easy to adopt, easy to use, easy to leave service description Dedicated Compute Cloud IaaS version 6.0 Open Contents Highlights .............................................................................................................................. 3 Overview ............................................................................................................................... 3 Example use cases ............................................................................................................... 4 Trial service .......................................................................................................................... 9 Information assurance........................................................................................................... 4 Product features.................................................................................................................... 5 Technical features................................................................................................................. 5 Service options ...................................................................... Error! Bookmark not defined. Backup / Recovery & Disaster Recovery ................................ Error! Bookmark not defined. Service levels ........................................................................................................................ 6 Pricing ................................................................................................................................... 7 Appendix ............................................................................................................................. 10 Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 2 of 14 Open Highlights Flexible compute solution delivered as a cloud service and designed to meet unique requirements for scale, budget and security Dedicated single-tenant cloud computing solution provides stronger assurance of isolation in line with CESG Cloud Security Principles UK Sovereign – an assured cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff Disaster Tolerant – two Tier 3 UK data centres separated by more than 100km and securely connected by high bandwidth, low latency dedicated circuits enabling synchronous replication Optimised for OFFICIAL – hosted in the UK & operated by SC cleared staff, the service benefits from extensive independent validation (including CESG PGA) that it is properly aligned with CESG Cloud Security Principles making it the ideal service for all data classified at OFFICIAL (including OFFICIAL-SENSITIVE) and legacy IL0-IL4 solutions. Flexible Connectivity options - connect via the Internet, a government community network (e.g. PSN Assured / Protected service, N3, etc.) or via HybridConnect (your own private circuits including CPA encrypted tunnels, MPLS, etc). Overview Dedicated Compute Cloud enables organisations to enjoy the benefits of the Skyscape Assured Cloud platform for a single-tenant (Private Cloud) compute infrastructure. This service is designed for organisations that have particular requirements which suit a dedicated compute infrastructure rather than a multi-tenant compute solution. Examples of such requirements are: Scale – organisations that require unique hardware configuration (e.g. high performance compute, SAP HANA, etc) Security – organisations that require additional isolation within the community of UK public sector consumers Budget – organisations that prefer capital expenditure (capex) and require ownership of the underlying hardware Dedicated Compute Cloud leverages the proven Skyscape Assured Cloud platform which provides the following benefits: UK Sovereign cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff Extensive assurance through independent validation and alignment with the CESG Cloud Security Principles Accredited PSN Service enabling secure, compliant access via government community networks including N3, PSN Assured & PSN Protected networks Comprehensive automation and orchestration enabling true consumption of the infrastructure as a cloud service (e.g. via the Portal and API) Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 3 of 14 Open Skyscape Dedicated Compute Cloud provides the most robust levels of assurance for data classified as OFFICIAL or OFFICIAL-SENSITIVE. Skyscape’s service has been designed specifically for the UK public sector and is available only to the UK public sector. The service supports and complies with all relevant areas of the Government ICT Strategy and Information Principles for the UK Public Sector. Skyscape’s datacentres are some of the most energy efficient in the world and as such support the Green Government ICT Strategy in full. Example use cases Simpler Better Cheaper Organisations wanting to reduce the complexity of managing compute. Dedicated Compute Cloud provides consumers with new levels of simplicity. No more managing compliance, hypervisors, hardware – just consume assured cloud computing Organisations seeking a better way to deliver the ‘Private Cloud’ element of their Hybrid Cloud strategy. Dedicated Compute Cloud provides secure, UK sovereign hosting, management by UK SC cleared experts and accredited connectivity to government community networks The Skyscape Assured Cloud platform already benefits from extensive independent assurance that it delivers the highest levels of security. Organisations avoid the costs of having to create the assurance, management and hosting platform for the Dedicated Compute Cloud platform Information assurance The Skyscape assured cloud platform is designed and optimised to meet the unique information assurance needs of UK public sector organisations. UK Sovereign cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff Suitable for all data classified at OFFICIAL, including OFFICIAL-SENSITIVE data under the Government Security Classification Policy (GSCP) Suitable for legacy IL2, IL3 and IL4 (by aggregation) systems under the Government Protective Marking Scheme (GPMS) Extensive independent validation of alignment with the CESG Cloud Security Principles CESG Pan Government Accredited at both IL2 and IL3 Accredited PSN Service enabling secure, compliant access via both PSN Assured & PSN Protected networks Independently certified against ISO27001, Cyber Essentials Plus and members of the Cloud Security Alliance (CSA) Secure (List X) and resilient (Tier 3) UK data centres facilities capable of hosting data classified at SECRET Protective Monitoring (aligned with GPG13) across all Skyscape platforms Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 4 of 14 Open Product features The Skyscape Dedicated Compute Cloud service provides a high assurance, PSN/N3 connected and cost-effective alternative to hosting and managing your compute infrastructure. The service provides the following features; Assured – hosted in the UK & operated by SC cleared staff, the service benefits from extensive independent validation (including CESG PGA IL3) that it is properly aligned with CESG Cloud Security Principles making it the ideal service for all data classified at OFFICIAL (including OFFICIAL-SENSITIVE) and legacy IL0-IL4 solutions. Dedicated – the compute platform is designed for the exclusive use of each consumer providing the highest levels of separation and isolation from other consumers (e.g. a Private Cloud) Automated – the compute solution is delivered as a cloud service through high levels of automation enabling self-service via the Skyscape Portal Cost-effective – Dedicated Compute Cloud can be purchased to suit all budgets including up-front capital expenditure (capex) and on-going operational expenditure (opex) Green – the Skyscape service is based in UK data centres which offer market leading efficiency around power and cooling. A Skyscape solution will generate less Carbon than many other solutions. Geodiversity – the platform can be designed to span two UK data centres separated by over 100km. Technical features Dedicated Compute Cloud provides the following features: Secure and flexible Software Defined Datacentre solution powered by VMware vCloud Director Integrates with existing, legacy and virtualized enterprise applications Native support of a wide variety of operating systems (e.g. Windows, Linux, Solaris x86, etc) and applications (e.g. Oracle, SAP, Microsoft, etc) Connectivity via a variety of networks; PSN Assured, PSN Protected, Internet, Legacy GCF networks (e.g. GSI, GSE, PNN, etc), N3 and HybridConnect options. Custom hardware configuration to support unique requirements (e.g. all flash arrays, processor to memory ratio, converged or modular infrastructure, etc) Automated systems management via the Skyscape Portal and API (e.g. showback of utilisation, health, availability) Option to implement a dual-site replicated Dedicated Compute Cloud solution Available within both the Skyscape Assured OFFICIAL (PGA IL2) platform and the Skyscape Elevated OFFICIAL (PGA IL3) platform Advanced software features are available such as; de-duplication, retention, replication, etc Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 5 of 14 Open Backup / Recovery & Disaster Recovery Skyscape provide the following service options to choose from: Compute Only: the Dedicated Compute Cloud is hosted in one UK DC with no automated VM backup included by default. Typical use cases can include true cloud applications which are designed for failure or where customers deploy their own backup solution using Skyscape Cloud Storage. Automated VM Backup: the Dedicated Compute Cloud is hosted in one UK DC and the consumer opts to pay for automated VM backups retained for 14 days (backups can be stored for 28 days at an additional charge). Typical uses cases include Enterprise / Production environments requiring the additional protection of automated backup. Automated VM Backups include the whole Virtual Machine (crash consistent snapshot) and so partial backups are not supported. Automated VM Backups do not include the Virtual Data Centre configuration (e.g. firewall rules, load balancing configuration, etc). Automated VM Backups of virtual machines utilising the ‘Shared Disk’ option are not available – consumers using this option must backup their systems themselves. A restore of a VM from backup will incur additional (hourly) charges based on the resources consumed i.e. it will be treated as another VM. Dual Site: the Dedicated Compute Cloud is hosted in two UK data centres (separated by over 100km) and offers the Consumer a solution that continually replicates the live VMs over to the second DC in real time. This service option offers customisable RPO and RTO’s to help Consumers with their Disaster Avoidance plans. Service levels Skyscape provide both an Availability SLA and Response Time SLA for the Dedicated Compute Cloud service as per the following table. STANDARD Availability (monthly*) 99.99% Incident response P1 – within 15 minutes P2 – within 4 hours P3 – within 24 hours P4 – within 72 hours Service credits 10% of monthly spend * Availability indication based on an average 730hrs per month. Excludes planned & emergency maintenance. Unavailability applies to existing data where the data becomes inaccessible due to a fault recognised at the IaaS layer or lower: i.e. fault is not within the Consumers control (OS configuration, customer applications, customer networks, etc) fault is within Skyscape controlled components such as the dedicated compute infrastructure, data centre facilities, physical firewalls & routers etc. External connectivity providers (e.g. internet, PSN, N3) and components co-located at Skyscape are also not included in the availability calculation. Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 6 of 14 Open In addition, Skyscape also provide an Availability Service Level Target on the Skyscape Portal i.e. the ability to log into the portal to create support tickets and use other functions. Target Availability (monthly*) Client Portal Availability (monthly) 99.90% Pricing Skyscape Dedicated Compute Cloud is available in two packages: Roles and Responsibilities All Inclusive Platform Only Procurement of Compute Hardware & related Infrastructure (e.g. Network) Skyscape Consumer Hardware Design & Deployment Skyscape Skyscape Capacity Management Skyscape Consumer Availability Management Skyscape Skyscape Health Management Skyscape Skyscape Performance Management Consumer Consumer Support & Maintenance Skyscape Skyscape Assurance & Compliance Skyscape Skyscape All Inclusive The All Inclusive package provides consumers with a turn-key solution including the Dedicated Compute hardware and underlying Assured Cloud platform. Asset options: Small: single-site platform sized for 500 VMs – from £20 per VM per month* Medium: single-site platform sized for 1000 VMs – from £18 per VM per month* Large: single-site platform sized for 2000 VMs – from £16 per VM per month* * Based on 24 month contract and average VM size of 2vCPU, 8GB RAM & 100GB disk. Price will vary depending on specific hardware and performance requirements. Upgrade options: Automated VM Backup: from £50 per VM per month* Site replication & failover: from £150 per VM per month* 50VM pack: compute & storage upgrade – from £16 per VM per month* * Assuming 24 month contract however upgrades will be co-terminus with the original contract and so the price will increase on a pro-rata basis. Based on average VM size of 2vCPU, 8GB RAM & 100GB disk. Price will vary depending on specific hardware and performance requirements. Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 7 of 14 Open The All Inclusive package is available as follows: Capex Optimised Opex Optimised Upfront Payment – Design & Deploy 10% of Asset cost £10,000 Annual Payment – Asset Pre-Payment Asset cost / 2 Zero Monthly Charge – Asset Finance Zero Asset cost + 20% / 24 months Monthly Charge – Platform Fee From £150 per VM* From £150 per VM* Minimum Term 3 months 24 months Early Exit Charge Remainder of Asset cost Remainder of Asset Finance Premium for Elevated OFFICIAL 20% 20% Unit of Billing VM Capacity up-front Platform fee per month VM Capacity per month (includes Platform fee per month) * Based on 24 month contract and average VM size of 2vCPU, 8GB RAM & 100GB disk. Price will vary depending on specific hardware and performance requirements. Worked Example: A Skyscape Dedicated Compute Cloud platform sized at 1000VMs Dedicated Compute Cloud assets (Compute, Storage & Network Hardware) costs £20 x 1000VMs x 24 months = £480,000 Capex Optimised Opex Optimised Upfront Payment – Design & Deploy £48,000 £25,000 Annual Payment – Asset Pre-Payment £240,000 per year Zero Monthly Charge – Asset Finance Zero £24,000 per month Monthly Charge – Platform Fee £150,000 per month £150,000 per month Minimum Term 24 months 24 months Early Exit Charge £240,000 in year 1 £0 in year 2 £24,000 x no. months remaining Platform Fee Premium for Elevated OFFICIAL £30,000 per month £30,000 per month Unit of Billing VM Capacity up-front Platform fee per month VM Capacity per month (includes Platform fee per month) Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 8 of 14 Open Platform Only The Platform Only package provides consumers with the underlying Skyscape Assured Cloud platform to host and manage the Dedicated Compute Cloud platform. This allows consumers to transfer existing hardware assets (conditions apply) or procure the Dedicated Compute Cloud platform via alternative channels (conditions apply) This package is available as follows: Platform Only Upfront Payment – Design & Deploy From £25,000 Monthly Charge – Platform Fee From £150 per VM Minimum Term 24 months Early Exit Charge Remainder of Platform Fee Premium for Elevated OFFICIAL 20% Unit of Billing Platform fee per month Worked Example: A Skyscape Dedicated Compute Cloud platform sized at 1000VMs. Platform Only Upfront Payment – Design & Deploy £25,000 Monthly Charge – Platform Fee £150,000 per month Minimum Term 24 months Early Exit Charge £150,000 x no. months remaining Premium for Elevated OFFICIAL £30,000 per month Unit of Billing Platform fee per month Ancillary Options The Skyscape Pricing Guide provides a comprehensive catalogue of pricing; including all ancillary service options available to consumers when used in conjunction with Skyscape Compute as a Service. Ancillary options include: Offline facilities to support data ingestion and extraction. Connectivity options including HybridConnect, PSN, N3, Internet, data centre interconnect, etc. Other ancillary options are available and can be found in the Skyscape Pricing Guide. Trial service Due to the dedicated, single tenant nature of this solution, a trial service is not available. Skyscape Compute-as-a-Service provides consumers with a trial service which enables consumers to test the viability of cloud computing. Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 9 of 14 Open Appendix On-boarding and off-boarding On-boarding Due to the nature of this service, on acceptance of an order, Skyscape will work with the consumer to create a detailed design for the Dedicated Compute Cloud platform. This design will formalise the dedicated components required for the solution, e.g. server & storage hardware, systems management software, network hardware, cables, etc. The dedicated components will either be procured by Skyscape or the consumer depending on the package requested. Skyscape will also create the consumer’s Primary Administrator account and send the consumer a Welcome Pack which includes the URL for the Skyscape Portal for access to the knowledge centre and service management function. As Skyscape has two UK DC’s, a consumer can request to be deployed into a specific one at the time of the order if they require. Whilst unlikely to ever be rejected, this remains at Skyscape discretion. cases, the SDM will provide additional assistance with reporting, incident escalation and continual service improvement, at all times following Skyscape’s ISO20000 certified ITIL-based process framework. For Organisations that require more of a managed service, Skyscape work with a number of Partners which have extensive capability to provide a Managed Service wrapper around the Skyscape IaaS. Skyscape will be pleased to make an introduction where appropriate. Service constraints The Skyscape Assured Cloud platform is designed and optimised to operate in specific conditions. Skyscape therefore impose a number of service constraints such as: Support for specific hardware configuration (e.g. certain Vblock configurations, certain Cisco + EMC + VMware configurations, certain Super Micro configurations) Skyscape must be named agents for all support and maintenance contracts Data Centre access is only available to Skyscape staff – consumers will not be allowed access to the data centres excepts for exceptional circumstances Dedicated Compute Cloud must include specified Top-of-rack/End-of-rack network switches which will be designed, implemented and managed by Skyscape Dedicated Compute Cloud must include specific software features to enable Skyscape to provide automation, orchestration and instrumentation Skyscape provide no SLA or warranty related to performance Off-boarding All Inclusive package: Prior to terminating the contract, the consumer must make the final payment (early exit charge) in order to take ownership of the storage hardware. The consumer must make arrangements to collect the server & storage hardware within 14 days of contract termination. Platform only package: As the Dedicated Compute Cloud platform hardware is owned by the consumer, the consumer must make arrangements to collect the server & storage hardware within 14 days of contract termination. For clarity, when the consumer terminates their agreement with Skyscape, Skyscape ensures all of the organisation’s data is deleted unless the consumer owns the storage hardware. Service management As a Cloud service aligned to the NIST definition of IaaS, the service is designed to be self managed via the secure online Skyscape Portal and API which provides common Service Management functionality and addresses standard requirements. On rare occasions, Skyscape may decide to assign an experienced, qualified ITIL Service Delivery Manager to some Consumers. In these Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Skyscape will adhere to the following in terms of maintenance windows; “Planned Maintenance” means any pre-planned maintenance of any infrastructure relating to the Services. Skyscape shall provide the Client with at least twenty four (24) hours’ advance notice of any such planned maintenance: Planned maintenance of Skyscape’s infrastructure relating to the Services shall happen between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of 08:00 and 12:00 (UK local time) on a Saturday and/or Sunday. No planned maintenance will take place on a Saturday unless agreed in advance by both parties; Open Dedicated Compute Cloud Page 10 of 14 Open Planned Maintenance shall be excluded from any availability calculation in regard to service credits but shall be included in the monthly service reporting; “Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the Services. Whenever possible, Skyscape shall provide the Client with at least six (6) hours’ advance notice: Whenever possible Emergency Maintenance of Skyscape’s infrastructure will happen between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of 08:00 and 12:00 (UK local time)on Saturday and/or Sunday unless there is an identified and demonstrable immediate risk to a Clients environment; Emergency Maintenance shall be excluded from any availability calculation in regard to service credits but shall be included in the monthly service reporting. Training Skyscape have created a number of videos, help guides, manuals and FAQs to help train and instruct users so that are up and running quickly and easily. Skyscape also have a number of Partners who are able to deliver additional services such as training, support and managed services. Skyscape would be pleased to introduce you to such partners where appropriate. Ordering and invoicing Billing for the service is: At point of order for up-front fees Annual in advance for pre-payment fees Monthly in arrears for monthly fees Payment can be via Purchase Order and Direct Debit. Skyscape are preparing to be able to accept Debit/Credit Card payments (e.g. Government Procurement Card) – please enquire at time of order to check whether this is available. Service lead time Setting up a new consumer within the Skyscape Portal will typically be completed within 48 hours from acceptance of order. Resources to begin the design and deployment activity will be assigned within 10 days from acceptance of order. Due to the variable nature of this service, dedicated hardware will need to be specified, ordered and delivered which will take an indeterminate amount of time. Shorter deployment times are typically achieved with multi-tenant cloud compute solutions such as Skyscape Compute-as-a-Service. Termination Terms An Early Exit charge will be payable if the contract is terminated before the end of its original term. At the point of termination, consumer will have to make the final payment in order to take ownership of the server & storage hardware. The consumer must make arrangement for the server and storage hardware to be collected from Skyscape with 14 days. Where the consumer owns the servers & storage hardware, it must be collected from Skyscape with 14 days. Where the consumer does not own the server & storage hardware, Skyscape will ensure all consumer data, accounts and access will be permanently deleted, and will not be able to be subsequently recovered or restored. Costs An Early Exit charge will be payable if the contract is terminated before the end of its original term. Consumers are responsible for extracting their own data from the platform if required. Skyscape may make an additional charge for transferring data out of the service. Data restoration / service migration For service migration, Skyscape allows existing data to be migrated to and from the Dedicated Compute Cloud platform. In many circumstances, Skyscape can help facilitate a bulk migration to the platform using offline data ingest and extraction – please ask Skyscape for details. Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 11 of 14 Open Consumer responsibilities Technical requirements The control and management of access and responsibilities for end users including appropriate connectivity, security and accreditation if required. Where access is required over Government Secure Networks such as N3, legacy GCF networks or PSN, the consumer is responsible for adhering to the Code of Connection. Consumers have a number of options to choose from with Skyscape to access their environment dependant on their requirement. The list below provides a guide to demonstrate what is possible but may require further engagement with Skyscape to explain and validate further: Management and administration of layers above the IaaS (e.g. the systems that utilise the Storage as a Service platform). Standard Internet connectivity over common protocols (HTTP, HTTPS, SSH, etc) N3 – for access to the Health and Social Care community. You will be required to complete the N3 Information Governance Statement of Compliance process PSN Assured service – You will need to be a PSN Service Provider or a HMG customer that has PSN certification. HybridConnect – private circuit solutions including: As a core benefit of the Cloud Platform, consumers are expected to self-manage the environment including creating and deleting data. Consumers must be aware of the variable nature of the billing based on usage. The consumer is also responsible for ensuring only appropriate data (e.g. IL0-IL2 or IL3) is stored and processed by applications on this environment and that they comply with the Skyscape Security Operating Procedures (SyOps) and other information assurance requirements as specified in Skyscape System Interconnect and Security Policy (SISP) and associated accreditation documentation sets. Assured OFFICAL (Lower security domain) Financial recompense model If the service level falls below the stated availability percentage (excluding Planned and Emergency maintenance periods), consumers will be eligible for service credits on affected storage only. Service credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the failure occurred (to be applied at the end of the billing cycle). 10% of monthly spend Client Portal 1% of monthly spend per 1% below service level target or part thereof CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) o non-CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption o Site-to-Site VPN using standards based IPSEC solutions o Dedicated fibre connectivity within Ark Data Centre Elevated OFFICIAL (Higher security domain) Preferred connectivity is over a Government Secure Network such as N3, GSI or PSN N3 – for access to the Health and Social Care community. You will be required to complete the N3 Information Governance Statement of Compliance process. (additional controls may need to be implemented to enable N3 access to the higher security IL3 domain) PSN Protected service - You will need to be a PSN Service Provider or a HMG customer that has PSN certification. Legacy GCF networks such as GSI, GSE, PNN, etc via the PSN Protected service Skyscape Secure Remote Access service HybridConnect – private circuit solutions including: Service Credit STANDARD Service Level o o Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption Dedicated Compute Cloud Page 12 of 14 Open o non-CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption o Site-to-Site VPN using standards based CPA approved solutions o Dedicated bonded fibre connectivity within Ark Data Centre o Site-to-Site VPN using CAPS approved solutions (e.g. Ultra AEP X-Kryptor) Service description SC-SVC-06, version 6.0 © Skyscape Cloud Services Limited, 2014 Open Dedicated Compute Cloud Page 13 of 14 Skyscape Cloud Services Limited A8 Cody Technology Park Ively Road Farnborough Hampshire GU14 0LX +44 (0)1252 303300 info@skyscapecloud.com www.skyscapecloud.com @skyscapecloud © Skyscape Cloud Services Limited. All Rights Reserved. SC-SVC-06