Cloud Storage. Lot 1 - Infrastructure as a Service. Version: 3.0, Issue Date: 03/12/2014. Classification: Open

(1)

Classification: Open

Cloud Storage

Lot 1 - Infrastructure as a Service

(2)

Lot 1 - Infrastructure as a Service Service Definition: Cloud Storage, Issue: 3.0

Copyright: MDS Technologies Ltd 201416/12/2014

Other than for the sole purpose of evaluating this Response, no part of this material may be reproduced or transmitted in any form, or by any means, electronic, mechanical, photocopied, recorded or otherwise or stored in any retrieval system of any nature without the written permission of MDS Technologies Ltd.

(3)

Why MDS?

 A tailored cloud solution that fits your business needs

 Full range of cloud hosting options from pure public cloud to hybrid cloud and physical enablement solutions  A support team which is based on the same highly secure campus as our cloud platform

 An assured cloud platform that is independently validated for OFFICIAL and OFFICIAL SENSITIVE data  A fully managed platform, supported up to Operating System

 Over 12 years experience of providing infrastructure services  SC cleared operational support staff

 24/7 support through our ITIL-aligned Service Desk

 Additional professional services such as project delivery and technical consultancy  ISO 27001, ISO 9001, ISO14001 accredited

 Over 12 years experience in supporting Public Sector customers  A privately owned, UK sovereign company

 We are an SME - agile with minimal bureaucracy

PROFESSIONAL, PERSONALISED SOLUTIONS

Summary of service benefits

 Amazon S3 compatible storage API – use applications which currently work with S3 and benefit from UK sovereign cloud storage

 Resilient, scalable and secure storage for a wide range of common use-casesExceptional value – PSN compliant, accredited storage from 4.5p per GB per month

 UK Sovereign – an assured cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff

 Disaster Tolerant – two Tier 3 UK data centres separated by more than 100KM with the option for fully automated storage replication and failover

 Optimised for OFFICIAL – hosted in the UK and operated by SC cleared staff, the service benefits from extensive independent validation (including CESG PGA) that it is properly aligned with CESG Cloud Security Principles making it the ideal service for all data classified at OFFICIAL (including OFFICIAL-SENSITIVE) and legacy IL0-IL4 solutions

 Flexible Connectivity options – Connect via our DDoS protected Internet, a government community network (e.g. PSN Assured service, PSN Protected service, N3 or legacy GCF networks including PNN, GSI, GSE etc.) or by HybridConnect – using your own dedicated circuits such as CPA encrypted tunnels, Leased Lines or MPLSImmediately available in both security domains – zero delay to your project

Product Overview

Cloud Storage from Skyscape is a secure, massively scalable and very resilient next generation storage platform designed to address a wide variety of use-cases.

This service was previously known as ‘API accessible cloud storage’, ‘Backup to the Cloud’, ‘Archive to the Cloud’ and ‘Personal Storage in the Cloud’. In response to feedback from customers and partners, we have simplified our Storage-as-a-Service products by consolidating them into two offerings:

 Cloud Storage – based on Object Storage technology which is natively optimised for cloud storage in terms of scale, resilience and accessibility. This service description provides more information on this service.

(4)

Copyright: MDS Technologies Ltd 201416/12/2014 Traditional storage solutions are typically characterised by large CAPEX expenditure, intensive management and support burden and forever swinging between under-capacity and over-capacity. Cloud Storage benefits consumers as there are no up-front costs and no minimum term commitments. Consumers merely pay for what they actually use, when they actually use it.

Like many cloud storage solutions such as Amazon S3 and Microsoft Azure, Skyscape’s Cloud Storage is a compelling alternative to traditional storage systems and has become the default storage solution for new digital applications.

Additionally, Cloud Storage is the ideal solution for many common storage requirements such as:

 Archiving to the cloud – for organisations looking to migrate their valuable but seldom used data to a cost effective, reliable and secure cloud storage repository (via PSN, Internet and other networks). This releases capacity on your existing storage solutions so you can avoid the cost of upgrading.  Backup to the cloud – a location agnostic (UK based), secure and costeffective alternative to storing

backups on unreliable tape media or expensive local disk solutions. Recover your data even if your primary site suffers a catastrophic failure.

 Personal storage in the cloud – replace your inflexible network drives (e.g. F: drive) with secure, always available cloud storage that can be accessed by any device and from any location. Enhance the durability and availability of your personal data.

 Master data in the cloud – use cloud storage as the primary repository for your existing applications and users. Benefit for a familiar interface and accelerated performance by using the new generation of Cloud Storage Gateways.

The service benefits from extensive assurance that it is optimised for data classified as OFFICIAL or OFFICIAL-SENSITIVE. This is independently validated via both Pan Government Accreditation and PSN Compliance at IL2 and IL3 (and IL4 by aggregation). This enables Public Sector organisations to gain the benefits of secure, purpose built, on-demand resources that meet their stringent information assurance requirements, all on a true utility (pay for what you use) consumption model.

Skyscape’s service has been designed specifically of for the UK public sector and is available only to the UK public sector. The service supports and complies with all relevant areas of the Government ICT Strategy and Information Principles for the UK Public Sector. Skyscape’s datacentres are some of the most energy efficient in the world and as such support the Green Government ICT Strategy in full.

MDS is a reseller, at cost, of this Skyscape service.

Example Use Cases

Simpler Better Cheaper

Organisations wanting to reduce the complexity of managing storage.Cloud Storage provides consumers with new levels of simplicity. No more managing of capacity, file systems, RAID groups – just consume what you want, when you want, how you want. Ideal for consumers that no longer want to manage storage platforms.

Organisations seeking a better way to solve the growing problem of storing increasing amounts of unstructured data.Cloud Storage provides inherently scalable storage with flexible data protection levels on a true utility basis. As a true cloud service, consumers benefit from massive elasticity and optimum security.

Organisations looking to implement low cost, Pan

Government Accredited storage to avoid traditional, expensive Capex solutions.Suitable both for long term archives (digital evidence, medical images, etc) and solutions that have highly variable storage requirements.

Trial Service

(5)

Information Assurance

The Skyscape assured cloud platform is designed and optimised to meet the unique information assurance needs of UK public sector organisations.

 UK Sovereign cloud platform delivered from two secure UK data centres by a UK company with SC cleared UK staff

 Suitable for all data classified at OFFICIAL, including OFFICIAL-SENSITIVE data under the Government Security Classification Policy (GSCP)

 Suitable for legacy IL2, IL3 and IL4 (by aggregation) systems under the Government Protective Marking Scheme (GPMS)

 Extensive independent validation of alignment with the CESG Cloud Security Principles  CESG Pan Government Accredited at both IL2 and IL3

 Accredited PSN Service enabling secure, compliant access via both PSN Assured and PSN Protected networks

 Independently certified against ISO27001, Cyber Essentials Plus and members of the Cloud Security Alliance

 Secure (List X) and resilient (Tier 3) UK data centres facilities capable of hosting data classified at SECRET

Skyscape and MDS staff are Security Cleared and based in the UK

Product Features

The Skyscape Cloud Storage service makes application access to storage stateless and

location-independent, greatly simplifying application architectures and improving flexibility and resiliency. The service provides the following features:

 Ease of Adoption – Developers who have already written an application to leverage Amazon S3 services can easily migrate to the secure, UK hosted Skyscape Cloud Storage service via the S3 compatible gateway

 Supports many third party software applications for backup/archving (e.g. Tessella, Commvault, Riverbed, EMC ViPR, etc)

 Flexibility – Choose the service level and security level you require to match your specific requirements

 Scalable – Innovative object storage technology natively enables data to be stored anywhere within our UK data centres, and for multiple servers and applications to use the same data (avoiding duplication and redundancy)

 Elasticity – the solution scales indefinitely and on-demand allowing unpredictable capacity growth by never requiring storage provisioning ever again

(6)

Technical Features

Skyscape Cloud Storage provides the following features:

 Natively supports REST interfaces for reliable connectivity over the Internet, PSN and other wide-area networks

 S3 Compatible – Leverage hundreds of existing Amazon S3 compatible applications via the Skyscape S3 compatible API

 Wide support of developer languages and frameworks – Simple and secure access using almost any language or framework including .NET, Java, C, Flex, PHP, Python, Ruby and JavaScript with language bindings, as well as offering new modules for Drupal and content-addressable storage (CAS) developers

 Flexible Connectivity options – Connect via our DDoS protected Internet, a government community network (e.g. PSN Assured service, PSN Protected service, N3 or legacy GCF networks including PNN, GSI, GSE etc.) or by HybridConnect – using your own dedicated circuits such as CPA encrypted tunnels, Leased Lines or MPLS

 Manual or Automated Data Transfer – Organisations can choose to either manually upload data or can opt to use a range of automated solutions, such as EMC Networker, CommVault, Riverbed, etc.  No capacity management issues related to LUNS, RAID groups or file systems

 Integrates with existing, native and virtualised, enterprise applications with no change to the application or stack

 Compatible with a range of third party Cloud Storage Gateway appliances such as; EMC TwinStrata, Panzura Alto Cloud Controller, Seven10 StorFirst EAS, StorSimple Appliance, etc. Cloud Storage Gateways can be installed on-premises or in the cloud and provides NAS or SAN presentation of the storage layer

 Assurance – the cloud storage platform is Pan Government Accredited and PSN Accredited at both IL2 and IL3, hosted in highly resilient Tier3, UK sovereign data centres and benefits from a Protective Monitoring solution

 Green – the Skyscape service is based in UK data centres which offer market leading efficiency around power and cooling. A Skyscape solution will generate less Carbon than many other solutions  Geodiversity – the platform spans two UK data centres separated by over 100KMReconfigure virtual

(7)

Service Options

Skyscape provide three Service Levels to choose from:

STANDARD

ENHANCED

PLUS

Service Level

Agreement

99.95%

99.99%

Protection Level

Local Protection

(single site)

Local & Remote

Protection (dual

site)

Local & Remote

Protection (dual

site)

Effective number

of data copies

3

6 10+

Scalability

Unlimited

Retention

Configurable

Protective

Monitoring

Included

Backup/Recovery and Disaster Recovery

Organisations can choose from a range of protection levels.

 STANDARD data is stored in a single named UK Data Centre with data protection using EMC

GeoParity coding which provides a degree of fault tolerance and so improves data durability.

 ENHANCED data is stored in two UK sovereign Data Centres, with a copy maintained in a primary

named UK Data Centre and copied to a geographically remote UK Data Centre. This provides the optimum degree of fault tolerance (including site failure) and corresponding data durability.

 ENHANCED PLUS data is stored in two UK sovereign Data Centres, with a copy maintained in a

primary named UK Data Centre and copied to a geographically remote UK Data Centre. This option provides the highest degree of fault tolerance (including site failure) and corresponding data durability but incurs a significant storage overhead and therefore higher costs.

All service levels also allow for the implementation of versioning which can be useful in allowing data to be reverted to a previous version if the latest version becomes corrupt.

If consumers want to have more control and visibility related to their Disaster Recovery solution, they can design their solution to write data independently to each data centre at our STANDARD service level rather than using our ENHANCED service levels.

Service Levels

Skyscape will use reasonable endeavours to ensure that the availability of the Skyscape service purchased by the consmer in a given calendar month equals the applicable Availability Commitment. To define

(8)

Copyright: MDS Technologies Ltd 201416/12/2014 Skyscape provide both an Availability SLA and Response Time SLA for Storage as a Service as per the following table.

STANDARD ENHANCED ENHANCED PLUS

Availability (monthly*) 99.95% 99.99% 99.99%

Incident response P1 – within 15 minutes

P2 – within 4 hours P3 – within 24 hours P4 – within 72 hours

Service credits 10% of monthly spend 15% of monthly spend 15% of monthly spend

* Availability indication based on an average 730hrs per month. Excludes emergency maintenance.

Unavailability applies to existing data where the data becomes inaccessible due to a fault recognised at the IaaS layer or lower, for example:

 fault is not within the consumers control (applications, user networks, etc.)

 fault is within Skyscape controlled components such as the storage infrastructure, power and physical firewalls and routers etc.

 External connectivity providers (e.g. internet, N3, PSN including legacy GCF networks such as GSI, PNN, etc.) and components colocated at Skyscape are also not included in the availability calculation  Please see the SLA Definition document for more detailed information

In addition, Skyscape also provide an Availability Service Level Target on the Skyscape Portal i.e. the ability to login to the portal to create support tickets and use other functions.

Target Availability (monthly*) Client Portal Availability (monthly) 99.90%

Pricing Model

STANDARD Service Level

Storage Tier Assured OFFICIAL Elevated OFFICIAL

Upto 250TB £0.090 £0.110

251TB to 500TB £0.075 £0.080

501TB to 1000TB £0.055 £0.060

1001TB+ £0.045 £0.050

Pricing is per GB per month

Tier is based on the average consumption at the end of the month based on daily average measurements. For example, if the volume of consumer data peaks on one day during the month at 750TB, but the average across all days in the month is measured at 500TB, the all billing for that month will be based on the 251TB-500TB tier rate.

ENHANCED Service Level

Upto 250TB £0.110 £0.170

251TB to 500TB £0.090 £0.140

501TB to 1000TB £0.070 £0.100

1001TB+ £0.060 £0.090

(9)

Copyright: MDS Technologies Ltd 201416/12/2014 Tier is based on the average consumption at the end of the month based on daily average measurements. For example, if the volume of consumer data peaks on one day during the month at 750TB, but the average across all days in the month is measured at 500TB, the all billing for that month will be based on the 251TB-500TB tier rate.

ENHANCED Plus Service Level

Upto 250TB £0.420 £0.780

251TB to 500TB £0.420 £0.780

501TB to 1000TB £0.420 £0.780

1001TB+ £0.420 £0.780

Pricing is per GB per month.

Tier is based on the average consumption at the end of the month based on daily average measurements. For example, if the volume of consumer data peaks on one day during the month at 750TB, but the average across all days in the month is measured at 500TB, the all billing for that month will be based on the 251TB-500TB tier rate.

Ancillary Options

The Skyscape Pricing Guide provides a comprehensive catalogue of pricing; including all ancillary service options available to consumers when used in conjunction with Skyscape Cloud Storage. Ancillary options include:

 Secure Remote Access options for both the Assured OFFICIAL and Elevated OFFICIAL cloud platforms

 Offline facilities to support data ingestion and extraction

 Protected Cross Domain Zone – A secure managed or self-managed area that can enable citizen access over the internet to data hosted on the Elevated domainFlexible Connectivity options – Connect via our DDoS protected Internet, a government community network (e.g. PSN Assured service, PSN Protected service, N3 or legacy GCF networks including PNN, GSI, GSE etc.) or by HybridConnect – using your own dedicated circuits such as CPA encrypted tunnels, Leased Lines or MPLS

Other ancillary options are available and can be found in the Skyscape Pricing Guide.

Related Services

This service may be bought in conjunction with the following other MDS G-Cloud services:  Compute as a Service

 Managed Server  Managed Backups

(10)

Appendix

On-boarding and off-boarding On-boarding

Skyscape will create the consumer’s Primary Administrator account and send the consumer a Welcome Pack which includes the URL for the Cloud Storage service and associated authentication details.

The consumer is then able to use these details to configure their application (e.g. GeoDrive, Cloud Tiering Appliance, Documentum, etc) and begin using the service.

As Skyscape has two UK DC’s, a consumer can request to be deployed into a specific one at the time of the order if they require. Whilst unlikely to ever be rejected, this remains at Skyscape discretion.

Off-boarding

Prior to terminating the contract, the consumer is able to transfer all their data out of the solution (e.g. using the Skyscape API to retrieve data).

When the organisation terminates their agreement with Skyscape, Skyscape ensures all of the organisation’s data is deleted.

Service management

As a true Cloud service aligned to the NIST definition of IaaS, the service is designed to be self managed via the secure online Skyscape portal (or API) which provides common Service Management functionality and addresses standard requirements.

On rare occasions, Skyscape may decide to assign an experienced, qualified ITIL Service Delivery Manager to some Consumers. In these cases, the SDM will provide additional assistance with reporting, incident escalation and continual service improvement, at all times following Skyscape’s ISO20000 certified ITIL-based process framework.

For Organisations that require more of a managed service, Skyscape work with MDS to provide a Managed Service wrapper around the Skyscape IaaS.

Service constraints

Skyscape will adhere to the following in terms of maintenance windows;

 “Planned Maintenance” means any pre-planned maintenance of any of the infrastructure relating to the Service. Planned Maintenance activity may result in periods of degradation or loss of availability depending on the nature of the activity required. In such cases, Skyscape shall provide affected Customers with at least fourteen (14) days advance notice of the Planned Maintenance.

 If during Planned Maintenance there is a loss of availability to the Service, an SLA event will be triggered. However, this time shall be excluded in the availability calculation but will be included in monthly service reporting related to the Service.

 “Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the Service. Whenever possible, Skyscape shall: a) provide affected Customers with at least six (6) hours’ advance notice and b) carry out the emergency maintenance between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday or between the hours of 08:00 and 12:00 (UK local time) on Saturday or Sunday unless there is an identified and demonstrable immediate risk to Customer environment(s). Emergency maintenance may result in periods of degradation or loss of availability depending on the nature of the activity required.

 If during Emergency Maintenance there is a loss of availability to the Service, an SLA event will be triggered. However, this time shall be excluded in the availability calculation but will be included in monthly service reporting related to the Service

Training

Skyscape have created a number of videos, help guides, manuals and FAQs to help train and instruct users so that are up and running quickly and easily.

(11)

Formerly known as ‘API accessible Cloud Storage’, ‘Backup to the Cloud’, ‘Archive to the Cloud’ and ‘Personal Storage in the Cloud’. Consumers of these services should use this service instead of the previous ones.

Billing for the service is monthly in arrears.

Payment can be via Purchase Order and Direct Debit. Service lead time

Setting up a new organisation will typically be completed within one day from acceptance of order. Shorter deployment times are typically achieved and can be prioritised upon request. Once set up Organisations have instant access to additional compute and storage resources with no notice period required as they manage this themselves.

Termination Terms

At the point of termination, all consumer data, accounts and access will be permanently deleted, and will not be able to be subsequently recovered or restored.

Costs

There are no termination costs for this Service. Consumers are responsible for extracting their own data from the platform if required.

Skyscape may make an additional charge for transferring data out of the service. Data restoration / service migration

For service migration, Skyscape allows existing data to be migrated to and from the platform via the Skyscape API. In many circumstances, Skyscape can help facilitate a bulk migration to the platform using offline data ingest and extraction – please ask for details.

Customer responsibilities

The control and management of access and responsibilities for end users including appropriate connectivity, security and accreditation if required.

Where access is required over Government Secure Networks such as N3 or PSN, the consumer is responsible for adhering to the Code of Connection.

Management and administration of layers above the IaaS (e.g. the systems that utilise the Cloud Storage platform). As a core benefit of the Assured Cloud Platform, consumers are expected to self-manage the environment including creating and deleting data.

Consumers must be aware of the variable nature of the billing based on usage.

The consumer is also responsible for ensuring only appropriate data (e.g. OFFICIAL, OFFICIAL-SENSITIVE, IL3, etc) is stored and processed by applications on this environment and that they comply with the Skyscape Security Operating Procedures (SyOps) and other information assurance requirements as specified in Skyscape System Interconnect and Security Policy (SISP) and associated accreditation documentation sets.

Financial recompense model

If the service level falls below the stated availability percentage (excluding Planned and Emergency maintenance periods), consumers will be eligible for service credits on affected VM’s only. Service credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the failure occurred (to be applied at the end of the billing cycle).

(12)

Copyright: MDS Technologies Ltd 201416/12/2014 Service Credit ENHANCED PLUS Service Level 15% of monthly spend

Client Portal 1% of monthly spend per 1% below service level target or part thereof

Technical requirements

The consumer is responsible for the procurement or development of the application and the correct implementation of support for the EMC Atmos API or the compatible Amazon S3 API.

Consumers have a number of options to choose from with Skyscape to access their environment dependant on their requirement. The list below provides a guide to demonstrate what is possible but may require further engagement with Skyscape to explain and validate further:

Assured OFFICIAL (PGA IL2) - Lower security domain

 Standard Internet connectivity over common protocols (HTTP, HTTPS, SSH, etc)

 N3 – for access to the Health and Social Care community. You will be required to complete the N3 Information Governance Statement of Compliance process

 PSN Assured service – You will need to be a PSN Service Provider or a HMG customer that has PSN certification.

 HybridConnect – private circuit solutions including:

 CAS(T) compliant connections (e.g. Leased Line, MPLS, etc)

 non-CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption

 Site-to-Site VPN using standards based IPSEC solutions  Dedicated fibre connectivity within Ark Data Centre Elevated OFFICIAL (PGA IL3) - Higher security domain

 Preferred connectivity is over a Government Community Network such as N3 or PSN

 N3 – for access to the Health and Social Care community. You will be required to complete the N3 Information Governance Statement of Compliance process (additional controls may need to be implemented to enable N3 access to the higher security domain)

 PSN Protected service - You will need to be a PSN Service Provider or a HMG customer that has PSN certification.

 Legacy GCF networks such as GSI, GSE, PNN, etc via the PSN Protected service  Skyscape Secure Remote Access service

 HybridConnect – private circuit solutions including:

 CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption

 non-CAS(T) compliant connections (e.g. Leased Line, MPLS, etc) using additional CPA/PEPAS overlay encryption

Cloud Storage. Lot 1 - Infrastructure as a Service. Version: 3.0, Issue Date: 03/12/2014. Classification: Open

Cloud Storage

Lot 1 - Infrastructure as a Service

Contents

Why MDS?

Summary of service benefits

Product Overview

Example Use Cases

Trial Service

Information Assurance

Product Features

Technical Features

Service Options

STANDARD

ENHANCED

ENHANCED

PLUS

Service Level

Agreement

99.95%

99.99%

99.99%

Protection Level

Local Protection

(single site)

Local & Remote

Protection (dual

site)

Local & Remote

Protection (dual

site)

Effective number

of data copies

3

6

10+

Scalability

Unlimited

Unlimited

Unlimited

Retention

Configurable

Configurable

Configurable

Protective

Monitoring

Included

Included

Included

Backup/Recovery and Disaster Recovery

Service Levels

Pricing Model

Ancillary Options

Related Services

Appendix