NOT PROTECTIVELY MARKED
Personal Storage in the
Cloud
GCloud 4
Version: 1, Issue Date: 19 September 2013
NOT PROTECTIVELY MARKED
NOT PROTECTIVELY MARKED
ii
© Capita Secure Information Solutions Ltd 2016.
Other than for the sole purpose of evaluating this Service Description, no part of this material may be reproduced or transmitted in any
form, or by any means, electronic, mechanical, photocopied, recorded or otherwise or stored in any retrieval system of any nature
without the written permission of Capita Secure Information Solutions Ltd.
Capita Secure Information Solutions Ltd, Methuen Park, Bath Road, Chippenham, Wilts SN14 0TW
Telephone: 08456 041999, Fax: 08456 042999
Registered Office: 17 Rochester Row, London, SW1P 1QT. Registered in England No. 1593831 Vat Reg No. GB 618 1841 40
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
1
Contents
1
Overview .................................................................................................................... 2
2
Description ................................................................................................................ 2
3
Example use cases ................................................................................................... 3
4
Product features ....................................................................................................... 3
5
Pricing ........................................................................................................................ 4
6
Technical features .................................................................................................... 5
7
Backup / Recovery & Disaster Recovery ............................................................... 6
8
Information assurance: Impact Level (IL) at which the G-Cloud Service is
accredited to hold and process information ......................................................... 6
9
On-boarding and off-boarding ................................................................................ 6
10
Service options ......................................................................................................... 7
11
Service management ................................................................................................ 7
12
Service levels ............................................................................................................ 7
13
Service constraints................................................................................................... 8
14
Training ...................................................................................................................... 9
15
Ordering and invoicing ............................................................................................ 9
16
Service lead time ...................................................................................................... 9
17
Termination ............................................................................................................... 9
18
Data restoration / service migration ....................................................................... 9
19
Consumer responsibilities..................................................................................... 10
20
Technical requirements ......................................................................................... 10
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
1
2
Overview
Personal Storage in the Cloud enables a single user or application to access Storage-as-a-Service
instantly from any Microsoft Windows or Linux desktop or server anywhere, without writing a single
line of code.
Capita have achieved Pan Government Accreditation for IL2 and IL3 data for this service, meaning
that a significant proportion of assurance has already been completed thus allowing Public Sector
Organisations to gain the benefits of secure, purpose build, on-demand resources that meet their
stringent requirements, all on a true utility (pay for what you use) consumption model.
Further, Capita can provide a range of Service Levels – related to data protection and durability –
allowing Consumers the ability to match their data needs with an appropriate level and cost instead
of designing everything to the highest level when not needed.
1.1
Highlights
 Amazon S3 compatible storage API – use applications which currently work with S3 and benefit
for UK based cloud storage
 Pan Government Accredited - Suitable for IL0, IL1, IL2 and IL3 data.
 Exceptional value – dual site IL3 accredited Storage from 37p per GB
 Immediately available at all impact levels – zero delay to your project.
 All datacentres are highly resilient, Tier3 and UK sovereign with >50 miles separation.
 Connectivity via the Internet or a government secure networks (e.g. PSN, GSI, etc.) or your
own dedicated circuits such as Xcryptors, CPA, Leased Lines, MPLS, etc.
 True API driven Object Storage – access your data directly from your locations or from
applications you choose to host on the Capita Compute-as-a-Service platform
2
Description
By installing a simple, secure and free desktop application, individuals can access their own
Personal Storage in the Cloud from most Windows/Linux desktops or servers, anywhere, using a
simple and intuitive user-interface. Other solutions are also available such as EMC Syncplicity (at
additional cost – purchased separately) which extends support to other platforms and mobile
devices.
Capita’s service has been designed specifically of for the UK public sector, and is available only to
the UK public sector. The service supports and complies with all relevant areas of the Government
ICT Strategy and Information Principles for the UK Public Sector. Capita’s datacentres are some of
the most energy efficient in the world and as such support the Greening Government ICT Strategy
in full.
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
3
3
Example use cases
 Individual users who wish to securely store and/or backup files held on their personal
laptop/desktop for long term archive, freeing space on their local PC.
 Cheaper & more secure than backing up personal storage on multiple USB sticks & drives,
laptops etc.
4
Product features
Personal Storage in the Cloud provides a secure solution to enhance the durability and availability
of personal data. The solution offers true Cloud benefits such as:
 Cloud Sync – the ability for an individual user, multiple laptop and desktop systems to either
mirror or cache content to the cloud.
 Encryption - Ability to encrypt content based on a user defined key.
 Already Pan Government Accredited to IL2 and IL3 – Organisations gain significant
advantages in terms of costs, time and effort compared with how systems and platforms
were built in the past.
 Range of services levels – chose the right service, and the right price for what you and your
application / data require.
 No provisioning of LUNS, RAID groups or file systems.
 Multi-site replication is “built in” at ENHANCED, driven by simple policies and only replicates
specific content, saving bandwidth costs.
 Elasticity – the solution scales indefinitely and on-demand allowing unpredictable capacity
growth by never requiring storage provisioning ever again.
 Metered Billing – the organisation is charged by how much (or how little) storage is
consumed.
 Assured Security – the platform is Pan Government Accredited at both IL2 & IL3, hosted in
highly resilient Tier3, UK sovereign data centres and benefits from QinetiQ’s Protective
Monitoring solution at IL3.
 Green – the Capita service is based in UK data centres which offer market leading efficiency
around power and cooling. A Capita solution will generate less Carbon than many other
solutions.
The service is billed on the basis of the resources used during a period of time (1 month minimum)
based on metrics including consumed capacity and bandwidth.
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
5
4
Pricing
Service Level
IL0
IL2
IL3
BASIC
£0.12
£0.14
£0.18
STANDARD
£0.17
£0.19
£0.23
ENHANCED
£0.33
£0.39
£0.41
ENHANCED PLUS
£0.46
£0.52
£0.86
Connectivity Options
Option
Notes
Price
Internet
Inbound Data Transfer
£0.00p per GB
Outbound Data Transfer
£0.132p per GB
PSN (IL2)
Connectivity
Access to the PSN on a reserved bandwidth model
£48.40 per Mbps per DC per month
PSN (IL3)
Connectivity
Access to the PSN on a reserved bandwidth model
£275 per Mbps per DC per month
GSI (IL3)
Connectivity
Access to the GSI on a reserved bandwidth model
£412.50 per Mbps per DC per
month
Dedicated Leased
Lines
Leased line to be ordered and managed by the
Consumer directly with a Capita approved Telco.
Connection terminated on a Capita router.
Per Data Centre Charge:
£2,200 one off setup charge
No recurring charge
IL3 VPN Solutions
CAPS approved or appropriate CPA assured solutions
to be ordered and managed by the Consumer directly,
requiring VPN devices to be hosted within the Capita
data centre(s)
Per Data Centre Charge:
£2,200 one off setup charge
£550 per month
Colocation of
equipment
See specific Service Description
See specific Service Description
Data ingestion and extraction
In many circumstances, Capita can help facilitate the bulk import or export of data to/from the
platform. This service option is priced on a time and materials basis form the Capita SFIA rate card.
All pricing is exclusive of VAT.
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
6
5
Technical features
When using EMC GeoDrive software, Personal Storage in the Cloud provides three (3) modes of
operation:
 Mirror – In mirror mode, files are written to the local machine as well as to the Cloud. All files
are accessible whether online or offline. This mode is ideal for users who require optimal
performance and offline access to all content whilst also needing the assurance that their
data is protected and accessible.
 Push-to-Cloud – In this mode, files are written to the local machine. After a pre-set time, the
files are uploaded to the Cloud and stubbed on the local machine. When stubbed, the actual
contents of the file will be held only within the Cloud – the local machine will simply hold a
shortcut for ease of use. To access the file, the user would click on the stub and then the
EMC Atmos GeoDrive will take care of “pulling” the file back to the local machine. This use
case applies for most users who wish to store files remotely and not take up space on their
local hard drive.
 Disconnected – In disconnected mode, users can still use EMC Atmos GeoDrive client when
not connected to the Cloud. Files will remain on the local machine while the connection is
broken. Once the link is re-established, files will be automatically synced to the Cloud based
on the data storage mode chosen (Mirrored or Push-to-Cloud).
The EMC Atmos GeoDrive client also offers optional advanced features:
 Encryption – provides optional AES256 encryption for data at rest. Data is encrypted on the
local machine before sending to the Cloud. The data is encrypted using a passphrase which
the user determines.
 Compression – C-EDRS technology provides optional compression of data on the local
machine before it is sent to the Cloud.
 Data Throttling – provides a bandwidth throttling option for users to control the amount of
bandwidth the EMC Atmos GeoDrive client is able to consume.
 Access via HTTP or secure HTTPS.
Operating System support:
 RedHat Enterprise Linux 5.6 and 6.0 (later versions are not supported).
 SUSE Linux Enterprise Server 10 SP3 and 11 SP1.
 Windows XP SP3 (32 bit only), Windows Vista SP1 or later (x64 and x86), Windows 7 (x64
and x86).
 Windows Server 2003 SP2 or later (x64 and x86), Windows Server 2008 (x64 and x86),
Windows Server 2008 R2 (x64)
 Easy to deploy and use.
 Flexible Protection levels:
o No Protection – at our BASIC service level, data is storage on a single disk. If the
disk fails, data will be lost. Hence this is only suitable for specific scenarios.
o Local Protection – data is written across multiple disks and multiple nodes to ensure
that data remains available even if a drive or node should fail.
o Remote Protection (Replication) – data is written to one UK data centre and copied
out to a second UK data centre to ensure that data remains available even if an
entire site/data centre should fail.
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
7
6
Backup / Recovery & Disaster Recovery
Organisations can choose from a range of protection levels.
BASIC data is stored in a single named UK Data Centre with no additional data protection and the
most cost-effective price point. This is typically suitable for storing a second copy of data where you
can recreate or restore the data from a primary copy in the event of data loss.
STANDARD data is stored in a single named UK Data Centre with RAID-like data protection which
provides a degree of fault tolerance and so improves data durability.
ENHANCED data is stored in two UK sovereign Data Centres, with a copy maintained in a primary
named UK Data Centre and copied to a geographically remote UK Data Centre. This provides the
highest degree of fault tolerance (including site failure) and corresponding data durability.
All service levels also allow for the implementation of versioning which can be useful in allowing
data to be reverted to a previous version if the latest version becomes corrupt.
Consumers can also implement a Disaster Recovery solution by writing data independently to each
data centre at our STANDARD (and BASIC) Service Levels.
In case of major failure, loss or theft of the machine which it is installed upon, the user simply
needs to install the EMC Atmos GeoDrive client on a new machine and enter the same user
credentials as the previous installation. Once the Client is configured and connected to the Cloud, a
re-sync process will initiate and begin to populate the new machine with the user’s data.
8
Information assurance: Impact Level (IL) at which the G-Cloud
Service is accredited to hold and process information
This service has achieved Pan Government Accreditation (PGA) for data at Impact Level 2 and
Impact Level 3.
 Suitable for IL0, IL1, IL2 and IL3 data.
 All datacentres are highly resilient Tier3, UK sovereign and separated by >50 miles for
geographical diversity.
 Capita staff are Security Cleared and based in the UK
9
On-boarding and off-boarding
9.1
On-boarding
Capita will create the Consumers Primary Administrator account and send the consumer a
Welcome Pack which includes the URL for the Storage as a Service API and associated
authentication details.
Within a customer’s control, users download and install the EMC Atmos GeoDrive client (or this is
distributed by the organisations internal IT team). The organisation will use the unique Credentials
(UserID, Subtenant ID, resolvable hostname and shared secret) as issued in the Welcome Pack.
These details are simply entered into the EMC Atmos GeoDrive client for the Service to be
operational.
As Capita has two UK DC’s, a Consumer can request to be deployed into a specific one at the time
of the order if they require. Whilst unlikely to ever be rejected, this remains at Capita discretion.
9.2
Off-boarding
Prior to terminating the contract, the Consumer is able to transfer all their data out of the solution
(e.g. using the Capita API to retrieve data).
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
7
When the organisation terminates their agreement with Capita, Capita ensures all of the
organisation’s data is deleted.
10
Service options
Capita provide three Service Levels to choose from:
BASIC
STANDARD
ENHANCED
Service Level Agreement
99.90%
99.95%
99.99%
Protection Level
Single copy
Local Protection
Remote Protection
Scalability
Unlimited
Unlimited
Unlimited
Retention
Configurable
Configurable
Configurable
QinetiQ Protective
Monitoring
Included for IL3 IaaS
Included for IL3 IaaS
Included for IL3 IaaS
 Single Copy – data is held on a single disk and so is susceptible to loss
 Local Protection - data is held in a single named UK Data Centre, distributed across multiple
nodes which improves data durability.
 Remote Protection - data is stored in two UK sovereign Data Centres, with a copy
maintained in a primary named UK Data Centre and copied to a geographically remote UK
Data Centre.
 Data Retention Policy - the organisation may choose to implement a global policy for data
retention (or automated expiry and deletion) of one, three or seven years.
11
Service management
As a true Cloud service aligned to the NIST definition of IaaS, the service is designed to be self
managed via the secure online Capita API and the Capita Portal which provides common Service
Management functionality and addresses standard requirements.
On rare occasions, Capita may decide to assign an experienced, qualified ITIL Service Delivery
Manager to some Consumers. In these cases, the SDM will provide additional assistance with
reporting, incident escalation and continual service improvement, at all times following Capita’s
ISO20000 certified ITIL-based process framework.
For Organisations that require more of a managed service, Capita work with a number of Partners
which have extensive capability to provide a Managed Service wrapper around the Capita IaaS.
Capita will be pleased to make an introduction where appropriate.
Capita may use MDS Technologies as a subcontractor. Other subcontracts can / may be used.
12
Service levels
Capita provide both an Availability SLA and Response Time SLA for Storage as a Service as per
the following table.
Availability (monthly*)
BASIC
STANDARD
ENHANCED
99.95%
99.99%
99.99%
Incident response
P1 – within 15 minutes
P2 – within 4 hours
P3 – within 24 hours
P4 – within 72 hours
Incident update
P1 – hourly
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
8
P2 – every 2 hours
P3 – every 24 hours
P4 – every 24 hours
Communication
Auto email response
with access to online
portal
Bespoke email
P1/P2 Phone
P3/P4 Bespoke email
Capita customer support
advisor
Incident review
FAQs via online portal
Incident Report
Incident Report
Service credits
5% of monthly spend
10% of monthly spend
15% of monthly spend
* Availability indication based on an average 730hrs per month. Excludes planned & emergency
maintenance. Unavailability applies to existing data where the data becomes inaccessible due to a
fault recognised at the IaaS layer or lower:
 i.e. fault is not within the Consumers control (OS, Applications, user networks)
 fault is within Capita controlled components such as the storage infrastructure, power and
physical firewalls & routers etc.
 External connectivity providers (e.g. internet, PSN, GSi) and components collocated at
Capita are also not included in the availability calculation.
In addition, Capita also provide an Availability Service Level Target on the Capita Portal i.e. the
ability to log into the portal to create support tickets and use other functions.
Target Availability (monthly*)
Client Portal Availability (monthly)
12.1
99.90%
Financial recompense model if service levels aren't met
If the service level falls below the stated availability percentage (excluding Planned and Emergency
maintenance periods), consumers will be eligible for service credits on affected storage only.
Service credits will be calculated as a percentage of the fees for the affected services for the
monthly billing period during which the failure occurred (to be applied at the end of the billing
cycle).
Service Credits
13
Service Credit
Cap
1% of monthly spend per 5% below service
level target or part thereof
Up to 5% of monthly spend
Service constraints
Capita will adhere to the following in terms of maintenance windows;
“Planned Maintenance” means any pre-planned maintenance of any infrastructure relating to the
Services. Capita shall provide the Client with at least twenty four (24) hours’ advance notice of any
such planned maintenance:
 Planned maintenance of Capita’s infrastructure relating to the Services shall happen
between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between
the hours of 08:00 and 12:00 (UK local time) on a Saturday and/or Sunday. No planned
maintenance will take place on a Saturday unless agreed in advance by both parties;
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
9
 Planned Maintenance shall be excluded from any availability calculation in regard to service
credits but shall be included in the monthly service reporting;
“Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating
to the Services. Whenever possible, Capita shall provide the Client with at least six (6) hours’
advance notice:
 Whenever possible Emergency Maintenance of Capita’s infrastructure will happen between
the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of
08:00 and 12:00 (UK local time)on Saturday and/or Sunday unless there is an identified and
demonstrable immediate risk to a Clients environment;
Emergency Maintenance shall be excluded from any availability calculation in regard to service
credits but shall be included in the monthly service reporting.
14
Training
Capita have created a number of videos, help guides, manuals and FAQs to help train and instruct
users so that are up and running quickly and easily.
Capita also have a number of Partners who are able to deliver additional services such as training,
support and managed services. Capita would be please to introduce you to such partners where
appropriate.
15
Ordering and invoicing
Billing for the service is monthly in arrears.
Payment can be via Purchase Order and Direct Debit. Capita are preparing to be able to accept
Debit/Credit Card payments (e.g. Government Procurement Card) – please enquire at time of order
to check whether this is available.
16
Service lead time
Setting up a new organisation will typically be completed within 5 days from acceptance of order.
Shorter deployment times are typically achieved and can be prioritised upon request. Once set up
Organisations have instant access to additional storage resources with no notice period required as
they manage this themselves.
17
Termination
Terms
At the point of termination, all consumer data, accounts and access will be permanently deleted,
and will not be able to be subsequently recovered or restored.
Costs
There are no termination costs for this Service. Consumers are responsible for extracting their own
data from the platform if required.
Capita may make an additional charge for transferring data out of the service.
18
Data restoration / service migration
This service provides individuals with Cloud storage and hence data must originally exist on their
local PC/laptop and is then automatically migrated by the EMC Atmos GeoDrive client.
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
19
10
Consumer responsibilities
The control and management of access and responsibilities for end users including appropriate
connectivity, security and accreditation if required. Where access is required over GSI or PSN, the
consumer is responsible for adhering to the Code of Connection.
Management and administration of layers above the IaaS (e.g. the systems that utilise the Storage
as a Service platform).
As a core benefit of the Cloud Platform, consumers are expected to self-manage the environment
including creating and deleting data.
Consumers must be aware of the variable nature of the billing based on usage.
The consumer is also responsible for ensuring only appropriate data (e.g. IL0-IL2 or IL3) is stored
and processed by applications on this environment and that they comply with the Capita Security
Operating Procedures (SyOps) and other information assurance requirements as specified in
Capita System Interconnect and Security Policy (SISP) and associated accreditation
documentation sets.
20
Technical requirements
The consumer is responsible distribution and configuration of compatible application software (e.g.
EMC GeoDrive) to all users of the service.
Consumers will require appropriate network connectivity such as internet access (IL0-IL2) or
accredited connectivity such as a government secure network (IL3) to the Capita Cloud Platforms.
Connectivity via the internet, a government secure network (PSN, GSI) or private leased line is
available but may incur additional charges if the hosting of CPE routers is required - see the pricing
section for more details. Where required, Consumers are responsible for procuring and managing
appropriate devices or software to meet the requirement for data security over the various forms of
connectivity.
Consumers have a number of options to choose from with Capita to access their environment
dependant on their requirement. The below are guides to demonstrate what is possible but may
require further engagement to explain further:
IL0 – 2
 Standard Internet connectivity over common protocols (HTTP, HTTPS, SSH, etc)
o Non-standard ports considered via Service Request
 Secure commercial grade VPN
o Self-managed Site-to-Site IPSEC VPN to the Capita compute environment
o Self-managed SSL VPN to the Capita compute environment
 PSN - You will need to assign part of your PSN IP allocation to your services hosted by
Capita
 Leased Line (CAS(T) compliant) or non-CAS(T) using CPA/PEPAS overlay encryption
IL3
 Preferred connectivity is over a Government Secure Network such as GSI or PSN
 PSN/GSI - You will need to assign part of your PSN/GSI IP allocation to your services
hosted by Capita

PSN or CAS(T) Leased Line (IL3 over IL2)
o CPA/PEPAS approved solution providing overlay encryption (e.g. Cisco ISR/ASR)
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016
NOT PROTECTIVELY MARKED
11
 IL0 (e.g. Internet or non CAS(T) circuit) to IL3 VPN
o Site-to-Site VPN using CAPS approved solutions (e.g. Ultra AEP Xcryptor)
o CPA assured solution where Foundation Grade assurance is appropriate (e.g.
Cisco ISR/ASR)
 IL3 Leased Line (assured network connection)
Consumers are responsible for the related assurance plan for accreditation if required.
File: DOCUMENT1
Doc Reference: CUST-0000-0000 Issue: 1
Document Type: Service Description
Copyright: Capita Secure Information Solutions Ltd 2016