> Service Overview Page 2
> Backup & DR Page 4
> Data Restoration Page 5 > Perimeter Security Page 6
> On-boarding & Off-boarding Page 11
> Migration Page 11
> Service Management Wrap Page 13
> Service Levels and KPIs Page 14
> Training Page 18
> Ordering and Invoicing Page 18
> Termination Page 18
> Customer Responsibilities Page 19
About the Virtual
Private Cloud
The Secura virtual private cloud (VPC) platform offers all the benefits of a traditional private cloud, augmented with the flexibility and scalability usually associated with hyper-scaling public cloud platforms. Services on your cloud can be provisioned
rapidly and scaled up and down seamlessly to suit the needs of your organisation and you only ever pay for what you need now, with zero waste.
Private and Secure
The Secura virtual private cloud platform is designed and implemented in-line with security best practice reference architecture and uses enterprise grade VMware vSphere virtualisation and the VMware vCloud Director management interface.
The VPC infrastructure is available from multiple Tier 3 + ISO 27001 accredited data centres based in
Document:
Contents
Virtual Private Cloud
Secure, scalable and resilient cloud
Virtual Private Cloud
Service Overview
Secura propose to provide a service based on our Virtual Private Cloud (VPC) service, this service is based on VMware vSphere Enterprise virtualisation software with a vCloud Director powered management layer which enables secure multi-tenant services and the flexibility to subscribe to resources as required.
Through careful selection of technologies and innovative developments from the experienced cloud services operations team, Secura have created a service that stands out from the cloud.
Benefits include:
> Flexible contract terms
> Granular scalability with transparent unit pricing
> Secure dedicated virtual data centres
> Self-service or managed service options
Technical features of the service:
> Guaranteed performance levels (compute and storage)
> High availability for all workloads
> Isolate applications using virtual networks
> Choice of operating systems
Flexible Terms - Simple Pricing
VPC customers can choose between short, medium and fixed term contract lengths (discounts are provided based on contract length).
The VPC service makes it very simple to scale services up as additional resource is required without requiring outages1, unit pricing is provided for all VPC compute and storage resources ensuring that
customers have a clear understanding of costs.
Additionally, customers can agree parameters to build flexibility into their VPC contract to enable downscaling should their resource requirements reduce.
Management
The service is offered as a pure Infrastructure as a Service (IaaS) offering (unmanaged) or customers can opt to subscribe to Secura’s managed service offerings from our extensive portfolio. For full details of managed service pricing, please see the ‘Additional Services’ section of the VPC Pricing Document.
The End of ‘Noisy Neighbours’
One of the historical barriers to the adoption of multi-tenant services has been the concern regarding the performance impact of “noisy neighbours”. This phenomenon affects cloud services that do not have the ability to control the impact that one customer may have on others sharing the same infrastructure.
At Secura we have carefully selected technologies and developed customisations to our cloud environment that ensure that our customers do not suffer from this unpredictable performance issue.
We have designed our service to provide predictable performance at all times:
> We don’t contend hypervisor memory – you are guaranteed 100% of the RAM resource you pay for
> We offer uncontended or contended CPU resource
> We don’t over contend CPU resource – we contend at a maximum of 5:1 physical to virtual CPU cores which ensures that our hypervisor CPUs don’t typically exceed 50% utilisation
> We provide various storage performance tiers with guaranteed minimum levels of performance and the ability to burst beyond the guaranteed levels
Compute Resource
The VPC provides compute resource in granular units; from 1GHz CPU and 1GB RAM. Resources are charged based on the amount of CPU and RAM allocated per month. Compute resource allocated to individual virtual machines can be increased or reduced as required.
Each GB of virtual machine RAM includes an allocation of 0.75GHz CPU resource. Additional CPU resource is available for CPU intensive workloads.
Individual virtual machines can be allocated up to 1TB RAM and up to 64 vCPU cores. Virtual CPU cores are available up to a maximum of 2.5GHz clock speed.
Storage
Add Storage Quickly - Migrate with No Downtime
Storage can be added to the virtual data centre within minutes. Services can be easily migrated between storage tiers without downtime should there be a change in performance requirement.
Storage Tiers:
Storage Tier Guaranteed IOPS per TB Burstable IOPS per TB
ST75 75 300
ST150 150 600
ST300 300 1200
ST600 600 2400
Storage Performance Guarantees:
NOTE: The performance guarantee is applicable to each virtual machine and does not span multiple virtual machines within your virtual data centre.
Virtual Machine Allocated Storage
(TB) Performance TierStorage Minimum IOPS Guaranteed Burstable IOPS
VM1 2 ST150 300 1,200
VM2 0.25 ST300 75 300
Backup and Disaster
Recovery Options
Secura has partnered with CommVault, the world’s leading supplier of data protection and life-cycle management software to the managed services market.
In addition to the standard service, we offer customised services based on specific customer requirements.
Standard Service
With the agentless backup service, as the name suggests, no agent installation is required as the backup is performed at the virtual machine level. The agent based backup requires the installation of a CommVault backup agent which provides additional application specific backup and restore capabilities such as granular restore functionality.
For full backup pricing, please view the VPC Pricing Document.
Backup Guide:
Backup Variant Ideal For
Agentless Lower utilisation servers (particularly storage I/O).
Operating systems which are not supported by CommVault backup agent.
Agent Based Busy database servers or servers with high I/O. Advanced recovery capabilities enabled by
application specific agents (e.g. SQL, Exchange etc.).
Physical servers and virtual servers running on unsupported hypervisors.
Disaster Recovery
Disaster recovery capabilities are built into the VPC service with various replicated storage options available between VPC locations. In the event of a disaster affecting your primary VPC location your protected resources will be recovered in another VPC location.
Secura can also provide an active-active environment if required with services split over two VPC locations. Disaster Recovery pricing is transparent and based on a compute reservation and a per TB of protected data basis and the recovery point objective (RPO) time you want to achieve. Full details can be found in the VPC Pricing Document.
Data Restoration
Perimeter
Security
VPC platforms have a number of options when it comes to perimeter security and application load balancing.
VMware Edge Gateway
VMware Edge Gateway provides a simple, robust and cost-effective perimeter security and load balancing capability. The Edge Gateway appliance is available in a single (non-HA) or dual (HA) configuration.
Firewall Performance:
Compact Edge Large Edge
Firewall Performance (Gbps) 3 Firewall Performance (Gbps) 9.7
Concurrent Sessions 64,000 Concurrent Sessions 1,000,000
IPSec VPN throughput 0.9 IPSec VPN throughput 2
Load Balancing Performance:
Large Edge X-Large Edge
vCPU 2 vCPU 2
Memory 1 GB Memory 8 GB
Load balancer throughput – L7 Proxy
Mode (Gbps) 2.2
Load balancer throughput – L7 Proxy
Mode (Gbps) 3
Load balancer connections / sec – L7
Proxy Mode 46,000
Load balancer connections / sec – L7
Proxy Mode 50,000
Load balancer concurrent
connec-tions – L7 Proxy Mode 8,000
Load balancer concurrent connections –
L7 Proxy Mode 60,000
Load Balancing Options
Additional load balancing options are available in the form of the Citrix NetScaler Virtual Appliances. Full details of the monthly cost for these options, please refer to the VPC Pricing Document.
Juniper FireFly
Customers who wish to add additional protection to their platform can take advantage of a range of additional firewall protection offered by the Juniper Firefly security solution available on the VPC.
Powered by Juniper Networks Junos operating system, Firefly Perimeter delivers advanced security and rich networking capabilities in a virtual machine format for enterprises and service providers who need to protect the perimeter or edge of their private or public cloud environments.
Moreover, network and security administrators can rapidly provision and scale firewall protection to meet dynamic demand with Junos Space Virtual Director, an intelligent, automated life cycle management application that sits on top of the Junos Space platform. When combined with the power of Junos Space Security Director, administrators can also significantly improve security policy configuration, management, and visibility of both hardware and virtual assets from a common centralized management platform.
High Availability (HA)
Firefly Perimeter provides mission-critical reliability, supporting chassis clustering for both active/active as well as active/passive modes. The HA functionality provides full stateful failover for any connections being processed as well as for cluster members to span hypervisors. When Firefly Perimeter VMs are configured in a cluster, the VM synchronizes connection/session state and flow information, IPsec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. As a result, not only is the session preserved during failover, but security is also kept intact. In an unstable network, Firefly Perimeter also mitigates link flapping.
Performance
The Firefly Perimeter solution is optimized to leverage multiple virtual CPUs to maximize packet processing and overall throughput in the virtual environment. Each Firefly Perimeter VM also has multiple virtual network interface cards (vNICs), which can be connected to various virtual networks to simultaneously protect
multiple zones of similar VMs. Operating from within the virtual fabric, Juniper Networks Firefly Perimeter provides both the best of both worlds - strong security with the performance needed to support cloud environments.
Below: Firefly Performance Figures
Metric Performance
Firewall (UDP 1514B puts) 4.4 Gbps
Firewall (IMIX) 1.1 Gbps
Firewall Ramp Rate (TCP) 22K CPS
Firewall Latency (512B UDP) 107 Micro Sec
Firewall IPv6 (UDP 512B pkts) 1.46 Gbps
NAT (UDP 1514B pkts) 4.4 Gbps
NAT (IMIX) 1.1 Gbps
NAT Ramp Rate (TCP) 19K CPS
IPSec (3DES+SHA1, 1514B) 294 Mbps
IPSec (3DES+SHA1, IMIX) 132 Mbps
IPSec (3DES+SHA1, 64B) 50 Mbps
IKE Rate (3DES+SHA1, V1 or 2) 71 Tunnels/Sec
EWF (44KB File) 251 Mbps (650 CPS Load)
SAV (Allscan 44KB File) 280 Mbps (720 CPS Load)
HTTP Throughput (Response Content – 44KB File) 740 Mbps
HTTP CPS (Response Content – 64 bytes) 3000 CPS
Intrusion Prevention Service
The Juniper FireFly Perimeter virtual appliance is a fully featured IPS enabled firewall with subscription to the optional IPS license.
Feature Feature Description Outcomes
Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context.
Minimizes false positives and offers flexible signature development.
Protocol decodes More than 65 protocol decodes are supported along with more than 500 contexts to ensure proper usage of protocols.
Accuracy of signatures is improved through precise context of protocols.
Signatures There are more than 8,500 signatures for identifying
anomalies, attacks, spyware, and applications.
Attacks are accurately identified and attempts to exploit a known vulnerability are detected.
Traffic normalization Reassembly, normalization, and protocol decoding are provided.
System overcomes attempts to bypass other IPS detections by using obfuscation methods.
Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are
provided.
Your network is already protected against any new exploits.
Recommended policy Attack signatures are identified by Juniper’s Security Team as critical for the typical enterprise to protect against.
Installation and maintenance are simplified while ensuring the highest network security.
Active/active traffic monitoring IPS monitoring includes active/active Firefly Perimeter chassis clusters.
Support for active/active IPS monitoring is included.
Packet capture IPS policy supports packet
capture logging per rule. Users can conduct further analysis of surrounding traffic and determine further steps to protect target.
Juniper Secure Analytics
Juniper Networks JSA Virtual Appliance is a virtualized platform that provides Secure Analytics functionality.
JSA Virtual Appliance can be deployed as an all-in-one appliance or in a distributed setup as a console, event, or flow processor. JSA Virtual Appliance can also be deployed as a store and forward event collector.
JSA Virtual Appliance is designed to run with VMware, and requires a configuration with a minimum of two CPUs and 8 GB of RAM. It processes a maximum of 1,000 events per second and 50,000 flows per minute.
Features:
> Collects all event and flow data in one place
> Provides graph and dashboard reporting on event data
> Enables taking proactive action(s) against security threats with flow detection
> Uses analytics engine to detect violations and anomalies
> Provides built-in support for Geo IP and reputation feeds
Juniper Secure Analytics pricing is based per appliance, per month. For details please view the VPC Pricing Document.
On-Boarding
and Off-Boarding
Secura will engage with and fully support customers throughout the on-boarding and off-boarding process, to ensure their migrations runs efficiently, with minimal disruption to services.
On-Boarding
As part of the engagement process, Secura will work with the customer on an initial migration or setup plan which will detail the key objectives to smoothly on-board the customer.
The migration plan will also outline time-scales for completion as well as providing sufficient opportunity for testing of the service.
Once the on-boarding process has been completed and the customer has accepted that the service is operational, the service will be made available or “go-live” and a customer handover document will be provided. Please note that the “go-live” date will commence the billing period.
On-Boarding Migration
Secura will provide assistance with the migration of the existing virtual machines in the following areas:
> Develop and agree a migration plan in partnership with the customer
> Attend regular migration planning and progress review conference calls throughout the migration
> Provide out-of-hours assistance throughout the migration period where required
> Create a site-to-site VPN to the existing provider’s infrastructure to enable secure movement of data between hosts and storage devices
Off-Boarding
Secura are committed to ensuring that customers receive the same level of service throughout their entire time as a customer.
Once a termination date has been agreed between Secura and the customer (please refer to the Terms and Conditions Document which will detail termination terms depending on circumstance) the customer may request support for the following off-boarding activities:
> Migration to another service provider
The above list is not exhaustive and Secura will support the customer as reasonably required to off-board the service as effectively as possible.
Off-Boarding Migration
If a customers decides to move their services away from the VPC, Secura will work closely with the customer and the new supplier to ensure the migration runs as smoothly as possible.
Service Management
Wrap
Secura is focused on delivering consistently high service levels and continues to invest heavily in
developing and improving its Service Management processes. Our commitment to Service Management is best evidenced in the satisfaction of our existing customers and by our ISO accreditations which are regularly audited to protect the value and trust placed in the standards.
UK Operations Team
Day-to-day service delivery is performed by our UK operations team. The team is staffed with
experienced technical engineers who have expertise and qualifications relevant to the technologies and services we provide to our customers. We continue to invest in the operations team with specialist
training and certifications. We are continually looking to add excellent people to this team, average doesn’t cut it.
The operations team are available during core business hours for all service related issues and queries. Secura provides 24 x 7 monitoring and P1 (emergency) incident management through an on-call system with calls handled by a 24 x 7 operator. This ensures that you can always speak to someone who will route your issue to the on-call engineers or escalate as necessary.
Service Desk
Our service desk is used for all areas of service delivery including; incident and problem management, change planning through to deployment and alerting/reporting against our service related target SLAs. The ITIL framework is leveraged throughout our service management process as is evidenced through our ISO 20000 accreditation.
Customers can access the service desk through a web portal, via email or by telephone and speaking to one of the operations team directly. There is a clear line of escalation within the operations team to the
operations team manager and up to director level.
Dedicated Service Manager
We promote engagement with our customers and ensure your Service Manager knows your service both technically and commercially to ensure you are driving value from your investment in a Secura solution.
Service Levels
and KPIs
Every customer platform on the VPC platform is backed by service level agreements, with key performance indicators (KPIs), which must be met by Secura in performance of the managed service.
Regular service reviews with customers provide transparent feedback on performance against agreed SLA targets, with service credits available for customers in the event that agreed KPIs are not met.
Below is a an overview of service levels for various VPC configurations, our incident and change management reporting structure and details of KPIs. The complete SLA can be found in the Terms and Conditions document.
Service Levels
Service Level 1: Secura VPC Service:
Description: Availability of a virtual machine hosted on the Secura VPC service.
Service Level Failure: Service failure is when a virtual machine fails the Service Availability.
Service Availability Resolution Time Service Credit Points
< 99.99% 5 – 60 minutes 1 hour – 4 hours 4 hours plus 50 100 150
Incident Reporting and Change Management
Incident reporting and change management is tiered to allow the Secura Service Desk team to respond to requests in a timely, effective and appropriate manner.
Each priority level and change management category has an associated performance KPI, to give customers a very clear indication of how Secura should respond to the request and within what time-frame.
Incident Impact Classification:
Impact measures the effect of an incident on business process and is classified as follows:
Impact Classification Impact Description
High The service is completely inaccessible by all users and/or customers.
Medium A significant amount of users/customers experience an interruption to the normal operation of the service. Low The service is operational but degraded performance is experienced for a small percentage of users or customers. Single User faults.
Incident Urgency Classification:
Urgency measures how long it will be until an incident has a significant impact on the business. It is classified as follows:
Urgency
Classification Urgency Description
High The incident has immediate impact and is ongoing.
Medium The incident will impact the business within the next 12 hours
Low The incident will impact the business within the next 5 days
Incident Priority Matrix:
To the extent that Service Levels or KPIs relate to the management or resolution of an incident, the following Priority Matrix shall apply:
Priority (P) Matrix Impact
High Medium Low
Urgency High P1 P2 P3
Medium P2 P3 P4
Change Requests:
Priority Classification Change Request Type
Emergency Emergency changes are changes that need to be urgently performed owing to the existence of a major fault, the presence of a security risk or where failure to urgently undertake the change is likely to result in a loss of service or exposure to significant risk.
Standard Standard changes are defined as pre-agreed activities which have been confirmed as low risk or non-service affecting.
Minor A change not causing an outage or impact to performance, and does not require scheduling.
Complex The ‘Complex’ change category is reserved for any change which carries an identified risk or impact. This category is also reserved for changes which require detailed input from a number of different teams/organisations to execute the change successfully.
Key Performance Indicators
Key Performance Indicators (KPIs) are the measures that Secura use to assess the performance of our management of customer services across a number of key areas.
Key Performance Indicators:
Service Line KPI Metric KPI
Service Desk Availability KPI:
availability of Incident and Problem Management Services.
Incident Management Service Availability: 08.30 – 18.00 Monday to Friday
excluding bank and public holidays in the UK. Except Priority 1 incidents which are 24x7x365.
Problem Management Service Availability: 08.30 – 18.00 Monday to Friday
excluding bank and public holidays in the UK.
Responsiveness KPI:
Time taken to respond to the initiator in respect of calls made to Secura’s Service Desk or notifications from automated monitoring, based upon the severity classification.
Priority 1 - Response within 30 minutes - Target fix within 4 hours Priority 2 - Response within 2hour - Target fix within 12 hours
Priority 3 - Response within 4 hours - Target fix within 5 Business Days Priority 4 - Response within 1 Business Day - Target fix within 20 Business
Days
Change Request Management
Service Hours Availability KPI:
Availability of the Change Request Management Services.
Monday to Friday 09:00 to 17:00 excluding bank and public holidays, except emergency changes which are 24x7x365.
Responsiveness KPI:
Time taken to respond to change requests, measured from the time when Secura first became aware of the request until the change request initiator receives an initial response.
Emergency Changes: Evaluation within 2 hours
Schedule and execute within 4 hours (by mutual agreement)
Standard Changes: Evaluation within 2 Business Days
Schedule and execute within 5 Business Days (by mutual agreement)
Minor Changes: Evaluation within 3 Business Days
Schedule and execute within 10 Business Days (by mutual agreement)
Complex Changes: Evaluation within 5 Business Days
Schedule and execute within 20 Business Days (by mutual agreement)
Hardware Maintenance
Third party management /
resolution In line with associated maintenance agreement for the Hardware
Data Restoration
Restore time:
Time taken in respect of restores requested by the Client, measured from the time Secura first became aware of the request. (Service available during normal Business Days)
Recovery Point Objective: to be agreed and defined within the Operational
Procedure Guide
Recovery Time Objective: to be agreed and defined within the Operational
Procedure Guide
Response to request for System or Application Restore (meeting Priority 1 Incident criteria): within 1 hour
Commencement of System or Application Restore (meeting Priority 1 Inci-dent criteria): within 2 hours from response
Response to request for File Restore: within 4 hours
Training
No formal training will be provided but depending on the level of management the customers require with the service, expert support will be available via the Secura Service Desk.
There are also a range of support materials and guides available on the Secure Knowledge Base at http://securahosting.com/knowledge-base.
Ordering
and Invoicing
Orders and quote requests should be sent to [email protected]. On receipt of an order or quote request, a member of the Secura commercial team will contact the customer to provide more details and take them through the order process.
Secura invoice for all services as below:
> Invoices are raised monthly in advance for all recurring charges
> Non-recurring charges relating to setup of services, are included in the first recurring invoice
> Any charges that are dependent upon variable usage will be invoiced monthly in arrears For full details of payment terms, please refer to the Terms and Conditions Document.
Termination
The customer may terminate the Service at any time upon thirty 30 days’ prior Legal Notice to Secura provided that the Client pays a charge to Secura in an amount equal to:
> Any third party cancellation charges related to the provisioning or termination of the Service(s)
> All non-recurring Charges detailed in the GCSO (including any non-recurring Charges that were waived by Secura at the time of the GCSO) for the terminated Service(s) that remain unpaid
Either Party may terminate this Agreement immediately on Legal Notice to the other Party if any of the following events occurs:
> Material breach of the Agreement which has not been remedied within thirty (30) days
> Bankruptcy
For full details on termination, please refer to the Terms and Conditions Document.
Customer
Responsibilities
Please see the Terms and Conditions Document for full details on customer responsibilities.
In summary, the customer shall:
> Comply with all terms of the Agreement and the Secura AUP
> Provide complete and up-to-date information
> Provide a technical contact who will provide timely responses to requests relating to the service
> Ensure all license conditions are met
> Notify and liaise with Secura in relation to any external testing (PEN / DDoS etc) and refrain from announcing external IP ranges through Secura peering
Technical
Requirements
Customers should ensure that the service they are buying is right for their needs. However, during the engagement and on-boarding process, Secura will work with the customer to identify that the VPC service is the right platform for their on-going requirements.
Free Trial
of the VPC
A free, no obligation free trial of the Secura VPC is available. This will give customers the opportunity to test-drive the platform and assess its suitability for their requirements, with no commitment.
For more information and to set up a trial, please contact Secura on 0207 183 2540 by email at
[email protected] or sign-up online at http://securahosting.com/cloud-services/virtual-private-cloud/ test-drive-secura-virtual-private-cloud.
More Information
For more information on any aspect of the VPC service or on Secura as a business, please contact us on 0270 183 2540 or by email at [email protected]. We will be more than happy to answer your questions and discuss the benefits of the service in more detail.
