indonesia: 09:00 PM Western Indonesian Local Time Africa: 08:00 PM South Africa Standard Local Time Europe: 09:00 PM Central European Local Time Asia-Pacific: 09:00 PM Japan Standard Local Time 2.6 Back Up / Restore and Disaster Recovery Unless backup services are included in the order as part of Tech Ops Services, Dimension Data will not be required to create, maintain or implement backups of any client content and that the client is solely responsible for such backup services. 3 Training Dimension Data Professional Services can engage to provide training to administrators and users of the platform. This is a chargeable activity, but, due to the intuitive nature of the platform is rarely necessary 4 Information Security 4.1 Security level targeted We are targeting ‘OFFICIAL’- Assured Cloud and ‘OFFICAL-SENSITIVE’ - Accredited Cloud. We are planning to embark on the process of Pan Government Accreditation following our GCloud 5 submission. 8 G-Cloud Service Description Dimension Data Private Cloud 4.2 Current security standards and certifications Dimension Data is accredited to ISO27001, the international security management standard. We operate very robust processes for safeguarding data and for maintaining the confidentiality of information. We are currently undertaking a gap analysis of the scope of the ISO27001 accreditations for the company, the data centre and this service. The outcome of this process will be a suitably scoped ISO27001 certification that will cover this service, which we aspire to take forwards through PGA accreditation at ‘OFFICIAL’ and ‘OFFICIALSENSITIVE’. Current Security Controls Network configuration Cloud files encryption Access Administrative control Server control Reporting Compliance Incident response API Configurable Layer-2 VLANs based on Ciscobased switching fabric; Customisable ACLbased firewall rules; NAT and VIP functions; Load-balancing and port translation; Multicast support for clustering implementations Data stored with 256-bit encryption at rest and 128-bit SSL encryption while in transit Public Internet and virtual private network (VPN) VPN administration of all servers; Unique username and password for multiple administrators; Role-based permissions allow administrator to limit subadministrators to manage only certain resources, such as servers, tiered storage or networks. Take servers in and out of service manually, programmatically, or based on monitoring probes Audit logs of all environmental changes SSAE 16 (formerly SAS70 Type II) compliant; US-European Union Safe Harbor Certified 24x7 incident response REST-based API 4.3 Data Storage and Processing Locations Private Cloud platforms are deployed within client data centres and can be accessed via their private network or the public Internet. A CLOUD MANAGEMENT PLATFORM ENABLING GLOBAL AVAILABILITY Dimension Data’s CloudControl cloud management system enables federation between Public and Private Managed Cloud Platforms (MCPs). Our strategically-located Public MCPs have the ability to interconnect or ‘peer’ with one another and other Private MCPs, as 9 G-Cloud Service Description Dimension Data Private Cloud capacity requirements ebb and flow to create a ‘Cloud Exchange’. This means performance and latency may be optimised and time-to- service reduced. This model also ensures that any data sovereignty requirements on a client’s part may be satisfied. 4.4 Data Extraction and Removal There are no extra charges for removing data from the service, the customer will only have to pay for the bandwidth used when transporting data away from their cloud services. 5 On-boarding 5.1 Deployment A client may request Services by submitting an Order to Dimension Data. This can be placed via the G-Cloud order form and contacting Andy.Lancaster@dimensiondata.com. Dimension Data will, on the completion of an order being placed issue a Welcome Pack. The Welcome Pack will include credentials to enable the designated administrator to access the services. A client will be deemed to have access to the Services on the date Dimension Data issues the Welcome Pack. Dimension Data will keep a record of the effective date for each order and each order will set forth the particular plan ordered and the applicable fees. 5.2 Configuration and Customisation CLOUD SERVERS Built on VMware’s vSphere Hypervisor, Dimension Data cloud servers are highly configurable, secure, virtual machines that provide granular control and allow easy customisation. Each cloud server can be configured with anti-affinity and up to 16 CPUs, 128 GB of RAM and 10 TB of tiered storage. Dimension Data offers three levels of tiered storage, including: High Performance – for mission critical online active files and database tables that require always-on availability Standard – ideal for Cloud applications using VM/VDI files, archiving of videos and images Economy – for offline master backup, disaster recovery and long-term retention To easily and seamlessly ensure business continuity and data protection while also offering choice; cloud backup is delivered through a self-service portal. These options are covered in the pricing section of this document. Our secure virtual machines are hosted on physical servers in the Dimension Data enterprise-class private cloud and are built on the infrastructures from Cisco, EMC and Dell. Dimension Data cloud servers support Microsoft Windows, Red Hat Enterprise Linux, Ubuntu and CentOS operating systems and can be deployed and managed either through the administrative UI or through corresponding functions of the open API. 10 G-Cloud Service Description Dimension Data Private Cloud CLOUD NETWORKS Cloud networks are VLANs built on Cisco hardware-based networking providing network isolation, security and performance for your environment. Cloud networks can be customised with additional networking features such as firewalls, load balancing, multicast and network address translation (NAT). Additional features include the following: o Private IP addressing for all cloud servers, with the ability for cloud servers located on separate cloud networks to communicate across this private IP space o Client-to-site VPN access for administrators to securely manage servers on their cloud networks o Customisable ACL-based firewall rules to control access into each network VLAN o NAT and VIP functions to expose private IP addresses to the public Internet o VIP functions support load balancing and port translation across multiple virtual servers, with the ability to take servers in and out of service based on client-defined monitoring probes o Multicast support for clustering implementations 6 Off-boarding 6.1 Termination Policy Subject to any Minimum Commitment Term, either party may terminate the agreement or orders by notice to the other party, for any reason or no reason, with termination to be effective at the end of the last day of the calendar month immediately following such notice. Either party may terminate the agreement or any orders upon notice to the other party if the other party materially breaches any term or condition of this agreement or any order and fails to correct such breach within fifteen days following notice specifying such breach. Within our Private Cloud service a client is able to do the following, which assist with on and off boarding: Cloning ability to duplicate virtual servers to create ‘customer images’ which can be used to deploy copies of a server configuration Capability to import/export server images which can be used to transfer virtual machines to and from a client’s own infrastructure There are no extra charges for moving away from the service, the customer will only have to pay for the bandwidth used when transporting data away from their cloud services. 11 G-Cloud Service Description Dimension Data Private Cloud 7 Performance 7.1 Service levels The following Service Levels apply to Private CaaS (each Service Level and the terms and conditions that apply are described in more detail here: http://eucloud.dimensiondata.com/Legal/Service-Level-Agreement) o Network Uptime Target – 99.95% Network Uptime Target o Server Uptime Target – 99.5% Server Uptime Target o Support Response Time Target – 30 minute Support Response Time Target for Emergency Incidents; and o Latency Target – <1 ms Latency Target for Latency between Cloud Servers in the same Vlan Actual performance against the above Service Levels will be measured using Dimension Data’s then-current monitoring tool as implemented by Dimension Data (the “Monitoring Tool”). 7.2 Financial recompense model Service Level Credits are available for this service and as such are the Client’s sole remedy and Dimension Data’s sole liability with respect to Dimension Data’s failure to meet the Service Levels. For a full description of the service credit regime please see the Service Level Credit section in the Supplier Terms and Conditions. 8 Ordering and Invoicing 8.1 Billing Frequency Usage-Based Plans For Usage-Based Plans, on or after the Effective Date of an Order, Dimension Data will deliver an invoice for the first calendar month’s Minimum Usage Fees (adjusted pro-rata for the remainder of the then-current calendar month) and, if applicable, the Set-Up Fee. Each subsequent month, Dimension Data will deliver an invoice for the Minimum Usage Fees for such month and, if applicable, Overage Fees for the immediately preceding calendar month (and prior calendar months, if such Fees have accrued but have not yet been invoiced). Minimum Commitment Plans For Minimum Commitment Plans, on or after the Effective Date of an Order, Dimension Data will deliver an invoice for the first calendar month’s Minimum Usage Fees and if applicable, Tech Ops Service Fees, both of which will be adjusted pro-rata for the remainder of the then-current calendar month, and if applicable, the Set-Up Fee. Each subsequent month, Dimension Data will deliver an invoice for: o the Minimum Usage Fees for such month; o if applicable, Tech Ops Service Fees for such month; and o if applicable, Overage Fees for the immediately preceding calendar month (and prior calendar months, if such Fees have accrued but have not yet been invoiced). 12 G-Cloud Service Description Dimension Data Private Cloud 8.2 Payment Terms Any Client-specific payment terms, including currency, dates and manner of payment, interest rates on late payment, and taxes, will be described in the applicable Order. Normal payment terms are 30 days in arrears and based on actual usage consumed. 8.3 Trial Service Dimension Data will invest in a 30 or 60 day proof of concept; a proof of concept can be set up by contacting Andy.Lancaster@dimensiondata.com. 9 Pricing Summary This is a high level summary of service pricing. Full details can be found in our separate pricing document. Customers buy the Private CaaS as a service from Dimension Data. They can choose from one of two initial configurations (Small and Medium), or request a customer configuration, each of which has a different set of resources available (CPU/RAM, VLANs, Storage, etc.). Additional resources can be added to the initial deployment as needed, but there are different maximum sizes that each initial configuration can potentially grow to. There is an initial fee to set up the service and a monthly fee based on the amount of resource deployed. The service is provided on a two-year contract. The term for resources added during the term of the original contract is made co-terminus with the original contract. DESCRIPTION One-time setup cost Minimum Config 128 vm’s, each of: o 2vCPU, o 4GB memory o 90GB storage UNIT 1 Dedicated compute and storage, per month UNIT PRICE (£) 65,000 19,500 13