Interoute's
advertisement
G-Cloud ITT Interoute Virtual Data Centre Service Interoute Proposal Date 18-12-2011 G-Cloud ITT Interoute Virtual Data Centre Service Executive Summary HM Government’s CIO Council (HMG) has issued the G-Cloud tender in order to identify a potential supplier with whom HMG can enter into a contract for the ongoing supply of cloud services. After serious consideration and evaluation of your public tender by our bid team we have outlined below a summary of the business benefits and the requested HMG supplier criteria. By choosing Interoute as your future cloud partner we will aim for the highest standards (ITIL) and were we will strive to exceed your expectations by design, delivery, flexibility and continuous drive for innovation. Interoute is a company that may at first be unfamiliar to you in the context of the UK IT. However throughout the UK and the rest of Europe Interoute is the underlying provider behind more familiar organisations like Cable & Wireless, BT, ATT, NTT, Google, Amazon to name but a few. We are equally trusted by global Enterprises; Sony, PwC, Rank Entertainment, governments and NGO’s: the European Space Agency, US, UK, Belgium and German governments carrying their most sensitive data whilst delivering flexible services. Interoute focus is delivering Unified ICT; an integration of Connectivity, Computing and multi-media Communications infrastructure. These cloud services are created to offer the simplicity of the public cloud but with the security and confidence of a private cloud. This is because Interoute is able to control its services from the ground (fibre, duct and data centres) to the cloud. We can therefore offer the levels of separation required to reap the benefits of cloud services in conjunction with supporting a wide variety of impact levels. Interoute has industry recognition as a pioneer in changing the way in which companies consume and procure ICT services. The arrival of cloud computing is not simply a way of compromising confidentially to access an internet based service. It is, if implemented correctly, a model that will revolutionise the way in which ICT services are delivered. Interoute has a long track record of firsts in taking emerging technologies and applying them at scale scross multiple countries replacing traditional delivery models and defining the new standard in ICT enterprise service delivery. HMG G-Cloud Objective The objectives of the G-Cloud and HMG PSN are to create a controlled but open environment for all aspects of government. Interoute’s scale and sophistication can create as standard a dynamic ICT supply chain model for government. The simplest way to think of it is as a private Internet for the government but without the overhead and risk of traditional IT engagement model. Interoute’s ICT infrastructure service catalogue is one of the most advanced in the world and is used by some of the worlds largest (NTT) and newest (Seacom) operators seeking to provide a flexible service offering to their customers. One of the challenges for an organisation as large and complex as the UK government is the ability to create a flexible platform for ICT infrastructure that caters for the differing demands. The Interoute solution will allow for the smallest government organisation to access the service fast without waiting for coordination across the greater government community. This ability to have multiple speeds of adoption prevents disparate solutions from being created which create a costly integration headache later in the process. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 2 G-Cloud ITT Interoute Virtual Data Centre Service Interoute Solution The focus of our response to the ITT is our infrastructure as a service (IaaS) product called the Interoute Virtual Data Centre (VDC). The Interoute VDC provides a flexible and scalable platform for computing with all the attributes you would expect from a public cloud computing service but with the intrinsic ability to secure it. Interoute has built VDC into the fabric of our MPLS/IP network meaning a simple connection to the cloud ensures compliance up impact level 3 without further costs or complexity. Conversely the cloud can also be made publically available but we have built it on the private side of the network to ensure complete end-to-end control Interoute is used to supporting complex organisations with multiple entities that require separation but the ability to communicate to specific shared or common services. Within the Interoute VDC we have created the Interoute CloudStore that we can customise to create an internal market for all government. Interoute VDC is role based as standard so you can create a global oversight function with additional tiering of service. The Interoute proposition offers a real third alternative to the unconstrained but brilliantly convenient public cloud and the current private cloud model that discards all the cost and convenient benefits of the public cloud in the name of security. The Interoute VDC is the first truly scalable, partitionable and performance cloud model that offers a real alternative to current public offers. Pricing Interoute has provided pricing as requested offering a traditional compute and storage per hour consumption pay as you go model. Interoute also offers the ability create dedicated but shared platforms offering the same user experience as a pay as you go public cloud, including the ability to transfer price and charge at an internal market level. This flexibility in model is something Interoute would be very happy to discuss once the ITT has been submitted. Interoute has a track record in taking its service model and creating it for other organisations. More on Interoute Interoute are unique amongst telecoms operators today. Other telecom operators offer you connectivity. Interoute offer a Unified-ICT (Information & Communications Technology) platform, of which connectivity is a part and - not only that - the connectivity technology itself is flexible. Instead of focusing on a network that carries data, Interoute enable you to think of your entire ICT strategy. Interoute’s solution enables the simple transition and consolidation of services onto a single platform, enabling HMG to reduce the amount of time and resources spent on maintaining services, and focus on developing new technology towards your own business customers. But HMG can also build upon its commitment towards corporate responsibility when going forward with Interoute, as we at Interoute are also dedicated to the welfare of our community, both our employees, and the world which we operate within. Interoute U-ICT reduces the amount of circuits, equipment, power, floor-space and people required to deliver services – simultaneously reducing TCO and your carbon footprint, whilst increasing productivity through enhanced performance, communication, security and availability. Enhanced reporting enables you to measure usage, demand, key performance indicators and critical success factors, ensuring continual service improvement. Interoute achieve this with simple, innovative services that are available within your VPN from day one – think of voice, video, internet, content delivery & security as features that are available to switch on, in the same way you would ask for network features to be enabled. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 3 G-Cloud ITT Interoute Virtual Data Centre Service Above statement indicates our road of innovation and should give HMG the trust that we can deliver on our promises made, our strong can-do mentality and a technology partner for the supply and management of cloud service for now and the future. We understand and believe that above can only be achieved by having the right skilled, recruiting the best, developing and continuous training of our biggest asset “the Interoute employees”. With them on the ground we can offer HMG all the elements of modern telecommunications from the ground to the cloud. An overview of these services is contained within the sections of this document. Yes – network connectivity and the cost of circuit bandwidth is a key element of delivering cloud services, but Interoute can demonstrate that by using our network in a different way you can still gain capacity and performance whilst reducing costs, and open up new ways of cloud thinking. Our ability to think ‘outside the box’ allows us to move quickly and spot (or indeed help create) new opportunities for our customers. We strongly believe that we can offer HMG flexibility needed with our Unified ICT platform. It is this unique combination that places Interoute as the best company to meet the present and future needs of HMG. We, together with the close involvement and support of our management team, are extremely enthusiastic at the prospect of supplying you cloud services and very much look forward to working with you in the future. Think outside the box - Think Interoute. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 4 G-Cloud ITT Interoute Virtual Data Centre Service Proposal Reference: RM1557 Account Team Account Manager Sales Engineer Name: Lee Myall Name: Jonathan Graham Phone: 07971191120 Phone: 07970788628 Lee.Myall@interoute.com Jonathan.Graham@interoute.com Service Manager Name: Joe Pakai Phone: 07800683426 Joe.Pakai@interoute.com Executive Sponsor Name: Matthew Finnie Phone: 07802481806 Matthew.Finnie@interoute.com Version History Version Date 1.0 Date 18-12-2011 Title of Response Interoute Proposal All quotes, offers or proposals are made based on Interoute’s standard terms and conditions (ii) subject to contract, survey and availability; and (iii) only valid for a period of 30 days from the date of this message. Confidentiality Statement © Interoute Communications Limited This document contains information proprietary to and/or considered confidential by Interoute. Except as otherwise provided no part of this document may be reproduced, stored or transmitted in any form or by any means whether graphic, electronic or mechanical, including photocopying, recording, taping or storage in any information retrieval system, for any purpose, without prior written permission of Interoute. Interoute is a trading name of Interoute Communications Limited, registered in England number 04472687, registered address Walbrook Building, 195 Marsh Wall, London, E14 9SG, United Kingdom. Nothing within this document may be construed as an offer to supply goods or services except where explicitly stated. All sales are subject to contract. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 5 G-Cloud ITT Interoute Virtual Data Centre Service Index Executive Summary ............................................................................ 2 1 Overview .................................................................................. 8 1.1 1.2 1.3 1.4 1.4.1 1.5 2 Interoute Virtual Data Centre Platform ................................... 11 2.1 2.2 2.3 2.4 2.5 2.6 3 Role Based Administration ................................................................... 11 Hypervisor Agnostic .............................................................................. 11 Simple Migration to and from the Interoute Virtual Data Centre ........ 11 OVF Support.......................................................................................... 12 Elastic Cloud .......................................................................................... 12 Performance ......................................................................................... 12 Interoute as a cloud platform .................................................. 13 3.1 3.2 3.3 4 G-Cloud ITT ..............................................................................................8 Virtual Data Centre Features ...................................................................8 Self Service Control and Management ....................................................9 Public Cloud Simplicity Private Cloud Security ........................................9 Purchase and manage your Virtual Data Centre service .........................9 Virtual Appliances G-Cloud Market Place ............................................. 10 Scalability .............................................................................................. 13 Network Connectivity ........................................................................... 13 Interoute – Federated VPN’s to build tiered service ............................ 14 Security and Impact Levels ...................................................... 16 4.1 4.2 4.3 4.4 4.5 Impact Levels Supported ...................................................................... 16 Data Location Governance and Transparency...................................... 16 Storage Types and levels ...................................................................... 16 Backup .................................................................................................. 17 Disaster Recovery ................................................................................. 17 5 Cloud On Boarding Process ..................................................... 18 6 Support................................................................................... 20 6.1 6.2 6.3 7 Roadmap ................................................................................ 21 7.1 7.2 7.3 7.4 8 Service Support ..................................................................................... 20 Perfect Service Month .......................................................................... 20 Training ................................................................................................. 20 Full API – Q212 ..................................................................................... 21 CloudStore Partner Service Integration - Q212 .................................... 21 Global Load Balancing - Q212 ............................................................... 21 Storage (update through-out 2012) ..................................................... 21 Commercial ............................................................................ 25 8.1 Billing and invoicing .............................................................................. 26 Appendix A: Hypervisor support ....................................................... 27 Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 6 G-Cloud ITT Interoute Virtual Data Centre Service Appendix B: OVF ............................................................................... 28 Appx. C: Applying the Interoute Virtual Data Centre ......................... 29 MPLS VPN Network Integration as Standard – IT Server ................................ 29 Existing Interoute IPVPN (UCONN) customer & VDC looking to extend services to the Internet ........................................................................................................... 30 Existing Interoute IPVPN (UCONN) customer migrates from public cloud service Provider to Interoute ...................................................................................... 32 New customer accesses via Internet to create Cloud service......................... 33 Appx. D: Service Support .................................................................. 34 Service Management ...................................................................................... 34 Service Support ............................................................................................... 34 Customer Support Centre (CSC) ...................................................................... 35 Network Operating Centre (NOC) ................................................................... 35 Appdx. E: Interoute Operational Model ............................................ 36 Interoute OSS model ....................................................................................... 36 Interoute Data Model ..................................................................................... 37 Applying the infrastructure – Organisations, OSS, Data Model and Process.. 38 Interoute’s ‘Incident Management Process’ Definition .................................. 40 Problem Management .................................................................................... 41 Reporting and Performance Management ..................................................... 41 Application Management................................................................................ 42 Appx. E: Modular Architecture .......................................................... 43 Appx. E: Interoute Corporate Profile ................................................. 46 Our Company .................................................................................................. 46 Our Customer Approach ................................................................................. 47 Our Network.................................................................................................... 48 Our Unified Service Portfolio .......................................................................... 49 Our Philosophy ................................................................................................ 50 Appx. F: Commercial Conditions ....................................................... 52 Appx. G: Interoute Virtual Data Centre Service Level Agreement ...... 53 Appx. H - Unified ICT ......................................................................... 55 Appx. I - Trouble Ticket Life Cycle...................................................... 62 Appx. J - Escalation Process .............................................................. 64 Appx. K - The Interoute Hub (Web Portal) ......................................... 66 Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 7 G-Cloud ITT Interoute Virtual Data Centre Service 1Overview Virtual Data Centre is Interoute’s IaaS (Infrastructure As A Service) hosted Private Cloud offering. Dedicated infrastructure at Interoute’s (physical) Data Centres combined with virtualisation technology has enabled Interoute to create a pan European pool of computing, storage and network resources that is tied to the Interoute MPLS network. The Virtual Data Centre, or VDC for short, allows a customer to create a fully functioning IT infrastructure platform as they would through buying colocation, hardware, software, network and building out their IT resources. The VDC service empowers the customer to create and manage their own-hosted Private Cloud; assigning resources and creating and deploying appliances on demand within their virtual data centres. VDC gives the customer the flexibility, scale and immediacy of the public cloud but secured within their own private network platform. Using Virtual Data Centre the customer can deploy virtually any IT or Communications service and the related network topology. Unique to Interoute’s Unified Computing hosted Private Cloud offering is the automatic integration with any existing Interoute MPLS/IPVPN solution and self-service online portal called the Interoute HUB. Via the HUB the customer starts the process of creating their VDC by selecting the package and geographic zones that are best suited to their needs; they then start deploying Virtual Machines as they need. In the case of Interoute IPVPN customers, they can immediately start accessing their VDC infrastructure on their Wide Area Network. For new customers access to the platform can either be provided via secured public internet or by taking an MPLS/IPVPN solution with Interoute The Interoute Virtual Data Centre gives customers a public cloud computing experience but in a truly private and secure environment. 1.1 G-Cloud ITT For the purposes of the G-Cloud ITT the Virtual Data Centre Service Description has been edited to enable the reader to readily compare G-Cloud requirements with VDC Service functionality. Square bracket parentheses throughout the document relate to specific G-Cloud questions (ITT Appendix 1). It should be noted that as with all ITT responses, and as is the beauty of such an online “As A Service” product, the best way to validate our service is by trying it out. Please visit https://www.hub.interoute.com and try the service out (credentials available on request via e-mail from vdcsales@interoute.com). 1.2 Virtual Data Centre Features Virtual Data Centre is a true IaaS Cloud service [Q-G1, G2, G3]. On demand self-service: Via the Interoute customer self service portal, the Hub, the customer can provision entire ICT solutions in their own Virtual Data Centre environment. The automated provisioning of the compute, storage and network resources of the service are all achieved at the click of a button. Broad Network access: The management of the VDC service and access to the virtual environment within is possible via both IP VPN and Public Internet access. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 May/2011 8 Version: 1.0 G-Cloud ITT Interoute Virtual Data Centre Service Resource pooling: The VDC service is based on a multi tenant platform, managed by the allocation business rules and policies, meaning the IaaS resource pools created by the virtualization of the physical underlying infrastructure can be shared by multiple consumers, or dedicated to single enterprise. Elastic: The compute, storage and network resources used to create your ICT service within in the VDC environment can all be used in a truly elastic fashion. Using only what you need and able to grow to an almost limitless level. Measured service: Through the Interoute HUB portal the VDC control centre allows you to monitor the usage of the service; reporting and controlling the allocation of resources; how much and to where being used by whom. The VDC service is best defined as a hosted Private cloud, or using Nist terminology, a Hybrid Cloud. It is a multi tenanted service with a proportion of physical hardware reserved for specific customers [Q-G4]. The service is accessed by both Virtual Private Networks and Public Internet. 1.3 Self Service Control and Management Using Interoute’s self-service portal, the HUB, you can securely design, provision and manage your Virtual Data Centre solution. You have complete control of the Virtual Machines you create; which geographic zone they run in, console access, allocate external block level volumes, reboot, power on and power off, take snapshots for cloning and machine deletion[Q-G27]. The time taken for a Virtual Machine to be deployed depends on the size of the Virtual Image disk, but for indicative purposes a 30GB CentOS Linux Virtual Machine takes less than 40 seconds to deploy and a 50GB Windows 2008 Virtual Machine takes under 2 minutes [Q-G28]. Through the VDC Control Centre you can monitor the allocation of resources amongst your Virtual Data Centre instances. Real time reports show you how much of each resource is available and how much has already been allocated. You can report on allocation by Virtual Data Centre, Virtual Appliance and Virtual Machine instance. [Q-G25] Through the Hub you can access historic reports detailing billable “resource hour” allocations across your environment [Q-G26]. 1.4 Public Cloud Simplicity Private Cloud Security The beauty of the VDC service is that that it offers a cloud based Infrastructure As A Service with the simplicity and convenience associated with public cloud services combined with the security and confidence that a private cloud brings. 1.4.1 Purchase and manage your Virtual Data Centre service Via the Interoute customer self service portal, the Hub, order online the Virtual Data Centre Service. Choose the package and the geographic location that is best suited to your compute and data processing/storage requirements. Select Utility to pay as you grow or one of the Commit packages if your requirements are more predictable. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 9 G-Cloud ITT Interoute Virtual Data Centre Service Access the VDC Centre Control Centre and navigate your way to the Virtual Data Centre instance created during signup. For your VDC instance create a Virtual Appliance (a collection of one or more Virtual Machines). The session is automatically launches the Virtual Machine wizard. Select the Virtual Appliance image (appropriate for the service you are creating) and drag it to the right hand screen. This then creates a Virtual Machine for you to deploy into your VDC environment. 1.5 Virtual Appliances G-Cloud Market Place Interoute has created a collection of the most popular virtual appliances; appliances are virtual machine images, ranging from virtual Servers (e.g. Windows or Red HAT) to virtual network functions (e.g. Firewall or Load Balancer). They are available via the Interoute cloud store or customers can create and upload their own. The VDC service supports virtually any x86 based operating system or appliance. For the G-Cloud initiative it is envisaged that partners and suppliers could create their appliances that could be sold via the G-Cloud market place (created as part of Interoute’s involvement). It is also an environment that would encourage collaboration amongst consumers of the G-Cloud. For example more progressive organisations may adopt the model faster than others creating useful images that can be then shared amongst the other members of the G-Cloud Market Place. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 10 G-Cloud ITT Interoute Virtual Data Centre Service 2Interoute Virtual Data Centre Platform 2.1 Role Based Administration The Interoute VDC offers the ability for role-based access. This means that a central IT function, as part of Service Catalogue management, can create standard approved solutions for use by the Service Catalogue end users. There are up to 40 different permissions that can be set and practically about 4 levels of progressive administration that is possible. For example within the context of GCloud it would be conceivable that there was 4 levels; namely G-cloud super user, partner (creator of the appliance/service), customer administrator (the local IT head of the organisation consuming the infrastructure) and then finally the consumer who could be a developer for that organisation. 2.2 Hypervisor Agnostic Hypervisors are used to manage the virtualisation of CPU, RAM and Storage compute resources. They enable operating systems and applications to be isolated from underlying physical resources. The VDC service is a hypervisor independent IaaS solution; it simply converts a Virtual Machine image from one format to run on the VDC Hypervisor of choice. Please refer to Appendix A to see a full list of the Virtual Machine Image formats supported [Q-LOT1-12]. The VDC service employs the Kernel-based Virtual Machine Hypervisor (KVM for short). This is only detailed for completion [QLOT1-11]; the average user does not need to know what specific hypervisor is used. However if you do have specific hypervisor requirements (perhaps licensing or security legislation) then we can create your corporation a private cloud – assigning dedicated hardware with a specific hypervisor of choice. 2.3 Simple Migration to and from the Interoute Virtual Data Centre As the VDC service is a hypervisor independent it greatly simplifies migrating to our cloud service. Whether migrating from your own private Cloud (in house and managed by your own IT department) or public cloud (managed by a Cloud service provider) you simply need to obtain your existing Virtual Machine Image and upload it to the virtual data centre service using our Hub portal [Q-LOT1-13]. This image is then available from your Virtual Appliances library for you to deploy into your VDC environment. For further information regarding migrating to our cloud service please refer to the Cloud On Boarding Process section. We acknowledge the concerns over both Service Provider and Technology lock in. That is why we support multiple and open Virtual Machine Image formats and make uploading and downloading images simple. Migrating Virtual Machine images from the VDC service is via the VDC Control Centre; you can simply download the Virtual Machine Image and export it to another Service Provider. The migration of data into and out of the service can be achieved through both electronic and physical means. From our experience with Governments, Research Bodies, Service Providers and enterprises we appreciate the importance of data privacy and security; you can rest assured that Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 11 G-Cloud ITT Interoute Virtual Data Centre Service when migrating from Interoute your data will be thoroughly purged and deleted from our systems [Q-G13, G14]. 2.4 OVF Support The VDC service supports the Oven Virtual Framework (OVF – see Appendix B: OVF) package specification. OVF is an open standard for packaging and distributing virtual appliances; it packages a Virtual Machine disk Image with metadata describing the virtual hardware of a machine: CPU, RAM, disk and network information [Q-G08]. The user can create and manage their own Remote Repository (in addition to the Interoute Cloud Store); here you can manage OVF compliant appliances. 2.5 Elastic Cloud As a true cloud service the virtualised infrastructure can be used in a completely elastic fashion. The Compute, Storage and Network infrastructure elements can all expand and contract on demand and in line with your requirements [Q-LOT1-1, 2]. For example, at the start of a new marketing event you might need additional compute power. The VDC service enables more Virtual Machines to be created to handle the additional demand. The demand may be for additional firewalls, load balancers, web servers, UNIX servers, IP PABX etc. All of these can be deployed, alongside additional storage and networking, on demand to your Virtual Data Centre. All built, deployed and managed through the portal at the click of a button. For the G-Cloud ITT it should be noted that according to G-Cloud definitions the VDC service offers “elastic” but not “burst” IaaS resources. Additional resources can be requested by the user or operator but the resources do not automatically expand in line with demand. As per the VDC Service Level Agreement (Appx. G: Interoute Virtual Data Centre Service Level Agreement) the elastic IaaS resources are guaranteed to be available 99.99% of the time [Q-LOT1-3]. 2.6 Performance The specification of a Virtual Machine can be defined dependant on performance requirements. The Virtual Data Centre service lets you specify the virtual CPU, RAM, local disk and storage values of a Virtual Machine. The service is based on dual hexacore blade servers, each with 192 GB of uncontended RAM. Storage is an iSCSI solution offering 100 MB/s write and 400 MB/s read data transaction speeds [Q-G22]. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 12 G-Cloud ITT Interoute Virtual Data Centre Service 3Interoute as a cloud platform 3.1 Scalability Interoute is Europe’s largest facilities based ICT provider serving the global service providers and major Enterprises with their critical connectivity, communication and computing infrastructure in over 80 countries (for additional information please refer to Appx. E: Interoute Corporate Profile). Interoute has built VDC into the fabric of our network infrastructure ensuring there is no practical limit to scalability ensuring future proof scalability. The utility model allows you to start without monthly commitment and scale to your solution as requirements dictate. From one sole 2GB RAM Linux server with 1GB storage, to 6 servers using 36GB RAM. Beyond this point it becomes more economic to take a level of commitment. At the end of each month the resource allocation accumulated over the month are calculated and charged for. The commit models give budget predictability; a monthly fixed amount buys a pool of resources. These can be used as needed and when all are allocated additional burst 1 resources can be called upon (and charged for dependant on usage). 3.2 Network Connectivity Interoute is the owner operator of Europe’s largest cloud services platform, serving international Enterprises, as we all as major European, North America, East and South Asia’s telecommunications operators. We operate over 60,000 kms of lit fiber with 21 metropolitan area networks (alongside 8 data centres, and 32 collocation centres) in the 26 largest cities of Europe. The physical connectivity in conjunction with our Unified Connectivity service portfolio has enabled Interoute to be one of Europe’s leading Business connectivity providers. The Unified Connectivity portfolio includes layer 3 IP Virtual Private Networks, layer 2 Ethernet Virtual Private Networks and Internet services. The Virtual Data Centre service is built into Interoute’s core MPLS network; combining our network reach, award winning connectivity services with our cloud computing service gives you private cloud security with public cloud simplicity. For further information on Unified Connectivity as part of Interoute’s Unified ICT vision please see Appx. H - Unified ICT. Interoute peers with a number of National Research and Education Networks (NREN); including JANET in United Kingdom, GARR in Italy, RENATER in France and DFN in Germany [Q-G06]. Interoute’s fiber assets are by some margin the largest in Europe and therefore we support a substantial proportion of the internet traffic in Europe directly or indirectly, through the likes of Google, Telefonica and O2. 1 For the G-cloud ITT it should be noted that “burst” here is referring to using resources above and beyond the amount dictated by a commercial package. Not to be confused with VDC resources being elastic in nature but not burst. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 13 G-Cloud ITT Interoute Virtual Data Centre Service 3.3 Interoute – Federated VPN’s to build tiered service Interoute has no formal PSN certification but believes based on our network technology and capability we would be able to act as a GCN broking network, a role we are familiar with adopting for other providers. This would be achieved by adapting our underlying MPLS technology to create a tiered PSN compliant infrastructure that enables the correct flow of information as well as suitable protection. Interoute’s standard MPLS capabilities make the implementation of a simple fully-meshed IP VPN convenient and cost-effective, but there are still situations where a more controlled approach to inter-site traffic routing is required. The G-Gloud and PSN is one such example of a large hierarchical organisation where internal customer/service-provider relationships exist and are policed, accounted for, and measured against SLA. Other examples are organisations that require segregation of business function in order to satisfy some regulatory or compliance requirement. In these cases, the convenient any-to-any traffic routing that auto-full-meshed MPLS VPNs provide is counter-intuitive given the level of control and traffic regulation required. Unrestricted any-to-any connectivity is appreciated, but only when applied to a closely defined group of sites, or domains. This meets the G-Cloud objective of free flow of information where practical within the constraints of the legislation and information being passed over. The assumption is that between domains, it is rarely the case that end-sites never want to be able to communicate with each other at all. Rather, they simply prefer to communicate at a higher-level, either via an application, a firewall, or some other form of traffic-brokering function. This brokering allows for measured control and separation. Obviously to achieve some impact levels, i.e. Greater than 4, Interoute would suggest or advise on complete separation and employ the use of a diode/air gap based gateway model to facilitate communication if required. This high-level controlled inter-agency traffic situation can be likened to the operation of SMTPbased email on the Internet. In today’s world of enterprise firewall and ubiquitous private network addressing, Email clients do not enjoy unrestricted IP connectivity to each other, allowing all protocols to operate. Instead, they both rely on an Internet connection – where their source address is usually masqueraded – and so-called MX (mail-exchanger) hosts to exchange email messages in a defined and well-formed way. A similar method can be applied to inter-domain traffic routing with large, hierarchical VPNs. Industry-standard MPLS VPN technology still underpins the connectivity, but at design and provision time, the customer nominates sites and associates them with organisational domains. For example, in the case of the GCloud/PSN application, it may be the case that network resources are being procured to support multiple agencies, or indeed, an outside supplier. In this case, each unique organisation can be associated with a separate domain. The intention is to define the boundaries of unrestricted traffic flow and to define where traffic flow is regulated and policed. It’s very important to realise that these site/domain associations should reflect the customer’s own organisational separation, rather than be defined according to topological convenience if the resulting network is to be reflective of the customer’s needs. Once sites are associated with domains, Interoute uses conventional methods to provision VPN functionality, deploy CPE, and handover operation to the customer as usual. In parallel with this activity, an intermediate “brokering” VPN instance is also created on the Interoute backbone. This VPN is not associated with any specific customer in question, but rather it acts as a backbone to transit traffic from one domain to another. The only traffic visible on the intermediate backbone VPN is traffic between domains, and likewise, the only way for traffic to flow Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 14 G-Cloud ITT Interoute Virtual Data Centre Service between domains is via the intermediate backbone VPN. This forms the control point or gateway between networks. While the intermediate backbone VPN possesses no real customer sites, it does hold pseudo-sites that act as a gateway to each customer-related domain. These pseudo-sites are co-located on the service provider infrastructure, so are “neutral” in respect to ownership or association with any one single domain, and their sole function is to relay traffic in a manner and according to policy stipulated by the customer and/or delegates of each of the separated domains. The pseudo-nodes can, in the simplest case, be traditional IP firewalls, or in more advanced cases, application-layer proxy servers can be used. The exact deployment depends on the customer requirement and the nature of the inter-domain traffic flow required. The example diagram shows an organisation with split legal entities across countries and a requirement to regulate traffic in some way between entities, perhaps due to data retention laws or restrictions. To address the requirement, three independent MPLS VPNs are created: One to service the Government supplier, One to service the Local authority, One to relay international traffic between organisations (GCN). Two policy-enforcing pseudo-nodes that control traffic between domains populate the centralised backbone VPN, or GCN. For traffic to successfully flow between domains, the two separate organisations must have coherent policy and an on the mechanism, protocol and application. They may well implement extra measures such as encryption for data integrity protection, or transaction logging for accounting. In some cases, it is convenient to associate site domains based upon geography. This makes network topologies simpler, since there are no cases where the creation of the intermediate backbone VPN to broker traffic causes to traffic route in an inefficient way. An organisation is free to group its domains in any way it chooses, but significant consideration should be made with respect to the definition of domains and association with sites. It must be understood that the boundaries between domains are hard boundaries that cannot be changed easily, for good reason, and just as importantly, the flow of traffic is constrained, by definition, to follow the gateways between these domains. If this path is not a desirable one for network characteristics such as delay, application performance may suffer. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 15 G-Cloud ITT Interoute Virtual Data Centre Service 4Security and Impact Levels Ownership, Technology and Certification means you can be assured that your Virtual Data Centre solution is secure. The platform is built into our MPLS network; MPLS is inherently secure, offering address and routing separation of each customers VPN. Interoute wholly owns and manages every aspect of the infrastructure associated with the service. We are, because of this, trusted by the world’s governments and leading service providers through our unique ability to assure data end to end and through the full delivery platform stack. Interoute owns the 60,000 km of fibre that enables Virtual Data Centre to offer unrivalled connectivity and capacity. The Physical Data Centres are owned, not leased, by Interoute. Interoute’s VDC centres are physically constructed in London, Geneva and Amsterdam with more cities being announced. Each Tier 3 Data Centre has achieved ISO 27001 Certification and PCI-DSS for Information security and data integrity [Q-G15, G16, G19]. 4.1 Impact Levels Supported Interoute as a business currently has capabilities to support up to level 5 and we have a facility that was successfully inspected in 2009 and given List-X status up to secret. In terms of the aspiration for VDC we regard it currently in its standard form via MPLS VPN as being level 3 and with the addition of encryption would achieve level 4 [Q-LOT1-9]. Going beyond IL4 would require a special build of the platform, something we can entertain. At present we are starting the certification process. Further information on Interoute’s status and accreditation is available based on appropriate clearances being satisfied 4.2 Data Location Governance and Transparency Unlike many public cloud services Interoute’s Virtual Data Centre allows you to specify physically where your data is held and as such enables our larger customers to be prescriptive with where we place the data. When provisioning the VDC service you are asked to choose the geographic zone within which your data is to be stored and processed. This ability to offer fully transparent data governance allows customers to comply with most regional regulatory variations [Q-G15, G16]. In addition to this, being a fully European clod service provider, data stored in Interoute’s cloud is not susceptible to the US Patriot Act [Q-G17]. In the case of the G-Cloud initiative, where data needs to reside within the UK, it is feasible that additional government approved, colo-sites can be populated with a managed, standardised, scaleable VDC pod securely integrated into the MPLS network, thus both data services to reside and migrate between any of these sites within the UK. For further information regarding the VDC build out option please refer to Appx. E: Modular Architecture. 4.3 Storage Types and levels Block level persistant storage [Q-LOT1-4] is available in multiple tiers; including “enterprise” (where performance is paramount), “utility” (where cost Is key), “DR” (data replication to additional geographic VDC as part of disaster recovery solution) and “backup” (for backups). Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 16 G-Cloud ITT Interoute Virtual Data Centre Service 4.4 Backup Deployment of backup schedules and mechanisms of the customer data is entirely customer driven as we understand that most enterprise businesses have applicable standards and licensed software already. Interoute provide a backup storage tier to customers so that they may schedule application and OS level backups to disk, thereby achieving fast backup I/O rates. These local disks may be replicated across VDC zones to provide off-site backup, with no inter-DC traffic costs. Customers may also use this free inter-DC traffic to schedule application level backups (e.g. database replication) across VDC zones. The customer is able to use whatever software they prefer to support backup. The files can be kept in accordance with data retention policy and replicated out to another data centre for Archiving if necessary. Interoute can schedule block level snapshots of a customer’s virtual machines and external block storage in order to provide a mechanism to recover running images and data where necessary. This allows Interoute to maintain a resilient platform as well as, on request, customisable backup and DR solutions. 4.5 Disaster Recovery As with the backup solution Interoute VDC allows the customer architects the ability to build the most appropriate DR solution for their system, dependent on RTO and RPO requirements. Interoute provides the infrastructure to apply application level and SAN based replication across datacenters. Application level replication across the IP network is fee and most commonly used to asynchronously replicate databases across the VDC zones. The customer can then provision the entire supporting infrastructure around the data within hours, less if pre-provisioned. SAN level replication can be provided, dependent on RPO requirements, and again used to keep data in the secondary zone in-sync and available to a secondary infrastructure in case of disaster at the primary zone. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 17 G-Cloud ITT Interoute Virtual Data Centre Service 5Cloud On Boarding Process Migration from a typical internal or hosted environment to managed cloud services allows an organisation to leverage strategic goals against ICT capabilities and turn ICT from a cost centre into an agile business service. Interoute deliver a wide range of cloud services with the same pervasive requirements of security, resiliency and flexibility consistently delivered throughout. Interoute’s typical on boarding process would follow the below process [Q-G12]: Strategic Requirements Review Infrastructure Analysis Issue Project Plan Resource Allocation Infrastructure Build Dashboard / Monitoring Provisioning Data Migration Support On Boarding Tasks Production Live Post Migration Support Finalised Documentation On Boarding sign off Support Hand Over 1. 2. 3. 4. 5. 6. Strategic Requirements Review: To maximise a client’s return on their investment in hosted and enterprise cloud solutions, Interoute undergo a thorough review process of the client’s transformational goals and existing ICT infrastructure. Whilst ensuring that an appropriate scoped and resourced service is delivered, more importantly it allows the client to review the strategic goals of the ICT estate. Infrastructure Analysis: A detailed technical review of the target design and the current insitu Infrastructure. This due diligence phase is designed to ensure that the proposed design meets all the technical objectives and to highlight potential risk areas. Processes such as capacity planning, low level design and security policy would be incorporated into this phase. Issue Project Plan: The issuing of a detailed project plan highlighting a step by step task list via a phased approach. At this point a project manager will be allocated to the on boarding work flow. Resource Allocation: Following agreement of the proposed project plan, the relevant technical resources (Primary & Secondary Implementation Consultants) will be allocated to the project and the tasks will be diarised. Infrastructure Build: The core build of the cloud infrastructure to the agreed low level design specification. This will include all elements from a network to application layer. Dashboard / Monitoring Provisioning: Following the completion of the build phase, Interoute will then provision the customer facing portal environment and the proactive Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 18 G-Cloud ITT Interoute Virtual Data Centre Service 7. 8. 9. 10. 11. 12. 13. service elements. This includes customer management, monitoring, change management, health checks and security tests. Data Migration: Customer data and workloads will be migrated into the cloud infrastructure. This may occur via a physical capture, a data push or real time replication. Support On Boarding Tasks: An awareness program for the production support team and final information capture. Production Live: Production live dates can be arranged out of business hours where necessary and the dedicated implementation team will baby sit the environment during this critical phase, whilst undertaking a series of performance and functionality tests. Post Migration Support: Following the production live date support ownership of the environment is retained within the implementation team. During this period any customer snagging tasks will be attended to. Typically this phase will last between 7 – 30 days post production live. Finalised Documentation: A documentation pack will be sent to the client detailing the final environment build and support process. At this point any user training can be provided to customers wishing to use the more advanced features provided by the cloud portals. On Boarding sign off: A sign off phase to agree the documentation and completion of the cloud on boarding process. Support Hand Over: Once the migration process has been signed off, support responsibility will be handed to the production support team. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 19 G-Cloud ITT Interoute Virtual Data Centre Service 6Support 6.1 Service Support VDC is an Infrastructure As A Service. The virtual resources, compute, network and storage are fully managed and supported by Interoute’s operations centre. Interoute operates two fully diverse operation centres, each with a Customer Support Centre (CSC) and Network Operating Centre (NOC), in Prague (primary) and Sofia (backup). These facilities are operational 365 days a year, 24 hours a day, 7 days a week. The CSC can easily be contacted by an International toll free 0800-number, a Direct Dial In number, an online web portal (the Interoute Hub) with web chat, or email. Our CSC team is multilingual with the majority of European languages supported: English, French, German, Italian, Spanish, Swedish, Portuguese, Dutch, Czech, Greek, Polish, Bulgarian, Russian, Hungarian, Norwegian and Romanian. Incident Trouble Tickets relating to VDC infrastructure are raised with the CSC (as described by Appx. I - Trouble Ticket Life Cycle). Tickets can be raised by the company directly contracting for the VDC service or by a third party offering a service (based on the underlying VDC infrastructure) to the direct customer [Q-G30] Management, support and consultation beyond the scope of Infrastructure As A Service, for example Managed Servers or Software/Application, can be achieved through Interoute’s additional Unified Computing and Professional Service product lines Appx. H - Unified ICT For additional information the process, teams and procedures in place to manage the service please refer to Appx. D: Service Support and Appdx. E: Interoute Operational Model 6.2 Perfect Service Month To monitor service and performance Interoute runs an Operational Management meeting every Monday at 9.00 which is chaired by the CEO, includes all the members of the management board and the senior team from business lines, technology and operations. All adverse events are reviewed in this meeting as well as our premium sensitive customer lists (of which the UK government would qualify). The events are then measured as part of a perfect service month. This is a more onerous measure than simple availability as it counts any service-impacting event regardless of duration as an adverse event counting against the target. Currently Interoute runs at 95% annually. 6.3 Training VDC is an Infrastructure As A Service, it is managed and administered through a highly intuitive web based Control Centre. The VDC service support portal (http://hub.interoute.com/access/vdc/help/) features video and written content covering user guides, frequently asked questions and “how to…” articles. Additional public webinars are run, demonstrating new functionality and associated applications. Where necessary, customer tailored training sessions can be created. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 20 G-Cloud ITT Interoute Virtual Data Centre Service 7Roadmap The main product development priorities are characterised by the following: Enable a VDC Application Programming Interface Expansion of the number of applicable application scenarios Increase the use of Interoute VDC and the CloudStore as a marketplace for our customers to offer services through. Enable partners to integrate the service into their offering The product roadmap priorities are detailed below: 7.1 Full API – Q212 The orchestration engine that is key to the Virtual Data Centre solution already supports an Application Programming Interface. An immediate product roadmap priority is to expose this API service to our customers; enabling them to manage their VDC service through API calls as opposed to, or in addition to, manual web based activities. Customers would then be able to further integrate VDC IaaS into their own IT management or provisioning applications. It would enable auto scaling (or in G-Cloud terms, burst) resources; processes could be monitored and on reaching a trigger event cause additional resources to be allocated in an automatic fashion using the API. For the G-cloud an auto scaling solution would be ideal for such scenarios as Census or Tax returns. 7.2 CloudStore Partner Service Integration - Q212 The initial release of the VDC service enables virtual appliances to be either uploaded via the customer themselves or obtained from Interoute through our CloudStore. The ClouStore offerings will continue to grow as Interoute releases more and more appliances. As well as Interoute supplied appliances we will be developing the CloudStore to allow partners to offer their own appliances through CloudStore “shops”. Our partners will not just be allowed to distribute their appliances through Interoute but also offer fully managed services around their appliances. Such management will require monitoring tools and access by the partner service providers to the data [Q-G29]. 7.3 Global Load Balancing - Q212 One of the strategic objectives of Interoute’s cloud computing development is the realisation of truly packet based economics and resiliency for computing. The start of this process is the ability to move workloads around different sites for resiliency or load reasons. 7.4 Storage (update through-out 2012) Interoute is expanding and developing its storage capabilities throughout 2012. We are launching a combined storage family of products that will give the enterprise a continuum of storage from the personal ‘dropbox’ like model through to virtual NAS capabilities and tiered storage offerings. The product is the evolution of Interoute’s Media Manager Content Delivery Network. Interoute has extensive experience in controlling sensitive media via a varied set of digital rights management tools; geographic control, expiration of content, audit of content through watermarking, content Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 21 G-Cloud ITT Interoute Virtual Data Centre Service authentication and protection. The product called Interoute Express is the client side of Interoute’s storage and media distribution capabilities. This level of control will be combined with our existing cloud storage available within VDC to create a complete storage capability as illustrated. The service will be tiered so as to provide a common and secure data store distribution model for large enterprise communities. It is currently being developed under the working product name of Safeboxx. Central to the value proposition of Safeboxx is security. Interoute is adapting technologies developed to secure pre release music (EMI-Universal) to secure document distribution. Using Interoute’s own Content Protection Gateway (CPG) Interoute has a language that can be applied securing the data distribution relationship between to entities at the country, subscriber, IP address or any combination including data availability available on a timed basis i.e. between 3-4pm. This level of granular control can be applied to exceptionally sophisticated scenarios. The different typical service tiers planned are shown below. 7.4.1 SafeBoxx Personal Supported features 10GB Storage Web interface allowing file management Mobile web interface Desktop integration for PC/Mac Mobile Application for iOS/Android – RIM/WP7 to follow Share File / Folder Email Link Previous Version Support Basic HTTP video delivery – Pseudo streaming, limited file support Modules (can be added to on a per subscriber basis) Playlist Share – up to 5 users. SafeBoxx Media Streaming Video Transcode – non-real-time Audio Transcode – non-real-time A/V Transcode Bundle Social Network Module: YouTube/Vimeo Upload, Twitter Short URL link, OEmbed (Facebook etc). Facebook/Twitter/Last.FM Scrobble - What Am I Listening to? Previous Versions+ – retention or specific file numbers? Increased Storage Tariff Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 22 G-Cloud ITT Interoute Virtual Data Centre Service User scan of social media networks 7.4.2 SafeBoxx Pro Includes all of Safeboxx Personal including the following additional features and expansion. Storage starts at – 100GB Increments include 250, 500, 750, 1TB, 2TB, 5TB etc. [TBD]. Web interface allowing file management Mobile web interface Desktop integration for PC/Mac Mobile Application for iOS/Android – RIM/WP7 to follow Share File / Folder / Link Share secure link – Base on Geo-location or user credentials Email Link Previous Version support – “TimeMachine” – 30 days Streaming Media Support – up to 5TB transit per month @ up to 500Mbps File Encryption Team Management – Individual, Team and Collaborative Team Management – includes document locking when file is being worked on. Google Docs integration Reporting – Storage Usage, User reporting [Most/Least Active, Storage per user], Streaming Transit Modules 7.4.3 ActiveDirectory/LDAP synchronisation DR Storage w/ Geography preference Streaming Service – 25TB per month @ up to 2Gbit/s [includes Multi-device Player] CDN Service – 100TB per month [includes Multi-device Player] Music Playlists w/ shared playlist creation Social Network Module Media Transcoding Content Protection Gateway+ (fine grain control of delivery options). Security Level (Select 1 – 2) Microsoft 365 SafeBoxx API Access (includes CPG+) SafeBoxx Enterprise As per Safeboxx Pro plus. 500GB+ Storage On-Net delivery through VPN Web interface allowing file management Mobile web interface Desktop and Server integration for PC/Mac/Linux – Linux via Logical Drive only Mobile Application for iOS/Android – RIM/WP7 to follow Share File / Folder / Link Previous Version support – “TimeMachine” – 60 days Multi-country DR Backup+ [up to hourly snapshot] Share secure link – Based on Geo-location, user credentials, user IP, download limit File Encryption Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 23 G-Cloud ITT Interoute Virtual Data Centre Service Enterprise User Management – Individual to team/projects with file lock Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 24 G-Cloud ITT Interoute Virtual Data Centre Service 8Commercial The virtual data centre replaces need to buy colocation, power, hardware, network, data centre staff and a crystal ball. Furthermore, the improvement in asset utilisation afforded through a more dynamic virtualisation model vastly improves the € to CPU ratio with compression rates exceeding at least 4 times as efficient as the dedicated legacy equivalent. It also removes the need to decommission legacy, potentially unsupported and under utilised servers and moving to leading edge energy efficient hosted data centres reduces your corporation’s carbon footprint. The service is available in two commercial models; utility and commit. Utility is a zero commit model based on pay as you go charging; each virtual resource has a charge per hour of allocation and the customer is charged at the end of the month for the total amount of resources allocated. For example a Virtual Machine assigned 2 vCPU will utilise 2 vCPU per hour, 48 vCPUH per day and over a month (assuming 30 days) 1440 vCPUH. The minimum billing period is one hour and there is no set up or termination charges [Q-G31, G33, G36, Q-LOT1-7, Q-LOT1-16]. Predefined committed monthly packages offer greater budget predictability but still allow you to expand and grow your data centre as demand requires. For a fixed monthly charge customers are assigned a set amount of resource (at a more economical rate than when compared to utility). The minimum contract period for a committed package is 12 months. Each package defines the included amount per hour of each resource. Customers are able to burst to beyond their commit limit. For example, the Small package includes twelve vCPU per hour. If a customer runs six dual vCPU servers then over a month they would have stayed within the boundary of their commit package. Eight dual vCPU servers over the course of a month will have exceeded the Small boundary by 1440 vCPUH. This excess or burst usage will be charged accordingly. The minimum billing period is one hour and there is no set up or termination charges. Each package includes an amount of virtual resources to be allocated. The resources can be distributed amongst multiple Virtual Data Centre instances, with each instance being in a separate Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 25 G-Cloud ITT Interoute Virtual Data Centre Service Geographic zone. As an example a Medium package can be distributed between a “Live VDC” in London and “Disaster Recovery VDC” in Amsterdam. You may be using the IaaS offered by VDC to offer your own cloud services such as Platform As A Service or Software As A Service. You might have a “SaaS CRM VDC” for your SaaS Customer Relationship Management service or “PaaS PHP VDC” for your PaaS PHP Scripting Application platform service. The VDC service enables you to aggregate your billing. Purchase at a corporation level and achieve savings associated with buying in larger quantities, but report on a Business Unit, Departmental or Cost Centre basis [Q-G32]. So you might have an “Ecommerce VDC” and “Intranet VDC”, or “HR VDC” and “R&D VDC”. The VDC service lets you manage your resources however your company needs it. The VDC service’s utility model is a perfect entry point for corporations trying out cloud services for the first time or for those considering migrating away from either their own internal private cloud or an alternative public cloud service provider. We also run trial programmes whereby customers trailing new functionality can use the service for free in exchange for feedback. 8.1 Billing and invoicing Interoute’s customer portal the HUB, the VDC Control Centre and our CRM system feed directly into our billing system (Oracle). Our billing department manages financial activities associated with all services. The billing department process invoices, raise any credits, process orders and manage any queries that the customer may have relating to the financial status of their account. Interoute operates monthly bill runs, facilitating frequencies including Monthly, Quarterly and Annually (advance) charges. The monthly bill run is complete by the 6th working day of every month and invoices are distributed in paper format by post and made available on the Hub in PDF format. The invoices issued include the following standard information: Invoice date & number Tax point date Due date Customer Name VAT number Breakdown of charges and TAX A line item per service with presentation points Bank details Remittance address Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 26 G-Cloud ITT Interoute Virtual Data Centre Service Appendix A: Hypervisor support Supported Hypervisor Format VirtualBox KVM Xen ESX/ESXi Hyper-V XenServer Disk Disk from Device VMDK fixed disk VMDK sparse disk VHD fixed disk VHD sparse disk (default format for (default format (default format (default format for for Hypervisor) for Hypervisor) Hypervisor) Hypervisor) VDI fixed disk VDI sparse disk (default format for Hypervisor) QCOW2 fixed disk QCOW2 disk sparse (default format for Hypervisor) Table 1: Hypervisor images supported by Virtual Data Centre Service Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 27 G-Cloud ITT Interoute Virtual Data Centre Service Appendix B: OVF Open Virtualization Format is a hypervisor-neutral, efficient, extensible, and open specification for the packaging and distribution of virtual appliances composed of one or more virtual computer systems. To read the full specifications please follow this link: http://www.dmtf.org/sites/default/files/standards/documents/DSP2017_1.0.0.pdf Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 28 G-Cloud ITT Interoute Virtual Data Centre Service Appx. C: Applying the Interoute Virtual Data Centre The goal of Interoute’s Virtual Data Centre strategy is to create the first truly scalable and programmable ICT infrastructure platform for all critical ICT infrastructure needs. Virtual Data Centre can be used to create virtually any self managed ICT service. In the next section we cover four scenarios: New service created in their hosted private cloud: we look at how a MPLS VPN connected customer can create a simple cloud based FTP service. Migrate from physical to the cloud: A MPLS VPN customer migrates their entire physical ecommerce solution into the cloud to obtain a redundant and flexible solution. Migrate from cloud to cloud: A MPLS VPN customer migrates their existing Cloud service from another provider to Interoute. New Service created in the Interoute public cloud: A new Interoute customer (Internet only connectivity) builds a simple cloud service. MPLS VPN Network Integration as Standard – IT Server The VDC service is fully integrated with Interoute’s MPLS network. Any Interoute VPN customer will automatically have access to the VDC via the Interoute Online Services Portal. Their MPLS VPN is extended to the Virtual Data Centre and the associated Virtual Machines automatically have WAN connectivity with their IPVPN sites. The following diagram shows how an Interoute Unified Connectivity (UConn) customer can create a Virtual Data Centre in the London zone. Two virtual machines have been built, each with 2 GB RAM and 1 virtual CPU. Both are running CentOS virtual appliance and serve as basic FTP servers to FTP clients at the UCONN sites. Figure 1: Basic VDC integration with UCONN Extending the example, the customer could then add additional ICT infrastructure to the London VDC zone. Two Microsoft Internet Information Servers, a firewall, an additional VLAN and a public IP Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 29 G-Cloud ITT Interoute Virtual Data Centre Service address with Internet access. The Public Internet IP address includes an amount of data transfer. Data transferred in is uncapped and free; data out is capped depending on the package purchased. Figure 2: UCONN VDC with local Internet breakout Provision multiple public IP addresses Build entire multi VLAN tiered ICT topology Create VDC in one or more zones: o London o Amsterdam o Geneva Existing Interoute IPVPN (UCONN) customer & VDC looking to extend services to the Internet The diagram below shows a typical VDC deployment. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 30 G-Cloud ITT Interoute Virtual Data Centre Service Figure 3: Dual Zone Hosted Private Cloud The existing customer already had multiple sites connected using Interoute’s Unified Connectivity VPN and/or Ethernet service. They were running an online e-commerce solution delivered using expensive physical infrastructure in a single London data centre. In a drive to maximise cost efficiencies the customer had already looked at virtualisation but with such fluctuating computing demands and the desire to move to a geographically dispersed, disaster recovery enabled, elastic solution they chose to look for a hosted IaaS cloud service. Offering full integration with their existing VPN, real time online ordering and provisioning and flexible burst models, Interoute’s VDC product was an obvious choice. In this instance the customer wanted to deploy a disaster recovery topology; a smaller scale backup site with data replication from the Primary. Once they had defined the scale of their requirements (table below) they could confirm that the commit Medium package would fulfil their core requirements. Resource Requirements Virtual Primary e- DR zone vCPU Appliance commerce available zone vRAM (GB) vDSK (GB) vSTOR (GB) Firewall 2x 1x 1 2 10 0 Load Balancer 2x 1x 1 2 10 0 IIS Web Server 4x 1x 1 4 80 0 Application servers 6x 2x 2 8 80 0 Database servers 2x 1x 4 16 80 200 Network Total required IRT VDC Commit Medium includes Public IP VLAN 2+1 16 VM 6 VM 4+4 39 vCPU 144 GB 1340 GB 600 GB 3 vRAM vDSK vSTOR 8 48 7 144 1920 0 3 Table 2: Customer's e-commerce IaaS requirements Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 31 G-Cloud ITT Interoute Virtual Data Centre Service Using the Interoute customer portal Hub, the customer selected the VDC package they wanted, then being an existing VPN customer they were able to easily integrate the VDC solution with their existing WAN service.VPN sites. Within minutes they were able to build virtual networks and allocate cloud resources to create virtual machines in two separate Geographic zones. The virtual machines were to serve as Virtual servers, including Windows and Red Hat, and as Network functions including Firewalls and Load Balancers. Supporting OVF open standard virtual appliance images the customer was able to upload customer specific appliances; others they bought from the cloud store. As Interoute’s VDC is inherently private they had to create a connection to the Internet. They are able to break out to the Internet by the customer selecting and provisioning the public IP addresses onto their firewall appliance. When an end of year promotion increased the amount of Internet traffic the customer simply provisioned more virtual infrastructure. The package allowed them to burst above their committed package and use additional computing resources to handle the additional demand. At the end of each month the amount of resources allocated is calculated and where applicable the customer is invoiced for additional burst usage. Existing Interoute IPVPN (UCONN) customer migrates from public cloud service Provider to Interoute A European customer’s CRM solution was originally delivered by a public cloud service provider. Concerned over the security and privacy of their data they wanted to move their data into the EU. Being hypervisor independent meant that the VDC was an ideal destination for the cloud migration. Virtual Machines Images were simply downloaded from the source provider and along with application data uploaded to VDC to run on their private hosted cloud. The customer simply imported these images, assigned them resources and activated them. Moving to VDC enabled the network topology to be constructed in a supportable, more traditional and therefore secure fashion. VDC supports Firewall and Load Balancer Appliances, DMZs and VLANs. The network appliances are fully functional, commercial grade, user controlled instances – not simple and inferior emulated versions. The net result being that multi tiered architectures can be created and managed with reduced complications in their design and management and therefore greater confidence in their performance and most importantly security. Figure 4: Migrate from Public to Interoute Cloud Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 32 G-Cloud ITT Interoute Virtual Data Centre Service New customer accesses via Internet to create Cloud service The customer chooses Interoute as its public cloud service provider. Using the Hub, via the Internet, the customer creates the tiered topology and assigns appliances for a Firewall, a windows server and a CentOS server. To manage the appliances the customer achieves LAN side access via an SSL clientless VPN connection. SSH, RDP and HTTP are tunneled through the SSL connection to access and manage the firewall, windows and linux servers respectively. ICT Services can be created in the cloud using virtual infrastructure, accessed over the internet and managed securely over a SSL Internet tunnel. Figure 5: Customer gains access creates and manages VDC via the Internet Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 33 G-Cloud ITT Interoute Virtual Data Centre Service Appx. D: Service Support Service Management Interoute’s Customer Service Management has become a highly valued proposition for our customers. It is recognised within the industry as a unique differentiator in delivering complete and professional service excellence. Each Customer Service Manager (CSM) works closely with their customer using structured techniques and a proven methodology. Our Customer Service Manager will ensure that all aspects of our service meet contractual agreements and deliver high levels of customer satisfaction. Interoute’s support activities follow best practice methodology to ensure we provide secure and continuous services for our customers. To this end we have a comprehensive suite of Service Management processes built with ITIL guidance for best practice. The Central Service Management team (CSM) within Interoute is responsible for process development and improvement; members of the CSM team are at least foundation certified in ITIL at version 3. Service Support Interoute operates two fully diverse operation centres, each with a Customer Support Centre (CSC) and Network Operating Centre (NOC), in Prague (primary), Sofia (backup) and Lulea. These facilities are operational 365 days a year, 24 hours a day, 7 days a week. The CSC can easily be contacted by an International toll free 0800-number, a Direct Dial In number, an online web portal (the Interoute Hub) with web chat, or email. Our CSC team is multilingual with the majority of European languages supported: English, French, German, Italian, Spanish, Swedish, Portuguese, Dutch, Czech, Greek, Polish, Bulgarian, Russian, Hungarian, Norwegian and Romanian. Emergency Works Network Alarms Planned Works FLM Callout Customer Fault Queries Customer Status Reports Reports, Fault Resolution Network Status Network Operating Centre (NOC) Customer Support Centre (CSC) Customer Support Reques 3rd Party Escalations Management Escalations SL Support Callout CUSTOMER Customer Ticket Monitor and Report Figure 6 : Informing our Customers - the NOC liaises regularly with the CSC to ensure that you are informed with progress reports and anticipated time to repair. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 34 G-Cloud ITT Interoute Virtual Data Centre Service Customer Support Centre (CSC) The CSC is the single point of contact for customer trouble tickets (TT) and coordination of fault resolution activity. The primary purpose of the CSC is to manage trouble tickets life cycle through to resolution within the agreed service levels, comprising these key activities: Opening trouble tickets - in response to calls from customer Managing resolution - through the Network Operating Centres (NOC) Providing regular updates - to customer until the ticket is closed Inform Customer proactively - of possible disruptions where the NOC has detected a problem through its management systems for managed services Proactive ticket handling Arrange site access - arranging customer/contractor site access Notify planned works - notification of planned works with customer The CSC can easily be contacted by an International toll free 0800-number, a Direct Dial In number, an online web portal (the Interoute Hub), or email. Our CSC team is multilingual with the majority of European languages supported: English, French, German, Italian, Spanish, Swedish, Portuguese, Dutch, Czech, Greek, Polish, Bulgarian, Russian, Hungarian, Norwegian and Romanian. The lifecycle of a trouble ticket is included as Appx. I - Trouble Ticket Life Cycleto this proposal. The escalation procedure is described in Appx. J - Escalation Process. Network Operating Centre (NOC) The NOC manages the Interoute network tasked with responsibility for: Proactive Network Monitoring Effective management of technical and network resource Technical analysis and trouble shooting Third Party management Planned Works management 1st, 2nd & 3rd Line Support The NOC liaises regularly with the CSC to ensure that all customers are kept informed with progress reports and anticipated time to repair. The NOC engineers form these specialist teams: First Line Technical Support – based in Prague and Sofia the first line team is made up of our 24/7 NOC. Second Line Technical Support – based out of Prague and sits along side our first line teams. Third Line Technical Support – is provided by Interoute’s Prague based Network engineering group Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 35 G-Cloud ITT Interoute Virtual Data Centre Service Appdx. E: Interoute Operational Model The original and still key focus of Interoute is to operate a multi service operational model based around the creation of key service platforms. Interoute’s challenge was to create a model that continues to be extensible over our core service offerings – our business is service management – across technologies and service delivery variants that are yet to mature. Therefore the traditional discrete technology model simply cannot scale or moreover anticipate the integration that is inevitable within the context of the services Interoute provides. Interoute architected its model around four key areas as illustrated below. The four elements work in concert as one operational service factory. The organisation and OSS are the oversight and management of the model. Process should be thought of as the ‘bus’ that runs either as an automated function in the OSS or as part of a workflow based routing model through the organisation. Tying together what can be multiple platforms and geographies is the common data or service model that Interoute has deployed to ensure interworking between the elements and intuitive or removal of complex handoffs. The goal as with any operational model is to improve the operational efficiency through progress automation of service management that improves oversight and response times. Interoute OSS model Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 36 G-Cloud ITT Interoute Virtual Data Centre Service Central to the Interoute operational model has been the creation and development of the Interoute OSS. The architecture shown below illustrates how Interoute is able to abstract the underlying platform technology creating a common performance management, inventory (logical and physical) and customer relations management platform. Reporting is then achieved through a combination of the Interoute Hub (predominantly customer facing) and Business Objects, our analytics platform. The architecture combined with the Interoute data model allows us to abstract away from the specifics of underlying technology presenting a consistent process driven model. Interoute Data Model The Interoute Data Model was created as a common language across all systems that allows Interoute to describe all its products and services in a consistent manner to enables the abstraction of the specific technology ensuring it can be described, delivered and supported using the same common infrastructure. The data model is a tiered structure that operates at predominantly four levels of hierarchy. A “Solution” should be thought of as a grouper that collects together a set of products being sold to a customer. A “Product” (in the data model) should be thought of as a type of Product (in the real life sense) that Interoute sells including the terms and conditions of sale and the service level agreement. A “Parcel” is simply an instance of a “Product” – it is a delivered service. A “Delivery Point” should be thought of as a logical container for the components and where the service is delivered. The “Delivery Point” for a service where there is no physical presence is purely logical and is not really a Site at all. A “Parcel” is usually delivered at a “Delivery Point” or a number of “Delivery Points” – it is essentially an instance of a Product. There are some exceptions to this as some Products are logical (for example a Media streaming service). For these exceptions we will have the notion of the “Null Delivery Point”. The “Components” are listed in the Product Catalogue. Combinations of components make up the delivered service at a Delivery Point. The components fall into five categories: Connection (CON), Service (SVC), Patch (PTC), Professional Service (PFS) and Tail Circuit (OLO). Here is a diagram showing these concepts: Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 37 G-Cloud ITT Interoute Virtual Data Centre Service The diagram below illustrates how a complex collection of different services are represented in the data model This common format with the specifics of the technology abstracted down to the component level enables Interoute to create a more efficient model for service management and fulfilment. For example logistics processes, for the physical demarcation of product, need only cater at the component type level and not the specifics of the component. This means in the case of a VPN Interoute is able to streamline the delivery and introduction of new technologies, as logistics is abstracted away from possibly differing underlying technologies but optimised at the physical delivery level. Applying the infrastructure – Organisations, OSS, Data Model and Process Event based versus Alarm based management Traditional NOC operations are centred on the management and maintenance of alarms from the elements that make up services. The development of sophisticated root cause correlation engines combined with alarm management lead to the ability to distinguish root cause effects thereby eliminating sympathetic alarms. Despite the innovation this still creates, in a network the size of Interoute, many thousands of alarms which form an ever present ‘operational alarm floor’. While an experience operator and alarm reporting can determine trends it can never be full proof. In 2005 Interoute started development on an event-based management model. This approach creates a closed looped approach to event management through the creation of a unique error that pertains to that event. The event is now clearly visible and event resolution is achieved when the alarms are reduced to zero. The event is actually a collection of predefined filters and relationships created at time of service provisioning, for example there is a predefined event for a CPE which any failure in the components; OLO, CPE, port etc, leads to the creation of an event. This packaging of Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 38 G-Cloud ITT Interoute Virtual Data Centre Service alarms then gives the NOC a clear and unambiguous model eliminating the “operational alarm floor” replacing it with a zero event steady state. Interoute’s Event Management Objective The accurate and timely identification of an event (Alarm/Alert) that enables an engineer to respond appropriately pre-requisite to the objective of Incident Management (Mean Time to Repair and adherence to Service Level Agreements) as the “clock” starts on proactive incidents, from the time the event is generated. The Event Management process is focused on identifying and assigning priority to alarms from monitored elements across the Data Centre Infrastructure, Hosting/Media/Security Services and individual Customer Services. Event management then either acknowledges the alarms or feeds into Incident Management. Interoute Monitoring Infrastructure • • • • • • Alarms from key systems correlated via Smarts NOC presentation highlights alarms not yet processed by queue: Platform, Premium user etc. Tickets opened against alarms clear alarm queues and enter ticket queues Tickets managed by NOC if network event driven Tickets passed to customer support (via Siebel) if customer specific One network event may generate many customer tickets Interoute Customer Support • • • • • Priority separation of Premium customers Methodical application of a precise escalation process Call overflow between centres Key metric is how many services experienced any defect or planned outage in a month (zero defect focus) Key metric proactive v reactive response – currently 7.5 / 10 – our target is 8/10. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 39 G-Cloud ITT Interoute Virtual Data Centre Service Interoute’s ‘Incident Management Process’ Definition Incident Management is the process for dealing with all incidents (Data Centre Infrastructure, Hosting/Media/Security and individual Customer Services); this can include failures, questions or queries reported by customers/users, by technical staff, or automatically detected and reported by event monitoring tools. Interoute’ Incident Management Objective The objective of the Incident Management process is to manage failures that arise through alarms (events) or contact from a customer or other parties, and manage service or network affecting failures to resolution. It also handles logging, categorising and resolution of service threatening/affecting events on the Data Centre Infrastructure, Hosting/Media/Security and individual Customer Services Interoute’s ‘Incident’ Definition An ‘Incident’ is an unplanned interruption to a service or a reduction in the quality of a service of state which has significance for the management of a configuration item or hosting/media/security service. Failure of a Configuration Item that has not yet impacted service is also an Incident (identified via the Event Management process). Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 40 G-Cloud ITT Interoute Virtual Data Centre Service Problem Management ITIL defines an incident as an event that disrupts normal operation. A problem is the underlying issue that could lead to one or more incidents. Service Management run a Problem Management Process that looks at common causes to any recurring Incidents. This identifies and permanently resolves the reason for the Incident(s) – “Customers will accept failure, they will not accept repeat failure” Interoute's Problem management process includes: • Reactive Analysis – problem-solving when an error occurs with root cause analysis. • Proactive PM – identifying issues and potential risks before they become problematic. • Reporting - RFO (Reason For Outage) reports and Post Incident review This forms part of a monthly service review – aim is for both client and Interoute to manage poor performing sites. Reporting and Performance Management Performance management takes on two forms at Interoute. Performance management and presentation of the detail to the customer through the Interoute Hub and performance management tools used by Interoute personnel in the NOC and engineering environments. The Hub (shown below) seeks to summarise and address specifically service elements that are either part of the SLA or are pertinent to the customer managing their own services for example information regarding round trip delay between sites or port volumes on SIP trunks. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 41 G-Cloud ITT Interoute Virtual Data Centre Service Application Management The diagram below shows the common infrastructure that Interoute has put in place to monitor all networking and hosting assets across the Interoute footprint. This is all currently based on EMC’s IONIX platform (previously known as SMARTS) Ionix provides the fault management and monitoring of the base topology of the network and hosting solutions. It will detect problems and root causes of those problems. Which are then handled in the appropriate OSS layer. Interoute is also rolling out System Centre Operation Manager (SCOM) from Microsoft to offer a deeper insight into the application layer. SCOM sends all events to IONIX which acts as the global fault collector, enriching the existing event set with more information. The addition of SCOM and its combination with IONIX provides a rich environment for the management of complex applications. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 42 G-Cloud ITT Interoute Virtual Data Centre Service Appx. E: Modular Architecture An Interoute provided IaasS Cloud is based on a modular design, which may be scaled out as demand dictates. Using this approach, we are able to deploy hardware into any of our European datacentre locations using standardised delivery processes leading to minimal lead times and fully integrated into the Interoute MPLS cloud. Interoute Pod design The overall architecture of the Virtual Datacentre relies on a modular and scalable architecture that is vendor agnostic. The components selected by Interoute to supply Storage, Compute and Networking requirements are physically connected and configured in a systematically organised group, referred to as a “Pod”. The Pod is the minimum hardware unit for an Interoute Zone, and their size and physical requirements are can be tailored according to the required resources needed for the cloud implementation. Interoute has based it’s Pod design on vendor agnostic hardware such that the compute and storage components can be swapped or augmented by other vendor technologies if required. The specifications of each component used at the hardware layer may be changed to suit the required cloud specifications. Pod specifications The initial offering used in our hybrid cloud uses the following specified hardware: Compute: Storage: Networking: HP BL460c G7 (X5675 hex core CPU’s) with 192GB memory NetApp 3240 HA Cisco 4900M (provides 10G (fiber) connectivity) Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 43 G-Cloud ITT Interoute Virtual Data Centre Service Using the above hardware, Interoute’s typical pod specifications and requirements scale as follows: Requirements Capabilities Pod Useable approx. # VM’s Storage (4vGB,2vCPU, Space Power Ports RAM CPU (racks) (max) (10G ) (TB) (Cores) 2 chassis (min) 4 94 2 2,688 168 55 532 2 chassis (full) 4 94 2 5,760 168 55 1,140 4 chassis (full) 6 140 2 11,904 168 110 2,356 4 chassis (full) 8 188 2 11,904 168 220 2,356 Size (TB) 50vGB) The pod size is limited by the number of blade chassis systems that can be interconnected with the layer 2 switch. For VDC 1.0, this is provided by HP’s Virtual Connect technology. A minimum design consists of two chassis, half populated to allow easy expansion and resiliency. Once a pod has reached the limit of network, compute or storage hardware, a second pod may be introduced to the datacentre. This allows a single zone to be scaled horizontally within a physical datacentre. Multiple zones can reside in a single datacentre. Customer VDC resources must reside within a single zone in order to benefit from layer 2 connectivity. Connectivity between different customers VDC’s residing in geographically separate Zones requires layer 3 connectivity. This is automatically provided at the Network level and can be arranged at the Storage level. Both mechanisms allow the System architects to bring asynchronous replication features to their design across Interoute’s low-latency network. Interoute Pod physical design The hardware design of the Interoute pod is shown below. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 44 G-Cloud ITT Interoute Virtual Data Centre Service Two further HP C7000 Blade systems can be connected across the layer-2 interconnects, to allow up to 4 chassis to be interconnected, giving a total of 64 Blade servers in the Pod. Typical pod size and expansion requirements are shown below. The storage arrays can be expanded independently from the compute nodes, however they are connected to the pod via the layer 2 switches, and are therefore limited to the size of the array that can be presented over the provisioned 10G cables. Additional ports on the layer 2 switch would be needed. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 45 G-Cloud ITT Interoute Virtual Data Centre Service Appx. E: Interoute Corporate Profile The Interoute Group owns the largest pan-European lit-fibre Next Generation Network, covering the majority of the European Union, from London to Sofia, from Stockholm to Sicily and beyond into the emerging economies of South Eastern Europe, including Turkey. The network is linked to North America's major telecoms hub through our transatlantic capacity, and we serve as a bridge between the Middle East, Africa and the West. Our Company Our core focus is supporting you in achieving your ICT business objectives and satisfying your users by translating your ICT business requirements into solutions which fit your needs now and in the future. Interoute’s product set is innovative, because we develop our services based on customer needs, not purely based on technical capabilities. Since the launch of the Interoute network, customers have trusted us with mission-critical projects such as providing the backbone network for Europe's major mobile operators and digitally broadcasting major events such as the Olympics, elections and prime-time TV shows. We have come to the rescue of some of the world's leading financial institutions, guaranteeing a 24/7 connection with the Middle East during sub sea outages. E-commerce companies entrust their entire business to Interoute when we host their web-servers and customer data in our data centres. Large enterprise customers depend on Interoute for secure connectivity between their offices worldwide. Completed at the end of 2002, Interoute was expanded through the acquisition of GTS/Ebone's metropolitan fibre assets that same year, media services assets in 2003, an Eastern European fibre network in 2004, PSINet Europe/Via's managed hosting services in 2005, a managed services company in Bulgaria in 2006, 51 Degrees a London Metro business and a Swedish hosting company in 2007. Spanning the Continent from Dublin to Moscow, from Sweden to Sicily, Interoute is the only Next Generation Network to cover the majority of the European Union, and beyond into Turkey. In less than a decade of operation, Interoute's network has become key to Europe's digital supply chain, and is now recognized as a leader in providing services to both Carriers and Enterprises. Interoute's infrastructure uniquely supports the rapid deployment of new software-based products and services with high bandwidth demands, such as VOIP, digital media, virtual hosting, managed applications and secure private networks (VPNs). For our enterprise customers we have developed a unique approach to meeting their fast-changing needs: Unified ICT, which offers all enterprise ICT infrastructure as a service delivered from a secure networking platform. The goal is to simplify delivery and management, making it easy and cost effective for customers to adapt their infrastructure to the changing needs of their business. Supporting the concept of Unified ICT are three related ideas: Unified Connectivity, Unified Communications and Unified Computing. This customer focus together with our high capacity network has led to winning the World Communications Award for Best Regional Operator in 2010 against fierce competitors like China telecom and others. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 46 G-Cloud ITT Interoute Virtual Data Centre Service Why Interoute? “Interoute’s pan-European optical network guarantees high speed and quality connectivity for any type of content and almost endless scalability.” Valter Ferraro, Business Systems Manager at Ford Our Customer Approach Our approach is reducing your total cost of ownership, increasing your flexibility and maximising your ICT performance. Having the right ICT infrastructure is vital to your business. You need a provider that gives you the most secure, flexible and cost effective solution possible, one that meets your needs today but can be changed easily and economically as your business changes. Interoute is that provider. We call this approach Unified ICT: creating and managing all Enterprise ICT infrastructures as a service, delivered from a secure networking platform. A virtual private cloud designed around your business, and all your services integrated into a single solution. The goal is to simplify the delivery and management of your ICT infrastructure and make it so flexible that you can change it as often as you need to, easily and cost effectively. It’s an approach which recognises that few enterprises, if any, will move to a fully outsourced model in one go. Rather, we allow customers to move towards it one service at a time, each one integrated with the last, at a pace which suits their business, altering the current solution continually as their business changes over time. Supporting the concept of Unified ICT are three related ideas: Unified Connectivity, Unified Communications and Unified Computing. The Vision: Unified ICT All infratsructure in one place, integrated for optimal costs, security, performance and efficiency Interoute Unified Connectivity The right access technology, transport service and speed Interoute Unified Communication Integrated platform for all real-time communication voice, video and data Interoute Unified Computing Integrated computing platform inherently secure and resilient Unified ICT – Interoute’s approach for reducing your costs and increasing flexibility Unified Connectivity - Connecting your people, buildings and data to the Interoute cloud, in whatever way suits your business. Unified Connectivity is a revolutionary approach to networking services, allowing you to combine self-managed IT infrastructure with outsourced managed WAN in the same solution. Unified Communications - Real time services, either stand-alone or integrated with Connectivity. The key offering in this portfolio is secure, business quality IP communications for voice and video with easy integration to your WAN infrastructure. Unified Computing - Hosting your computing infrastructure in a secure and resilient environment, and supporting them with professional services as necessary. Interoute Unified Computing offers a range of management options from you being in full control, through to Interoute taking full responsibility. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 47 G-Cloud ITT Interoute Virtual Data Centre Service Why Interoute? “Interoute One for Microsoft Office Communications Server 2007 R2 is the future. Our expectation is that we will save at least a minimum of 20% on our telephony costs but I think it will be much more.” Peter van Wingerden, CEO at DQ&A Our Network Interoute owns the largest pan-European lit-fibre Next Generation Network, covering the majority of Europe, from London to Warsaw, from Stockholm to Sicily and beyond into the emerging economies of South Eastern Europe. The network is also linked to North America's major telecoms hubs through our transatlantic capacity, and we serve as a bridge between Europe, North Africa and the Middle East, with a fully operational Point of Presence in the Arab world's most dynamic international hub, Dubai. Network Footprint - Fully owned and close to your offices The network footprint runs more than 60,000 kilometres with backbone/long-haul connectivity to 100 cities and metropolitan area networks (MANs) in 21 of those cities. The building assets comprise over 100,000m2 of space ranging from carrier specification up to world class Data Centre grade. With operations in 29 countries, and with over 200 points of presence (PoPs), Interoute has both the extensive reach and the depth to meet customer requirements at minimal cost. The combined assets represent a total investment in excess of €2.7 billion. Why Interoute? “We are a professional and innovative company that actively looks to the future when developing and producing durable household goods. Interoute has shown that it can take into account our need for support with our time critical business applications. That is one of the reasons why we opted for Interoute when selecting a network operator." Robert Borst, ICT Manager at Brabantia Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 48 G-Cloud ITT Interoute Virtual Data Centre Service Interoute Customers – using the Interoute network Interoute also connects Europe to the world through our extensive third party carrier agreements. We currently have over 100 carrier agreements in place and supply CPE (Customer Premise Equipment) on a global basis. Our Unified Service Portfolio Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 49 G-Cloud ITT Interoute Virtual Data Centre Service Bandwidth - Supplying SDH, Wavelengths and Ethernet connectivity options available across our entire network footprint and beyond. And with Fast Trade low latency is guaranteed. Internet - Providing high performance, high availability, and scalable access to the Internet at port speeds from 64kbps to 10Gbps. Media - Fully hosted and managed high performance streaming and download services that guarantee the secure transmission of material, piracy-free. VPN - Delivering an efficient, scalable and reliable way of connecting your sites together, no matter where they are located, by using a secure, dedicated MPLS network with many connectivity options such as 3G, Ethernet and DSL. Hosting - Enabling your business-critical systems to be outsourced in a securely managed physical or virtual environment. And Co-location gives you a flexible alternative to housing your systems internally. Voice - Powerful, yet simple and secure business quality Voice over IP solution with easy integration to Microsoft Office Communications Server 2007 R2. Infrastructure - Putting you in full control of your network, our Dark Fibre and Co-location provides you with the flexibility of choice over the service platforms you deploy. Our Philosophy Our philosophy is based on 5 key areas and everything we do is geared around it: Affordability without compromise – Interoute is committed first and foremost to providing a cost effective solution combined with the same service quality and performance that you would normally expect from one of the much more expensive ‘premium providers’. The right people in the right place – Europe is not one market but a collection of different markets that need to be dealt with in different ways. At Interoute, we make sure your interface to Interoute is in the best place. To support your company we have a centralised multi-cultural 24x7 single point of contact but for services that need to be delivered locally; our in-country teams are available. Solutions that are designed to be customised – We know that building your solution requires a high degree of understanding about your business; your applications etc. and we believe that no 2 solutions are the same. However, for this to function at its best there needs to be a degree of standardisation so that we don’t use every customer as a test and we can have defined processes that are scalable and repeatable. When we develop anything, we try and make sure that the way it is designed is a modular as possible, so that we can offer bespoke solutions from standard building blocks. Although your solution looks complicated, its component parts are simple. Application Oriented – This is not to say that Interoute will take responsibility to manage your applications. Essentially we mean that a network infrastructure cannot be designed and delivered without knowledge of the applications that are going to use it and we take our responsibilities seriously to sit down with you and understand what applications you have, and Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 50 G-Cloud ITT Interoute Virtual Data Centre Service work with our solutions and sales engineers to design the right network to deliver the performance levels that they need. It’s Better In The Network – Our key philosophy that underpins everything that we do; the network is the best place for delivering what you need. Why Interoute? "Because of Interoute’s large geographical footprint and extensive package of services, Interoute will be able to quickly grow with our changing needs. They offer us the option to provide our stores with new services such as Internet telephony and live video streams." Hans van Breen, Manager Operational Services at WE Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 51 G-Cloud ITT Interoute Virtual Data Centre Service Appx. F: Commercial Conditions Please refer to the associated attachment for Interoute’s standard Terms And Conditions: “UK MSA and Schedule 1 - Interoute Standard Terms and Conditions.docx” The additional Terms and Conditions for Virtual Data Centre Service are available in Appx. G: Interoute Virtual Data Centre Service Level Agreement The additional Terms and Conditions for Managed Hosting are included as an attachment: “Schedule 2H - Additional Terms for Managed Hosting Services.pdf” Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 52 G-Cloud ITT Interoute Virtual Data Centre Service Appx. G: Interoute Virtual Data Centre Service Level Agreement Interoute Virtual Data Centre Service Level Agreement This Interoute Service Level Agreement (“SLA”) concerns the use of the Interoute’s Virtual Data Centre. Unless otherwise provided, this SLA is subject to the terms of the standard Interoute Terms and Conditions. Service Commitment Interoute is committed to delivering 99.99% availability of the “Interoute Virtual Data Centre Platform” as defined up to an including the availability of the hypervisor and the server, storage and switching platform that constitutes the ‘platform’ as monitored within the Interoute network by Interoute monitoring systems. Definitions “Availability” is calculated by the following method; Scheduled ICMP Pings are made to each element of the platform at 5-minute intervals. For the avoidance of doubt, the objective is a measurement of infrastructure availability and not applications. Availability in %= ((Hours of Support Time-Service Downtime))/(Hours of Support Time) All Tests are included in the availability metric. For the purpose of availability measurement, support time excludes maintenance periods. “Interoute Virtual Data Centre Platform” The Interoute Virtual Data Centre Platform or VDC Platform consist of the components that support the creation of a machine by a customer. This includes the switching, network, computing, storage and hypervisors. “Zone” A zone is defined as being the physical location of the data as chosen by the customer at signup. Service Level Failures Only failures due to known Interoute problems in the hardware and hypervisor layers delivering individual server or zone constitute a failure and so only those failure are covered by this SLA. Examples of Failures include power interruptions, hardware problems such as failures to a hard drive or power supply, and failures to the hypervisor environment supporting customer servers. Problems related in any way to the Customer server operating system or any other software on the customer server, or to the actions of customers or third parties, do not constitute failures and are not subject to any remedy by Interoute. In the event Interoute does not meet the uptime commitment, you will be eligible to receive a Service Credit. Service Commitments and Service Credits Service credits are calculated on a monthly basis. If availability of the VDC platform falls below 99.99% service credits in the form of additional VDC resources in the form of a RAM/Hour credit for future use. A Service Credit will be applicable and issued only if the credit amount for the applicable monthly billing cycle is greater than one Euro (€) Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 53 G-Cloud ITT Interoute Virtual Data Centre Service Credit Request and Crediting Procedures In the event that a Service Credit is due to a Customer, Interoute will issue a service credit note in the form of additional RAM/Hour equivalent to the loss of service upon receipt of a Customer’s request. The Customer shall not be entitled to any Service Credits in respect of a claim unless and until Interoute has received notice of the claim in writing within twenty one (21) days of the end of the month for which a credit is requested. Customer must submit a documented claim, setting out the reason for the claim and providing such evidence as shall be reasonably necessary to support the claim. Service Credits will be calculated and credited to the Customer on a monthly basis. Interoute Exclusions Service Credits will not be payable by Interoute to the Customer where the failure to meet a Service Level is caused by any of the following: The fault or negligence of the Customer, its employees, agents or contractors; The Customer failing to comply with the terms of this Agreement; Any event of Force Majeure Maintenance during any Planned Outage; Any outages or degradation to existing Service that may be the result of Customer requested Service changes or upgrades or; Any malfunction of Customer serviced software including a failing shutdown or boot of Customer serviced software; DNS issues outside the direct control of Interoute. For instance, in all cases in which a domain is not managed by Interoute on its own DNS servers. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 54 G-Cloud ITT Interoute Virtual Data Centre Service Appx. H - Unified ICT Unified Information Communication Technology (ICT) is a term first adopted by Interoute in 2009 to describe an approach to creating and managing all enterprise ICT infrastructures, as a service delivered from a secure networking platform. Supporting the development of Unified ICT are the underlying elements of Unified Connectivity, Communications and Computing (ref Cisco). Unified ICT advocates an approach that ultimately all ICT infrastructure (“ICT infrastructure” - currently defined as all servers, core applications, network, PBX, AV functions etc) will be accessed and delivered as services via a network interface. It is similar to some definitions of Cloud Computing in that Unified ICT focuses specifically on the delivery and integration of all enterprise ICT infrastructures but as distinct from most Cloud Computing offers in that it focuses on the user experience regardless of the method of implementation. The Vision: Unified ICT All infratsructure in one place, integrated for optimal costs, security, performance and efficiency Interoute Unified Connectivity The right access technology, transport service and speed Interoute Unified Communication Integrated platform for all real-time communication voice, video and data Interoute Unified Computing Integrated computing platform inherently secure and resilient Figure 7 : Unified ICT - Interoute’s approach for reducing your costs and increasing flexibility The central aim of Unified ICT is to create a more dynamic ICT infrastructure for enterprises and service providers by presenting to them a unified service experience. Unlike Cloud Computing that advocates complete virtualisation Unified ICT recognises that most enterprises are currently not in a position to shift wholesale to a pure virtualised model. Unified ICT focuses on performance and increasingly abstracting the customer from how the service is implemented. Using virtualisation technologies for network, servers and communications Interoute is able to increasingly make the ICT infrastructure highly dynamic allowing customers to add, change and plan far more accurately and efficiently that was ever possible with traditional methods of delivering IT services. To achieve a goal where the customer can “on demand” create a complete, scalable and mission critical IT platform we progressively migrate their current infrastructure to a more and more network based platform thereby allowing Interoute to extend flexibility out to the IT manager. This creates a path for IT managers, who in the main operate dedicated or discrete infrastructure, to take start the process of making their ICT infrastructure simpler to manage, change, specify and scale. Guided by a set of core principles; unified ICT’s central theme is service integration with ongoing open technology choice, controlled by continual reassessment and optimisation of cost, service, security, performance and efficiency. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 55 G-Cloud ITT Interoute Virtual Data Centre Service Core Aim of Unified ICT The core aim of unified ICT is to simplify the creation, delivery and management of ICT infrastructure for the enterprise. This allows the IT manager to focus on delivery of services to their community without being constrained by the underlying delivery infrastructure. Unified ICT gives the IT director an ability to change their system and process environments as their business changes or as technology changes. Implicit in this approach is the removal of traditional ICT procurement models: fixed solution, fixed term and costly changes. The structure of unified ICT is to assume change in the enterprise environment and not penalise the opportunity to undertake improvements or adapt to change. The simplification of the service is realised through the removal for the need for the IT to house and managed complex ICT assets on the office premises. Where there is required an on premise demarcation devices this will converge to a “a triple or quad play set top box” paradigm where the device placed at the customer premise acts as a “service selector” or “service gateway”. The services themselves are delivered by service platforms built into core service provider networks. This is sometimes referred to as services being access via cloud. The distinction between an Enterprise cloud and cloud computing is that the Enterprise cloud is a defined logical domain, secured from the public network, guaranteeing predictability of delivery and performance. The approach changes the way IT services are specified and procured as it implicitly allows for service evolution; thereby changing enterprise IT from a static infrastructure to a more agile model similar to modern multi service carriers who operate multiple services over secured infrastructure with centralised point of control. The degree to which an IT manager can change will increase as unified ICT services develop. The degree of change and creation will increase as the services that today are dedicated and “hard (physical)” become increasingly soft and therefore configurable via automated systems. Unified Connectivity Interoute’s Unified Connectivity (UConn) is a revolution in access technology that simplifies how you connect to our network. UConn is an integrated platform that delivers any service(s) over any access type, enabling you to connect your people, buildings and data in whatever way suits you. Using the new UConn Service Gateway, Interoute extends the core network out to the customer premises and can deliver all of the services shown in the diagram over any access technology. These services can be delivered singularly or more importantly in multiple, enabling you to select a different service mix on a siteby-site basis. Taking into account the depth of coverage, range of services offered and the way that services are abstracted from physical access, Interoute UConn is unique in the market place today. Unlike most other operators, Interoute do not create product ‘silos’ that decreases our ability to innovate and slows our speed to market with new services. Figure 8 : Uconn flexibility - Choose any access type you like Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 56 G-Cloud ITT Interoute Virtual Data Centre Service Benefits UConn delivers true flexibility. By separating the physical connectivity from the services that are available over that connection, you have the ultimate flexibility to change your service mix in line with your business needs and not in line with a 3-5 year telecommunications procurement cycle. To enable this flexibility, all of the UConn enabled products have a harmonised contract & SLA structure, so changing services does not involve a major legal exercise. Additional key benefits The Right Technology for you - Because the UConn platform delivers a range of options, Interoute is committed to delivering the one that is right for you. Our pricing policy also reflects this; for example, charging exactly the same price for a layer 2 (VPLS) and a layer 3 (MPLS) service that uses the same access circuit and service gateway. Embrace Change, don’t penalise it - Modifying a service on UConn enabled sites is now completed by a software change, meaning it can be undertaken mid-contract. Interoute does not make excessive charges to change services, and in cases where physical network elements or locations do not change, there is no requirement to extend your contract. Full feature set - Supporting numerous access option from 3G mobile, DSL and Leased Line to Gigabit Ethernet, UConn is a single ubiquitous platform that delivers the right connectivity based upon your requirements at each individual location. Unified Communication Interoute One is our Unified Communication product. It is a powerful yet simple IP voice proposition for customers who are looking to reduce their costs, with no major additional investment and without compromising on quality or security. Interoute One provides a secure business quality voice over IP solution that gives: Free calls between company offices – no matter where in the world they are Competitive worldwide outbound call rates Worldwide local inbound DDI numbers Centralised management and cost control Interoute One can be delivered over multiple access methods and is designed to seamlessly integrate with existing mixed telephony architectures across a number of countries. All the benefits of IP telephony are now available without the need of purchasing new hardware or embarking on a major change programme. Interoute One delivers free on-net calls, a highly competitive worldwide outbound calling rate card and local inbound DDI numbers without the need of expensive upgrades to existing telephony hardware. Therefore, no matter what the mix of telephony equipment you have, you can benefit from the advantages of VoIP. This saves both time and money. In addition, Interoute has developed Interoute One for Microsoft Office Communications service (OCS). As Interoute One is a network based solution it means that no additional equipment is required and by using our online sign-up facility, the service can be active within 10 minutes. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 57 G-Cloud ITT Interoute Virtual Data Centre Service Interoute One can be easily integrated to the following telephony systems as stand alone or as part of an Interoute IP VPN solution: 1. Interoute One for PBX 2. Interoute One for IP PBX 3. Interoute One for Microsoft OCS The unique power of Interoute One is where mixed telephony architecture is deployed across a number of countries. Interoute One can seamlessly connect to each of the systems allowing all sites to benefit from Interoute One without incurring large expense. Worldwide local inbound numbers Interoute One can provide local inbound numbers for over 40 countries which can then be terminated at any other location on your telephony network. This gives you the ability to provide a local number but manage the calls out of a different country at no additional cost. This is only available if you are accessing Interoute One via an IP solution. For calls received on these inbound numbers, the CLI received from the originating network will be passed transparently to the customer’s telephony platform. However, due to the cascading nature of the CLI handover some variations in the format can occur and IRT can not be held responsible if this occurs outside of its network. A free trial offer To experience the power of Interoute One, apply now for a free trial. This can be easily activated via an on-line application process at www.interouteone.com. Key features Free on-net calls Worldwide outbound calling Worldwide local inbound DDI numbers in over 40 countries Secure connection Business quality VoIP No need to upgrade existing voice solution On-line, real time management reports via dedicated and secure Internet Hub Call barring of certain number types No change to existing telephone number range Per second billing Invoices are presented in PDF and XML format Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 58 G-Cloud ITT Interoute Virtual Data Centre Service Key benefits Fast implementation means cost savings realised immediately A low cost worldwide calls package Easy integration with a mix of telephony systems across a number of countries set-up charges No upfront or hidden costs Bound by commercial contracts and service level agreement Easy to manage – from one web page you can control, monitor and access your entire voice service Call Detail Records (CDR’s) are in a clear and helpful format Trusted by a large number of Corporates For Microsoft OCS In addition to the general features and benefits above, Interoute One for Microsoft OCS provides the following unique features and benefits: Fast, easy and low cost integration Free trial – apply online for a no obligation trial No new hardware required Enables direct Click to Call e.g. from a phone number in an e-mail Outlook contacts becomes instantly the phone book Reduce mobile roaming costs. Roaming is on average 33% of a Corporates mobile bill. Interoute One for OCS can significantly reduce this cost as wherever the internet is available the user can connect to Interoute One Remote office workers can use the same technology they have in their office on their desktop, including their business phone Technical details Interoute One for PBX - Legacy PBX’s can now benefit from VoIP telephony without the need to upgrade hardware to an IP based solution. Interoute One for IP PBX - Connection for IP PBX is via SIP trunking or H323 trunking. Interoute One for Microsoft OCS - Interoute One is the unique solution that unlocks the full potential of Microsoft Office Communications Server 2007 R2 by adding telephony voice services. Interoute is a Microsoft qualified supplier of SIP Trunking for Office Communications Server 2007 R2. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 59 G-Cloud ITT Interoute Virtual Data Centre Service Unified Computing Moving to Cloud Computing is on your ICT development roadmap but you need a trustworthy partner who can provide you with the flexibility needed to make that controlled transition at a speed that suits you. Interoute has developed Unified Computing to solve these issues and make Cloud Computing a realisable option. Interoute’s Unified Computing (UComp) is a comprehensive portfolio of managed hosting services, specifically designed for enterprises and on-line businesses. UComp brings together the ICT infrastructure on which your organisation depends – servers, applications, firewalls, storage and network resources – and by delivering them as a managed service provides higher availability, increased security and unparalleled flexibility, at a greatly reduced cost of ownership. UComp services are also designed to integrate seamlessly with Interoute’s other portfolios – Unified Connectivity and Unified Communication – to create a complete managed ICT solution. UComp gives you a consistent user experience based on the optimal mix of services, either dedicated or virtual. Dedicated Services - These are most suited for demanding applications and high throughput environments, or for businesses where regulatory compliance dictates the use of dedicated devices. Virtual Services - These provide the same experience as dedicated services and are the most cost effective and flexible method for service delivery. By integrating dedicated and virtual services into a single solution, you benefit from the best of both infrastructures. Trusted provider - Many leading enterprises and on-line brands trust Interoute on a daily basis to deliver their business critical systems. These include supporting trading for banks, ticket sales for the aviation industry, social networking for over 100 million members, e-gaming for household names, record management for government, social media networking for 5Gbps of internet traffic, and content management for retail and marketing websites. Securing business - Protecting systems and data is essential, so you need security you can trust. With our dedicated security team, comprehensive service offering, PCI DSS and ISO27001 compliance, you can be confident your systems and data are secure. Reactive & Reliable - UComp is monitored and supported 24x7 by our dedicated specialist based in Geneva and our local engineering teams so your service is always available. Interoute works to the ITIL framework and systems are backed-up daily to ensure your data is never lost. Flexible services - We recognise that ICT infrastructure rarely remains static, with an ever increasing demand for more data. So we have designed UComp to respond quickly to these changing business demands. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 60 G-Cloud ITT Interoute Virtual Data Centre Service Products and Services UComp consists of modular building blocks, giving you the flexibility to build the right solution for your specific business needs. Managed Servers - Reliable application delivery is the key goal of any IT service project. Interoute offers both virtual and dedicated servers for Linux and Windows architectures, including security, back-ups, monitoring, and support for web and database applications including SQL, MySQL, Apache and IIS. Security - Interoute offers security from the network edge to the application. Intelligence in the network provides protection from Distributed Denial of Service attacks. Firewalls provide deep packet inspection, minimising the security exposure. Intrusion Prevention Systems analyse traffic content for dangerous or illegitimate traffic. Regular security and anti-virus updates help keep ahead of threats. Storage & Back-up - Interoute provides a range of storage and back-up options to support demanding applications and availability requirements. The portfolio includes enterprise NAS and SAN infrastructure with Application Awareness, enabling applications to take advantage of advanced storage technologies without the associated CAPEX investment. Traffic Management - Interoute caters for multi-site or multi-service solutions with Global and Local Traffic anagement, as well as load balancing options. Professional Services - To further support your migration to a cloud computing environment, Interoute can provide access to a range of advanced skills and additional resources. Professional Services are offered for: Applications including Databases, Mail, and Web. Networks and Security from layer 1 to layer 7. Storage and Backup for multi-site or more demanding environments. Service and Project Management. Unified Computing at a Glance A flexible hosting portfolio specifically designed to meet your needs Integrates servers, storage and network resources in to a single solution Servers are available as either dedicated, virtual or a mix of both Provides a secure environment Built in resilience reduces business risk Lowers CAPEX and OPEX Provides access to a vast range of technical expertise Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 61 G-Cloud ITT Interoute Virtual Data Centre Service Appx. I - Trouble Ticket Life Cycle Opening a Trouble Ticket A Trouble Ticket (TT) can quickly be raised to our CSC via email, web or telephone. Our CSC agent will obtain the service reference number (Service ID), a brief description of the fault, when the problem started, if the fault is service affecting or non-service affecting, and any test results that you may have generated. The CSC agent will confirm the customer contact for the TT, and a TT number will be issued (which will be referred to throughout the duration of the TT). Time to Respond Upon logging of a reactive incident via the CSC or the Hub the incident is assigned immediately to our First Line NOC Engineers. Proactive tickets identified by our in-house NOC 2.0 monitoring system are targeted to be raised as an incident record within 15 minutes, after this they are assigned immediately to our NOC for the attention of an engineer. Time to Deploy Engineer An engineer is deployed to site within 2 hours in cities where we have local engineering presence, where we do not have presence Cisco Smart net is utilised and their SLA is 4 hours. Access to Ticket Details You can log and monitor trouble ticket progress through the Hub. Fault Management Interoute holds master service agreements with all contracted third party suppliers, individual agreements are entered into for each service with a service level purchased in accordance to the SLA you have purchased. Service agreements between Interoute and third parties are confidential. On Site Troubleshooting Interoute provides a fully managed service and as such will liaise directly with all third parties and Interoute employees sent by Interoute to your site in the course of troubleshooting a problem. In any case, a clear evaluation of the fault would be conducted to ensure focus is directed to the principal failure location, and the time to resolve is optimised. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 62 G-Cloud ITT Interoute Virtual Data Centre Service For faults diagnosed on non-Interoute facilities, both Interoute and the third party provider would exchange sufficient information to allow for efficient fault resolution. For CPE maintenance or replacements Interoute contracts with partners that operate world wide. All relevant parties would work to establish the reason for failure, before a technician is despatched, to ensure that the appropriate resource and expertise is effectively utilised, and that the fault is resolved in line with the terms of the service level agreement. Managing your trouble tickets “Where a trouble ticket has been raised, Interoute would provide an Initial progress update within 60 minutes from issuance of the ticket” Resolved Time Managing your trouble tickets “Where a trouble ticket has been raised, Interoute would provide an Initial progress update within 60 minutes from issuance of the ticket” Interoute aims to resolve faults which cause a loss of service within 4 hours. Unrestricted access to the affected site needs to be arranged by you. The exact fault duration would be calculated as the elapsed time between the fault being reported to CSC and the time when service is restored. Closing a Trouble Ticket Upon fault clearance, Interoute will make at least three attempts to inform you and confirm acceptance of the fault resolution. Each such notification shall be by telephone, email, or the Hub. After 24 hours, if there is no response, Interoute will automatically close the TT. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 63 G-Cloud ITT Interoute Virtual Data Centre Service Appx. J - Escalation Process Interoute has clearly defined and documented escalation procedures for all service affecting faults which occur during the operational phase. A copy is provided at service handover. You may escalate any reported problems if they are not satisfied with the progress of the fault, or if response and repair times have not been achieved. If you wish to escalate the problem to a member of the management team above, then a CSC agent will record the escalation and pass to the next appropriate management level of the Operation Centre team. The CSC will directly liaise with you for any service affecting issues (including troubletickets, outages or proactive corrective/preventative maintenance). From the start of any fault you will be updated periodically in line with the SLA. Escalation would be made by telephone against on the timeframes below. If contact is not established immediately, alternate numbers would be used. Escalation levels, roles, and timings are detailed below for In Hours (effectively extended business hours) and Out Of Hours (all other times), according to defined fault categories: Table 3 - In Business Hours: Monday - Friday 08:00 to 19:00 CET Hours (Mon-Fri 08.00 to 19.00 CET) Major Standard Level Position M1 Central Service Manager 2 hour (DSL 4 hours) 4 hour (DSL 8 hours) 48 hour (DSL 96 hours) M2 Premium CSC Manager 4 hour (DSL 8 hours) 8 hour (DSL 16 hours) 96 hour (DSL 1 x week) M2 Full Service CSC Manager 4 hour (DSL 8 hours) 8 hour (DSL 16 hours) 96 hour (DSL 1 x week) M3 Director, Customer Support 8 hour (DSL 24 hours) 12 hour (DSL 36 hours) 1 x week (DSL 2 x week) M4 VP, Operations and Tech Support 12 hour (DSL 48 hours) 24 hour (DSL 72 hours) n/a M5 GVP, Network and Operations 48 hour (DSL 72 hours) 72 hour (DSL 96 hours) n/a Critical Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 64 G-Cloud ITT Interoute Virtual Data Centre Service Table 4 - Out Of Business Hours Level Updating our Customers Interoute’s NOC liaise regularly with the Customer Support Centres to ensure that the Customer is kept informed with progress reports and anticipated time to repair Position (rota-based) Critical Time lapsed Major Standard M1 Shift Manager 2h DSL 4h 4h DSL 8h 48h DSL 96h M2 Senior Manager 4h DSL 8h 8h DSL16h 96h DSL 1wk M3 Director 8h DSL 24h 12h DSL 36h 1xweek DSL 2wk M4 VP Ops & Tech Support 12h DSL 48h 32h DSL 72h n/a M5 GVP Network & Operations 48h DSL 72h 72h DSL 96h n/a Interoute separates network faults into 3 defined fault categories: Table 5 - Fault Categories Fault Type Description Updates Critical Protected/resilient service hard down or service with both main and back up not working Protected/resilient service with severe service degradation making service unusable Interconnect or platform failure WL, Unprotected SDH and metro fibre Every 1 hour Major Degraded service but usable Protected/resilient service working on back up with no impact to performance Partial loss of service (eg calls failing to one country) First time connections Every 2 hours Standard Single number failures Non service affecting threshold alerts (hosting) Planned Testing Every 24 hours Depending on the severity of the failure Interoute engages the relevant fault diagnosis and resolution activities. The principle for these however remain the same, raise a network trouble ticket (NTT), contact the affected parties, identify the problem, initiate escalation procedure, issue fault status updates, resolve the issue, monitor progress of the faulty service. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 65 G-Cloud ITT Interoute Virtual Data Centre Service Appx. K - The Interoute Hub (Web Portal) Interoute provides its customers a free web portal, called The Hub, with multiple functions and visibility across your Interoute services. All you need to gain access to the Interoute Hub is a web browser and an internet connection which allows access to the public internet. To visit the Hub site: hub.interoute.com Secure Customer Access The Hub is available to users through the use of a secure login username and password. Users are provided a login to the Hub during service handover. Each user receives an email with their unique login details, this comprises of a Username, Password and an Access Key. The user will be blocked if the system receives 3 failed login attempts, at which point Interoute Customer Support Centre (CSC) will have to unblock the user. Additional security features include automatic session timeout after a predetermined period and manual logout. Once you log in and after you enter the applicable account name, you are directed to your unique home page, called ‘Services’. This is the starting point for you to interact with Interoute and track your Interoute services. Figure 9 – The Interoute Hub: Login Screen Your Services Information On this page in the Services list, there are two key pieces of information about your Interoute services: the ‘SID’ and the ‘Friendly Name’. The SID, or Service Identifier – Is a unique reference for each of your Interoute services – an essential reference when reporting issues and interacting with our support organisation. The Friendly Name - is a text description of the service which can be customised by the user. Where applicable this will be pre-populated with the relevant site address. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 66 G-Cloud ITT Interoute Virtual Data Centre Service There are three key regions to this page: Services - The main region of the screen listing services with quick link to perform actions Sidebar - This is always visible, and gives you fast access to the information you want Toolbar - Links to key site functions Figure 10 – The Interoute Hub: your unique home page Search & Filter The services page by default shows a list of active or “In Service” Interoute services. This page allows you to filter this data using a variety of methods. The search box operates on a “Find-as-you-type” basis, so once it has received a couple of characters it will start showing you search results. In this example it has found the string “ser”, this has been matched against various elements on the page “Friendly Name”, Service Status and the Service Type. The user can then cursor down or click on the desired entry to only show those matching the search criteria given. Additionally the user can type a string and hit enter, this will then show anything that matches the string typed in the search box. Finally, to clear the search the user can click the clear button to the side of the search box which will return the user to their default view. Trouble Tickets Through the ‘Ticket’ section the Hub provides online contact to the CSC for Trouble Ticket (TT) management, enabling the user to: Raise a new ticket View tickets View all ticket feedback Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 67 G-Cloud ITT Interoute Virtual Data Centre Service When raising a new ticket, the Hub requires 5 short pieces of information captured. Drop down menu options guide the user to select the Interoute SID that is affected, the service type the fault relates to, the problem type, the impact the fault has on the customer’s network, and a customer contact. Figure 11 - The Interoute Hub: raising a Trouble Ticket Once this key information is captured the user can upload attachments (screen shot of ping results, for example), and provide a description of the fault in a free text field. Clicking ‘Submit’ automatically generates a TT number and an email alert to the CSC to begin managing the TT. A log of all the tickets raised and the status of each is available in the ‘View Tickets’ section. Additional comments and updates plus attachments can be further added to a TT while it is in progress. You can submit feedback to Interoute and view all feedback that has been submitted in the View All Ticket Feedback’ section. This is an effective tool for multiple users to keeping track of group work and outstanding tickets. Figure 12 - The Interoute Hub: Your Trouble Ticket Log Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 68 G-Cloud ITT Interoute Virtual Data Centre Service Orders Within the ‘Orders section’ you can view all open orders placed against your Interoute account and the details of the Service Delivery Coordinator (SDC) allocated to the delivery project. If you have provided Interoute your own Customer Order Reference number at the time of signing the Purchase Order, you can search for it and view it in this section. Expanding the Order view provides all SID line items associated with that unique order, with CRDD (Customer Requested Delivery Date), CCD (Customer Committed Date), Service Type, Status, and Delivery Coordinator details provided. During the delivery process you can directly contact the SDC or Project Manager (as applicable) by clicking the ‘SD Email’ button on the Order page. Figure 13 - The Interoute Hub: Tracking your orders Service Changes A Service Change enables you to alter a range of components for the live services that you currently have with Interoute. Use the Service Change function by selecting the service you wish to change and following the Service Change wizard. Key service change functionality that is currently available via the Interoute Hub includes modifying the service configuration of one or many of your Interoute IP and Voice based services from your desktop. Figure 14 – The Interoute Hub: Apply changes to your Services Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 69 G-Cloud ITT Interoute Virtual Data Centre Service Invoices This option links to a list of your monthly invoices that have been posted to the Hub shortly after their production. When a new monthly invoice is produced, it is posted to the Hub within 24 hours of the completion of the billing run, so it is possible that your new invoice could be posted on the Hub before the paper invoice reaches you in the post. Per each invoice number in this list, all billing information contained in the invoice is available via a PDF version of the actual paper invoice, and in xml format, allowing more in-depth analysis and input to your finance system. For Voice services, monthly Call Detail Records (CDRs) are also available via this list view. Figure 15 – Interoute Hub: Example Invoices available via the Hub Performance Monitoring The Hub enables a user to monitor core network performance, statistics for SLA measurement, and application performance. The level and type of performance monitoring available varies across the service types and is described in greater detail in the following 4 service type groups. 1. The Hub for IP and Managed Ethernet Customers with the following service types will find data & statistics in the Networks section: Internet Access IPVPN Managed Ethernet Each connected site shows an array of statistics, enabling customers to monitor and troubleshoot their services. Reports per Service Bit Throughput Summary Bit Health (errors) SLA – Packet Loss SLA – Availability IP VPN Internet Access Managed Ethernet Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 70 G-Cloud ITT Interoute Virtual Data Centre Service For IPVPN services for example, various statistics are displayed for each PE (Premise Equipment) and CPE (Customer Premise Equipment) sites. An average and a maximum of the Utilisation Percentage and Throughput data are offered for each connected site. Bit Throughput Summary Reports can be carried out for any date period using the calendar navigation tool. See figure 1.1 below. Figure 16 - The Interoute Hub: Bit Throughput Summary Reports Utilisation and Throughput statistics are provided for both the Premise Equipment (PE, Interoute point of presence) and the Customer Premise Equipment (CPE, point of presence at your site end), which is found under ‘Managed CPE’. Comparisons between different lines and graphs showing these statistics are also features provided on the Hub. 2. The Hub for Voice Services Interoute One Arena VVN Reporting and functionality available for these services: Voice Traffic Reports Monthly Call Detail Records Summary Traffic Reporting Customers who are directly connected to the Interoute network can monitor their voice traffic using the Interoute One Summary section. This page displays customer’s call traffic profiles by their Top 10 Destinations, showing minutes terminated and Answer Seizure Ratio (ASR) statistics. Relevant graphs are also shown so that daily, weekly and monthly comparisons can be made. Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 71 G-Cloud ITT Interoute Virtual Data Centre Service Figure 17 - The Interoute Hub: Summary Traffic Report Advanced Traffic Reporting The summary reports page shows a quick snap shot of traffic without having to run a report query. But the Interoute One Advanced Reports section allows customers to run customised reports for troubleshooting or commercial purposes. A user would be required to make a few reporting statistical selections and then decide how to view the data. Reporting selections include: Date period Country and city destinations. Viewing options include a table or chart for traffic data with the following details: ASR - Answer Seizure Ratio PDD - Post Dial Delay BHCA - Busy Hour Call Attempts ACHT - Average Call Hold Time Call Release Code Summary Minutes All voice reports are near real time and reports can be run for well over 6 months. Figure 18 - The Interoute Hub: Advanced Voice Traffic Reports Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 72 G-Cloud ITT Interoute Virtual Data Centre Service Call Detail Records Call detailed records (CDRs) are also uploaded on the Hub on a monthly basis to the Invoice section. CDRs are particularly important for resellers (to have a break down of the bills to further invoice their own customers), however CDRs also enable corporate customers to further analyse traffic profiles per site. The data is provided for downloading in .csv format and consists of the following fields: Figure 19 - The Interoute Hub: Sample Call Detail Records 3. The Hub for Hosting Services Dedicated Hosting Collocation Information available for these services: Alarm notification with service impact Traffic Graphs Device and SLA (Packet Loss) reports Lists of Authorised Contacts, Devices, and Documents Figure 20 - The Interoute Hub: Alarm notification with service impact Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 73 G-Cloud ITT Interoute Virtual Data Centre Service Figure 21 - The Interoute Hub: Alarm notification with service impact Private and Confidential Proposal Reference: RM1557 Date 18-12-2011 74
