FCO Services Platform as a Service (PaaS) IL0-2 Service Definition Version 5.0 - Service Definition
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
UNCLASSIFIED
Service Definition
FCO Services
Platform as a Service (PaaS) IL0-2
Service Definition
Version 5.0
April 2014PaaS IL0-2 Service Definition
Table of Contents
Table of Contents ........................................................................................................................................... 2
1
Introduction .............................................................................................................................................. 3
2
FCO Services’ Cloud Solutions ............................................................................................................... 4
3
Service Description ................................................................................................................................. 5
3.1
Service Overview ............................................................................................................................. 5
3.2
Service Model .................................................................................................................................. 5
3.3
Provisioning ...................................................................................................................................... 7
3.4
Data Centres .................................................................................................................................... 8
3.5
Back up and Restoration .................................................................................................................. 9
3.6
Cyber Security .................................................................................................................................. 9
3.7
Monitoring....................................................................................................................................... 11
3.8
Customer Responsibilities .............................................................................................................. 12
3.9
Service Roadmap ........................................................................................................................... 12
4
Service Management ............................................................................................................................ 12
4.1
Service Support .............................................................................................................................. 12
4.2
Key Performance Indicators ........................................................................................................... 15
4.3
Utilisation and Reporting ................................................................................................................ 16
5
Financial ................................................................................................................................................ 17
5.1
Pricing Terms ................................................................................................................................. 17
6
Optional Service .................................................................................................................................... 18
6.1
Service Delivery Management ....................................................................................................... 18
7
Abbreviations and Acronyms ................................................................................................................. 19
Version 5.0 Page 2 of 20PaaS IL0-2 Service Definition 1 Introduction PaaS is a service hosted on FCO Services’ Pan Government Accredited (PGA) IL2 Cloud platform for customers to purchase virtual hardware, operating systems, storage and network capacity. Available to any department on the Government Secure intranet (GSi) or Public Services Network (PSN) at IL2, PaaS provides a fully managed and maintained operating system and virtual server environment without the FCO Service Government Secure Application Environment (GSAE). Version 5.0 Page 3 of 20
PaaS IL0-2 Service Definition
2 FCO Services’ Cloud Solutions
Cloud Computing has the potential to enable public sector organisations to deliver better and more flexible
Information Technology (IT) services at reduced costs. The FCO Services’ PaaS IL0-2 service eliminates
the cost and complexity of evaluating, buying, configuring, and managing complex environments and
provides organisations with the perfect platform for hosting IT infrastructure securely.
• Cost efficient. PaaS allows organisations to create a secure and effective IT platform by accessing
virtualised Cloud services, without the costly and complex refresh programmes of infrastructure that
are required in traditional IT
• Shared service. PaaS is less costly to operate than traditional IT delivery models because it is
delivered from a shared services facility that already supports multiple organisations. Organisations
can also reduce the requirement for physical office space by making use of a remotely hosted
solution
• Transparent. Pricing for PaaS IL0-2 is based on a published table of per-month charges aligning
with costs available for Cloud services available through FCO Services
• Secure environment. FCO Services has used its experience in operating secure IT services to
ensure that PaaS meets the standards required for IL0-2. The design of the PaaS IL0-2 platform
makes possible the use of technologies and monitoring services that may not be affordable with
individual installations
• Reliable. FCO Services’ Cloud Platform is designed with a high degree of resilience built into it and
is operated from two locations with separate network connections and power supplies. This offers
users a stable and reliable environment to remotely access PaaS IL0-2
• Flexible. Each PaaS IL0-2 tenant can be tailored to a customer’s individual requirements and can
be evolved as the business need evolves
• Cross-Boundary. Many IT services cannot be shared across organisational boundaries, and this
limitation impedes collaboration with stakeholders and partners. FCO Services’ Cloud Platform can
be accessed across the public internet and does not suffer the same limitation.
FCO Services has a unique position as a Trading Fund within Government, enabling it to support
commercial enterprises with their activity both inside and outside the public sector and to assist public
sector organisations as they transition to Cloud services from traditional IT services. PaaS IL0-2 realises
the cost and flexibility benefits of Cloud computing.
Version 5.0 Page 4 of 20PaaS IL0-2 Service Definition
3 Service Description
The name of the service is PaaS IL0-2.
3.1 Service Overview
PaaS IL0-2 allows organisations to access FCO Services’ established Cloud Platform through the public
internet.
FCO Services provides a fully managed service aligned to the ITIL v3 best practice framework from
implementation of the agreed PaaS IL0-2 solution, through patching and updates of the underlying platform
to providing a comprehensive service desk to address any issues. The solution provides organisations with
the ability to make strategic decisions to reduce the economic and environmental impact of their IT
solutions.
3.2 Service Model
PaaS IL0-2 is an offering from the IL0-2 platform for customers to purchase hardware, operating systems,
storage and network capacity over the internet; therefore PaaS IL0-2 is defined as a Public Cloud. This
allows the customer to procure virtualized servers and associated services for running existing applications.
The offering is managed by FCO Services up to and including the operating system, and we will ensure
that all software deployed by FCO Services is adequately patched with the latest recommended updates
from manufacturers and that all antivirus patches are applied, ensuring the platform is secure and stable.
FCO Services does not offer any Application Languages as such, but customers can utilise or procure
application languages of their choice for use in the PaaS IL0-2 platform. PaaS IL0-2 is available to both
Government departments and other commercial organisations that are looking for a secure Cloud Platform
to deliver their services to Government.
FCO Services provide three defined virtual server builds that can be used in the delivery of PaaS IL2.
Customers may also configure each virtual server up to a maximum of 24 vCPUs and 192GB of RAM per
server. The table below shows three standard server configurations and the components included in the
PaaS IL2 offering:
Components ↓
Large Medium Small G-Cloud
Level →
No of vCPUs 2 1 1 0.5
Processor Intel Xeon 2.6Ghz Intel Xeon 2.6Ghz Intel Xeon 2.6Ghz Intel Xeon 2.6Ghz
RAM (Standard) 16GB 8GB 4GB 2GB
Windows Server 2008 R2 Windows Server 2008 R2 Windows Server 2008 R2
Operating System Windows Server 2012 R2 Windows Server 2012 R2 Windows Server 2012 R2 Non-specific
Linux Linux Linux
Disk Space/20GB
1 1 1 8
Units
AV and OS
Yes Yes Yes Yes
patching
Security Operating
Yes Yes Yes Yes
System (SOC)
Monitoring Yes Yes Yes Yes
Daily Back Ups Yes Yes Yes Yes
Technical
Yes Yes Yes No
Assistance
RAM (High) 20GB 12GB 6GB No
Additional storage can be purchased in increments of 20GB to be used for live storage or
Storage
snapshot retention.
Version 5.0 Page 5 of 20PaaS IL0-2 Service Definition The final solution build would be done in consultation with the Cloud Services Onboarding Team to ensure all PaaS IL0-2 products are consistent and supportable. Should the customer require it, limited customisation may be possible. Any requests for changes or customisation to the service once operational would be classed as a Service Request, which the customer would submit via the FCO Services’ Global Support Centre (GSC). This would then be progressed and managed via the Change Management function, which is delivered as part of the support services offered. 3.2.1 Hypervisor FCO Services’ PaaS IL0-2 platform uses VMWare vSphere as its Hypervisor. VMWare vSphere provides a scalable and extensible platform that forms the foundation for FCO Services’ Virtualisation Management tools. VMWare vSphere centrally manages virtual environments providing FCO Services with dramatically improved control over the entire virtual environment. It provides unified management of all the hosts and virtual machines (VM) in our data centre from a single console with an aggregate performance monitoring of clusters, hosts and VMs. 3.2.2 Open Standards FCO Services is able to offer tools to on-board applications delivered in the Open Virtualisation Format (OVF). Applications and services operating on the FCO Services’ PaaS IL0-2 platform are published to customer networks via proxy devices which support and police W3C standards compliance for security and compatibility. 3.2.3 Open Source FCO Services’ hosting platform is based on commercial software, however we do also offer ‘Gold’ build virtual machines containing the CentOS Open Source operating system based on Linux. Other open source products are in use providing platform support functions. Further information on these can be made available under a Non Disclosure Agreement (NDA) to prospective customers. 3.2.4 Technical Boundaries The PaaS IL0-2 platform boundaries are the virtual network interfaces of the customer’s VMs. FCO Services is responsible for components outside this boundary, with the exception of any public networks involved in delivery of the solution (See 4.2 for further detail on service boundaries and availability). The customer is responsible for all software, configuration, and operations on the guest virtual machine. Application Programming Interface (API) access is not available on the PaaS IL0-2 platform. 3.2.5 Burst Resources Compute resource allocations within the platform are static; this includes the processing power and memory allocations to the virtual machines. 3.2.6 Elastic Resources All resources can be increased and reduced in line with the FCO Services’ Compute Unit specifications by raising change requests with FCO Services’ GSC. 3.2.7 Guaranteed/Non-Guaranteed Resources Compute resource allocations within the platform are all guaranteed; this ensures that all processing and memory allocations to the virtual machines are always reserved and available for the customer. 3.2.8 Persistence All storage within the FCO Services’ PaaS IL0-2 platform is persistent and available following scheduled reboots or application instance failures. System Memory space on the virtual machines is non-persistent. Version 5.0 Page 6 of 20
PaaS IL0-2 Service Definition 3.2.9 Data Storage and Processing The PaaS IL0-2 products are deployed across FCO Services’ IL0-2 data centres, situated within a secure site in the UK. Each ‘Locale’ is a physically separate set of infrastructure, and provides resilience in that should one locale fail, it will not impact any other locale. All data processing is carried out within FCO Services’ Data Centres, supported by Developed Vetting (DV) cleared personnel. 3.2.10 Network FCO Services’ PaaS IL0-2 is available via the internet. The network bandwidth is provided as a ‘contended’ allocation on a shared bearer up to the maximum bandwidth available on the connection. Customers have the option to purchase dedicated, non-contended bandwidth at an additional cost. FCO Services holds and is responsible for a Code of Connection and all users of PaaS IL0-2 will have to comply with that Code. 3.2.11 Anti-Virus and Operating System Patching Antivirus updates are deployed on a daily basis. Operating System Patches are deployed on a monthly basis. 3.3 Provisioning There is no ‘self service’ provisioning available for PaaS IL0-2. Should the customer wish to procure services within this offering then there will be a requirement for pre-deployment consultancy to ensure that the proposed solution meets both the customer requirements and also any security constraints regarding working at PaaS IL0-2. This function will be delivered by a dedicated on-boarding team, whose primary role is to engage with customers to ensure that the solution delivered will meet all their requirements. Once the final solution has been defined and agreed, FCO Services will provision the solution within five working days. 3.3.1 On-Boarding The customer will define the business need that they are addressing and the number of virtual machines required is agreed in consultation with the FCO Services’ Onboarding Team. FCO Services will then deploy the requested VMs and allocate specific storage. Following appropriate security measures, FCO Services will then send details of how the customer can connect and manage their VMs. The Onboarding Team will be available to assist the customers and provide technical assistance in the deployment of any applications the customer wishes to deploy. 3.3.2 Off-Boarding (Data Extraction/Removal) Data can be extracted at any time during the term of the agreement. If this is required, then the customer would need to raise a Service Request via the FCO Services’ GSC. The data would be made available to the customer within five working days and would be presented as a virtual HDD on appropriate media, such as a VMWare vmdk file or files. All data extraction/removal is a chargeable service. 3.3.3 Information Principles for the UK Public Sector The FCO Services GSAE Platform supports some of the Information Principles for the UK Public Sector, in that not all principles are strictly relevant for a PaaS offering. Specifically, the 7 Principles are supported as stated below: Version 5.0 Page 7 of 20
PaaS IL0-2 Service Definition
Principle FCO Services Response
Information is a Valued Asset The GSAE Platform is a resilient and fully managed hosting
service with documented backup, recovery and availability
procedures. All Information stored in the Platform, including
backups and resilient copies are located in UK Government
Sites and will be protected as valued assets.
Information is Managed All information in the GSAE Platform is Managed appropriately
as an HMG data Asset. Governance is defined and
documented in the System Risk Management and
Accreditation Documentation Set (RMADS). FCO Services, as
a Government Organisation, operates its systems in
accordance with all relevant HMG Information Management
Standards.
Information is Fit for Purpose All Information collected and stored for operation of the
Platform is stored and processed in appropriate formats and is
necessary for platform operation and compliance with relevant
regulations. Information stored by Customer systems operating
on the Platform is not modified or used by FCO Services in any
way.
Information is Standardised and Linkable As a PaaS system GSAE does not natively deliver on this
principle. Information formats and publishing methods are the
responsibility of tenant applications. However, FCO Services
strongly encourage tenant applications to support Web
Standards and be deployed and published to appropriate
networks.
Information is Re-Used As a PaaS system GSAE does not natively deliver on this
principle. Information use and publishing are the responsibility
of tenant applications. It is not appropriate, as a service
provider to re-use tenant information. However, as a Shared
Service the GSAE platform enables an innovative and flexible
shared platform for application providers to build shared
services and repositories.
Public Information is Published The GSAE IL0-2 platform has managed internet access
gateways and can be used as a hosting platform for publishing
information to the Public.
Citizens and Businesses Can Access The GSAE IL0-2 platform has managed internet access
Information About Themselves gateways and can be used as a hosting platform for publishing
information to the Public. Appropriate controls around right of
access and auditing are the function of the hosted application,
not the platform itself.
3.4 Data Centres
FCO Services’ Data Centres providing PaaS IL0-2 are classified as TIA 942 Tier 3 data centres. This is a
self certified assessment, and details can be provided if requested.
Version 5.0 Page 8 of 20PaaS IL0-2 Service Definition The data centres are staffed 24/7 and are fully temperature and humidity controlled, incorporating fire detection systems. Access to the server rooms is secure and controlled by card and pin number access. Only FCO Services’ staff with DV security clearance are allowed access to the room unaccompanied. Any other access to the server room is by appointment only restricted to office hours (Mon-Fri 0830-1630). Electrical power for the server farm is delivered from a 2MVA Uninterruptible Power Supply (UPS), which is capable of supporting the facility for up to ten days. All cabling is CAT5, CAT6 or fibre optic and is positioned and secured to appropriate cable trays with adequate capacity for growth. 3.5 Back up and Restoration Data restoration or back ups are not provided as part of the standard offering, but are available as a costed option. Should this option be taken up, a brief explanation of the backup policy/process is included below. Backups are snapshots which are taken on a daily basis. These snapshots contain all the virtual machine builds and all data. Data restoration is available by customers raising a Service Request via the FCO Services’ GSC. Once this request is received, data can be restored from any point within the 14 days prior to the request being received, as the snapshots are kept for 14 days before being overwritten. All requests for data restoration will be completed as a Priority 4 request and will be completed within either 24 or 36 hours of the request being received, depending on the level of service procured. Customers much purchase sufficient GSAE Storage to cover live disk data and snapshot storage. FCO services on-boarding team can advise on appropriate storage capacities. 3.5.1 Information Lifecycle Policy All snapshots are retired from storage systems after 14 days. Longer data retention times are available at an additional cost, should the customer have a requirement for this, and this can be defined and agreed during pre deployment consultation. 3.6 Cyber Security Full security monitoring of customer applications is an optional chargeable service for PaaS IL0-2, and is not included as standard. FCO Services use a range of tools, specifically selected and tailored to your customer needs. This ensures that FCO Services are able to monitor all services, and record all operational data on a small number of tools, enabling accurate management information to be produced to both internal FCO Services’ management and the customers. These tools include the Security Operating Centre (SOC) and FCO Services’ suite of monitoring tools. 3.6.1 Security Operating Centre The SOC is designed to provide an accredited protective monitoring solution, compliant with the requirements of GPG13 predominantly to FCO Services’ clients within Government as well as to clients within the Critical National Infrastructure sector. There are four levels of segmentation used to define the core level of service that the SOC protective monitoring solution will offer. These four levels map directly to the CESG Good Practice Guide number 13. The four levels are: Aware, Deter, Detect & Resist and Defend. Version 5.0 Page 9 of 20
PaaS IL0-2 Service Definition
The FCO Services’ SOC provides a protective monitoring solution that correlates and amalgamates the raw
data from all the system logs (network switches and firewalls etc), event log accounting data from the
Windows servers and clients, UNIX server syslogs and the alerting output from the intrusion detection
systems. These are then fed into a uniform alerting dashboard provided by the Security Information and
Event Management (SIEM) system which will be available to all the analysts and SOC management staff.
The SOC is built to handle data up to and including IL5 and should be independently accredited by
customers to that level if their requirement demands it.
The SOC Core service provides the following key features;
• Alignment with CESG Good Practice Guide 13
• Provision of counter-measures to assist with conformity to Security Policy Framework
• Reducing the residual risk figure – IS1 calculations
• Providing a security barrier for inclusion within the RMADS
• Securing outsourcing of Protective Monitoring solutions from a trusted Government Data Centre
• Providing monthly reporting statistics on events and attacks
• Helping to ensure systems are operating according to policy
• Removing the burden of complex security analysis from the client’s workforce.
3.6.2 Aware IL0/1
For client systems that require protective monitoring and are within the segmentation level of Aware, the
SOC can offer the following monitoring states.
• Analysts on Station - 9 to 5 Monday - Friday
• SIEM will be used to monitor system and network logs
• First response (Critical Events) - Within a working day
• Investigation Initiated – Within four working days
• Log retention – Three months
• IDS deployed – As required
• Accurate Time Source - Clocks within the data centre (PMC1)
• Recording of Boundary Traffic - Detect Malware via IDS and Boundary Devices AV (PMC2)
• Recording of Suspicious behaviour at Boundary - Dropped packets at Firewall reported to SIEM
(PMC3)
• Recording on Server and Workstation - Report critical Messages/Malware Detection reported by
system logs to SIEM (PMC4)
• Recording of Suspicious internal network activity - Dropped packets (Internal Firewalls) reported to
SIEM (PMC5)
• Monitoring of Network Connections - Remote user access failure VPN or change in DHCP status,
reported by system logs to SIEM (PMC6)
• Recording of session activity by user workstation - Log On/Off reported by system logs to SIEM
(PMC7)
• Recording of data backup status - Backup, test and recovery failures reported by system logs to
SIEM and Operations Hawkeye Consoles (PMC8)
• Alerting critical events - Alert messages routed to and displayed on SIEM Dashboards (PMC9)
• Status of the audit system – Monthly reporting from the SIEM (PMC10)
• Management reports - Sanitised and statistical management reports will be produced by the SIEM
(PMC11)
• Compliance review – Yearly.
Version 5.0 Page 10 of 20PaaS IL0-2 Service Definition
3.6.3 Deter IL2/3
The SOC can offer the following monitoring states for systems that require protective monitoring and are
within the segmentation model Deter. The states below are in addition or above those listed for the Aware
model.
• Analysts on Station - 9 to 5 Monday - Friday
• SIEM will be used to monitor system and network logs
• First response (Critical Events) - Within four hours
• Investigation Initiated – Within two working days
• Log retention – three to six months as required by the client
• IDS deployed – On Boundaries as required
• Accurate Time Source – Cryptographic checksums (PMC1)
• Recorded blocked file import/export and blocked web browsing (PMC2)
• Recording of suspected boundary attacks, recording of user sessions at boundary devices (PMC3)
• Record changes to file or path access rights or failed file system access attempts (PMC4)
• Recording of user sessions on internal network devices, user authentication failures on internal
network devices (PMC5)
• Recording of failed attempts to connect network devices or WiFi points and record user sessions on
network consoles (PMC6)
• Record user lock-out and privilege escalation on Servers (PMC7)
• Graphical display of alert streams dashboards (PMC9)
• Rolling Top Ten attacks displayed on dashboard (PMC11)
• Compliance review – Yearly.
3.6.4 Additional Monitoring
The SOC is capable of recording and monitoring other services; for example intrusion prevention or file
integrity monitoring (as additional cost items as the client’s designs demand). The table below details the
current additions to the services.
Description Pricing Model
Additional Log Retention Per GB
Full Packet Capture Per GB
Intrusion Prevention System – blocks some Per Service – single deployment cost
attacks
It is recommended that these additional services should be discussed with the Onboarding Team at the
consultation phase in order to effect smooth provisioning.
3.7 Monitoring
FCO Services has a suite of monitoring tools, such as HP Operations Manager for Windows, HP Business
Availability Centre, HP OpenView Performance Manager and What’s up Gold. Standard monitoring
capability is as shown below:
Operating System Monitoring for Windows, LINUX and UNIX platforms:
• Common Windows services and UNIX processes
• Disk utilisation thresholds
• Performance threshold alerts – CPU, disk, memory, page file etc
• Event log monitoring – Windows includes application, system & security + UNIX logs.
Version 5.0 Page 11 of 20PaaS IL0-2 Service Definition
Database monitoring:
• Microsoft SQL Server
• Oracle
• Key database performance threshold metrics and performance thresholds.
Performance management data is collected via OpenView Performance Agent (OVPA)
Performance management data provides:
• Infrastructure threshold alerts – CPU, memory, disk and network type threshold events
• Application threshold alerts via Smart Plug In (SPI)
• Weekly and monthly reporting including:
o Near real time reporting
o Historical reporting
o Long term reporting.
The suite of monitoring tools deployed by FCO Services is for internal use only, detected issues will be
escalated to customers via existing support channels. Management tools are not accessible to customers
or external third party suppliers.
3.8 Customer Responsibilities
Customers of PaaS IL0-2 will be responsible for the following:
• Application accreditation - (FCO Services can provide this as a chargeable service)
• Complying with FCO Services’ Code of Connection for Internet services
• Accredited PaaS IL0-2 access systems
• Application Backup and Restore
• Application Monitoring
• Application to be hosted
• Application user interface
• Information on sizing of application.
3.9 Service Roadmap
The PaaS IL0-2 service will be kept up to date through a continuous review process which seeks to evolve
the offerings both on the existing processing tiers, and also into wider customer networks and impact
levels.
The PaaS IL0-2 offering will be extended to include a larger number of managed platform instances
covering popular application stacks.
PaaS IL0-2 is likely to be enhanced with tiered storage offerings to give customers increased flexibility in
building their applications.
4 Service Management
This section describes the common approach to service management that is taken by FCO Services across
all of its services. It also explains how FCO Services ensures data availability and service reliability to
customers. FCO Services’ PaaS IL0-2 platform benefits from the following Service Management
components.
4.1 Service Support
Leveraging our existing Cloud Services Operating Model, which is aligned to ITIL v.3, FCO Services will
ensure the smooth operation and delivery of the PaaS IL0-2 platform. FCO Services’ support staff have
Version 5.0 Page 12 of 20PaaS IL0-2 Service Definition strong skills and knowledge of the service and its associated components. The support organisation offers fast resolution times and provides a channel for customers’ voices to be heard. Feedback from customers provides input to the planning, development, and operations processes. Support staff also play an integral part in Continual Service Improvement and identify actions from the ground level to the benefit of the services they support and provide. 4.1.1 Incident Management Incidents will be recorded in accordance with the standard FCO Services’ Incident Management process and with the appropriate priority within the FCO Services’ GSC. All incidents will be recorded in FCO Services’ Service Management toolset, which is fully integrated to ensure detailed management information, is available, ensuring consistent high levels of support is maintained. All incidents will be actioned and progressed as defined in the FCO Services’ Incident Management policy and processes, and will aim to achieve the key performance indicators as defined in section 4.2. 4.1.2 Event Management The various tools deployed will monitor the PaaS IL0-2 and will capture any event based on pre-set thresholds and triggers. Any events which affect either capacity or availability of PaaS IL0-2, or raise the risk of a service being impacted will be recorded into the service management tool and treated as an incident by the GSC service desk. This automated monitoring will provide further assurance that the availability of PaaS IL0-2 will remain consistently high. 4.1.3 Problem Management FCO Services operates an effective problem management process as part of the delivery of all PaaS IL0-2 products. We maintain a problem register to record the treatment of each known problem and its proposed resolution. The problem register is the subject of a monthly review by service delivery management and will be an input to development and enhancement plans for products and services. 4.1.4 Change Requests Should the customer require configuration or customisation activities to be completed by FCO Services these will be processed in accordance with our Change Management Process and catagorised as either Minor or Major changes. Minor changes are defined as those changes that have little impact on the overall confidentiality, integrity or availability of service or application. As opposed to Service requests, minor changes are defined as small changes that cannot be fulfilled through the normal administrative tools. Examples of minor changes include: • Rename a Server • Add / Remove Network Interface Card (NIC) • Change INBOUND Access to a Tenant (Firewall & F5) • Change OUTBOUND Access from a Tenant (Firewall & F5) • Change F5 Load balancing • Firewall White listing (User & Administrator Access) • Add / change / delete an Email Domain (for existing tenant) • Add / change / delete an Administrator Account (for existing tenant). Organisations often question if they have to create a service request or a request for minor change. Both have in common a minor impact and a predefined workflow. There will typically be grey areas between Version 5.0 Page 13 of 20
PaaS IL0-2 Service Definition Request Fulfillment and Change Management processes. Minor changes (as opposed to service requests) do not require an RFC and will be charged at a rate of £195 per change. Major changes are covered under the standard change request process and will need to be assessed on a case by case basis. 4.1.5 Release Management The FCO Services’ Release Management process ensures that all releases of new or changed components are effectively planned, designed, tested, packaged and deployed in a methodical and consistent manner, thereby protecting the integrity of the PaaS IL0-2 platform and maintaining the availability of all services to customers. 4.1.6 Configuration Management The configuration management process manages and controls the revision of all managed components of the PaaS IL0-2 platform that have been released to production. Configuration Items (CI) managed by this process include hardware items, software components and their object code, network items, documentation, and any other elements within the IT infrastructure that FCO Services needs to control. Data is stored in a logical entity (the configuration management database or CMDB). Configuration management maintains the status of all CIs (e.g. live in production, retired, in-stock etc.) on the PaaS IL0-2 platform and includes any backup documentation related to a CI. It creates, maintains, tracks, and reports on information that enhances the ability of other supporting processes to be effective, especially the change, problem, and release management processes. 4.1.7 Capacity Management The FCO Services’ Capacity Management process assures that the relevant capacity is available to meet the performance requirements of all customers of the PaaS IL0-2 products, keeping capacity aligned to the needs of customers by acting on historical demand and forecast demand data. Capacity management reports will be used to meet predicted demand or to correct capacity-related incidents. The components of the PaaS IL0-2 platform which fall into the scope of capacity management for the PaaS IL0-2 platform are as follows: • IL3 blade enclosure • Virtual machine hosts • Storage • Virtual machines • Licenses • Database performance • Backup processes • Network • Environment 4.1.8 Availability Management The PaaS IL0-2 Service Level Agreement (SLA) will have an agreed set of performance management metrics that cover the end to end performance management and measurement to assure service availability (see section 4.2). The PaaS IL0-2 platform has been designed to ensure high levels of availability for all hosted applications, and to ensure that there is always adequate availability. Real-time and historical data regarding all aspects Version 5.0 Page 14 of 20
PaaS IL0-2 Service Definition
of capacity utilisation and availability management, including network and servers (both physical and
virtual) are provisioned through the automated performance collection tools and the suite of monitoring
tools available to the FCO Services’ Operational Support teams.
4.1.9 Service Level Management
Service Delivery Management function supports the Service Desk (GSC) ensuring that the services being
provided to PaaS IL0-2 customers are aligned to the individual needs and to contractual obligations.
Additional Service Delivery Management Services can be requested as per section 6.1.
4.1.10 Global Support Centre Service Desk
The FCO Services’ service desk, known as the GSC will be the single point of contact for the receipt of all
calls from customers and is available 24/7/52. Customers will be able to either phone or email the GSC
service desk to raise incidents or service requests. The GSC service desk is based around a fully
configured and integrated service management toolset. This tool will be used to record all incidents raised
by customers concerning PaaS IL0-2. The GSC service desk will have available a detailed knowledge
base, enabling first line staff to assist customers at the point of call, and maintain high first time resolution
rates.
FCO Services does not provide a facility for the GSC to be utilised by any third party for their services for
security reasons.
The dedicated and highly motivated team at the heart of service management, combined with the use of
the processes and tools available will enable us to provide a highly flexible and scalable service in delivery
of PaaS IL0-2.
4.2 Key Performance Indicators
4.2.1 Availability Key Performance Indicator (KPI)
Availability Key Performance Indicator (KPI) measures the extent to which the PaaS IL0-2 platform is
available to customers of the service.
There will be two levels of support available for PaaS IL0-2.
Core hours are defined as Monday to Friday 7AM-7PM (UK time) excluding UK Bank Holidays
How we calculate the SLA:
_____________________________________________________________________________________
The minimum “Monthly Uptime Percentage” for a Service is calculated by the following formula:
(Available Minutes* - Downtime) / Available Minutes x 100
*Minutes available during agreed reporting period excluding planned maintenance minutes
_____________________________________________________________________________________
Availability KPIs measure the extent to which the GSAE Platform is available to organisations.
The service is made available to its customers: 24 hours a day, 7 days a week.
The target level of availability is shown in the table below:
Service
Availability*
Description
99.9%
core
/
Includes
Core
infrastructure
and
internal
network,
but
excludes
Customer’s
Gold
95%
non
core
Internet
provision
Includes
Core
infrastructure
and
internal
network,
but
excludes
Customer’s
Silver
95%
core
only
internet
provision
Version 5.0 Page 15 of 20PaaS IL0-2 Service Definition *Availability is measured from an access point on the FCO Services’ Data Centre side of the boundary internet router within FCO Services’ Data Centre to the application. It does not apply to the router itself, or any portion of the circuit outside of this router. Customers are responsible for their own access to the internet. Additional Service levels are available upon request. 4.3 Utilisation and Reporting No real-time customer accessible reporting is available at the time of writing this document. However, if required, FCO Services can produce a monthly service report for all customers containing information relating to the service levels and availability targets defined within this document. Version 5.0 Page 16 of 20
PaaS IL0-2 Service Definition
5 Financial
PaaS IL0-2
VM Specification VM Size Per Annum Price £ Price Per Day £
Standard RAM Large 8,630 23.64
Standard RAM Medium 6,030 16.52
Standard RAM Small 4,030 11.04
Standard RAM G-Cloud 3,430 9.40
High RAM Large 9,630 26.38
High RAM Medium 7,030 19.26
High RAM Small 4,730 12.96
Additional CPU Unit Per Annum Price £ Per Day Price £
Size
vCPU 1 750 2.05
Additional Unit Per Annum Price £ Per Day Price £
Memory Size
GB 1 500 1.37
Storage Unit Per Annum Price £ Per Month Price £
Size
Storage Unit 20GB 50 0.14
Bandwidth Unit Per Annum Price £ Per Month Price £
Size
Dedicated 1MB 620 1.70
Non-Dedicated 1MB 120 0.33
On-Boarding/Off-Boarding Price £
On-Boarding Cost - Dedicated Bandwidth 620
On-Boarding per Separate Tenant Environment 3000
On-Boarding per VM 300
5.1 Pricing Terms
• FCO services does not offer any free trial periods for any services provided
• Prices are in pounds sterling and exclude Value Added Tax (VAT)
• Invoicing is in accordance with FCO Services’ Terms & Conditions
• On-Boarding and Off-Boarding quoted prices are for Virtual Machine provisioning only
• On-Boarding does not include accreditation of any customer deployed software
• Payment options are as per FCO Services’ Terms & Conditions.
Version 5.0 Page 17 of 20PaaS IL0-2 Service Definition
6 Optional Service
6.1 Service Delivery Management
FCO Services offer additional services for PaaS IL0-2. These Services are not available as standard for
PaaS IL0-2, however; can be made available at additional cost. As each customer may have differing
requirements, FCO Services’ Onboarding Team will provide consultancy and advice prior to provisioning.
The Service Delivery Manager will be supported by experienced technical and service architects along with
the security consultants whose services will be available as required throughout the term. They will act
together as the Design Authority, to assure continued integrity of the service, to review and provide an
impact analysis of proposed changes, to moderate on technical issues, to maintain design/process and
technical documentation.
The Service Delivery Manager will also deliver the following value add.
• Understand the client’s needs and expectations and develop strategies to exceed and continuously
improve
• Monthly Review Meetings
• Service Improvements Plan (SIPS) or Continuous Service Improvement Plan (CSIP)
• Ongoing process management to ensure continual improvement of key metrics and deliverables
• To act as the single point of contact for all service related issues and provide relationship ownership
and continuity service
• To identify and manage issues and risks and take responsibility for reporting issues and risks in a
timely, open and appropriate manner
The Customer will make a request for SDM services through the service desk as a service request. FCO
Services will respond to this service request within two working days. Subject to availability of qualified
FCO Services resources, the parties will agree a commencement date for the SDM services. The SDM
services will require completion of an additional Order Form by the Customer.
Version 5.0 Page 18 of 20PaaS IL0-2 Service Definition 7 Abbreviations and Acronyms Abbrev. Meaning API Application Programming Interface CESG Communications-Electronics Security Group CI Configuration Item CMDB Configuration Management Data Base CPU Central Processing Unit CSIP Continuous Service Improvement Plan DV Developed Vetting EDM Enterprise Delivery Model EUD End User Device GB Gigabyte GHz Giga Hertz GSAE Government Secure Application Environment GSC Global Support Centre GSi Government Secure intranet HDD Hard Disk Drive HMG Her Majesty’s Government HP Hewlett Packard IL0-2 Impact Levels 0 – 2 IT Information Technology ITIL Information Technology Infrastructure Library KPI Key Performance Indicator MVA MegaVoltAmp NDA Non-Disclosure Agreement NDC Non Disclosure Agreement NIC Network Interface Card Version 5.0 Page 19 of 20
PaaS IL0-2 Service Definition
OS Operating System
OVF Open Virtualization Format
OVPA OpenView Performance Agent
PaaS Platform as a Service
PGA Pan Government Accredited
PIN Personal Identification Number
PSN Public Services Network
RAM Random Access Memory
RFC Request for Change
RMADS Risk Management and Accreditation Documentation Set
SDM Service Delivery Manager
SIEM Security Information and Event Management System
SIPS Service Improvements Plan
SLA Service Level Agreement
SOC Security Operations Centre
SPI Smart Plug In
UK United Kingdom
UPS Uninterruptible Power Supply
VAT Value Added Tax
VM Virtual Machine
24x7, 99.90%, accredited, Advisory, Agency, Anti, Anti Virus, API, Application Programming Interface, Applications, archive, Assured, austerity, Authority, availability, availability management, aware, Azure, back up, backup and restoration, bandwidth, benefits, bespoke, blade, Boundary Devices, Burst, burst resources, capacity management, case management, Central , CESG, Change
Management, changes, Classified, Cloud, clusters , CMDB, co hosting, Code of Conduct, Code of Connection, collaboration, Communication, Communications Electronics Security Group, complex, complexity, compliance, compute, computer, computers, Confidential, configuration, configuration management, configuration management database , configurations, consistent, Consultancy,
consultation, contended bandwidth, Content Management, core, cost effective, cost reduction, Counter measures, CPU, critical events, CRM, Crown to Crown, Customisation, customised, Cyber Security, daily, data, Data Centres, Data extraction, Data removal , Data Storage, data transfer, databases, dedicated, Deep Vetting, Defence, defend, deploy, Deprovisioning, detect, Detect Malware,
deter, develop , developer, development, device, Devices, Digital, Disaster recovery, documentation, downtime, dual hosting, DV, easy to use, EDM, EDRM, education, effective, effectiveness, efficiency, efficiencies, Elastic, elastic resources, Email, encrypted, encryption, Enterprise Delivery Model, Environment, ERM, ERP, Event Management, facilities, FCO Services, FCOS, first response,
flexibility, Foreign and Commonwealth Office Services, Foreign Office, Gigabyte, Gist, Global, Global Support Centre, Global Support Service Desk, Good Practice Guide (CPG)13, Government, Government Secure Internet, Green, GSAE, GSI, Guaranteed/Non Guaranteed, Hard Disk Drive, hardware, Hawkeye, HDD, Healthcare, high, Home Office, host, hosting, hosts, hour, Huddle,
Hypervisor, Hypervisor, IAAS, IDS, IL0, IL0-1, IL0-2, IL1, IL1-2, IL2, IL3, IL4, IL5, IL6, images, Impact Level, improve , improvements, Incident Management, Indicator, information, infrastructure , Infrastructure as a Service, integrated, Intelligence, International, intruder detection, Intruder Detection System, intuitive, investigation, ITIL, Key, KPI, legacy software, libraries, library, Linux, List x,
Local Council, log retention, low, maintenance, managed, management reports, memory applications, Memset, Microsoft, Microsoft, minimal risk, mission critical, Monitoring, month, monthly, National, network, networks, NHS, non dedicated, non-contended bandwidth, Off boarding, open source, Open Standards, Open Virtualisation format, open virtualization format, Openview Performance
Agent , Operating, operating system, operating system patches, Operations, Oracle, Overseas, OVF, OVPA, PaaS, Pan Government Accreditation, pay as you go, pay on demand, PAYG, Penetration, Performance, Performance KPIs, Persistence, PGA, platform, Platform as a Service, Police, Posts, Private Cloud, proactive, process, processing , Productivity, Proof of concept, protect,
Protected, Protective Monitoring, Provider, Provisioning, Provisioning, PSN, Public Cloud, Public Services Network, RAM, RAMDS, release management, reporting, request fulfilment, resilience, resist, resource, response, Response Times, restoration, risk management, Risk Management and Accreditation Documentation Set , risk mitigation, RMADS, SaaS, scalability, scale, scaleable, SCS,
Secret, secure, Secure Cloud Platform, Secure communications, Secure device, security, security analysis, Security Information and Event Management, Security Operating Centres, Security Policy Framework, Security Vetting, Self provisioning, self service, server, service, Service Level Agreement, service level management, Service Request, Severe, Sharepoint, SIEM, simple, single
hosting, Skyscape, SLA, snapshots, SOC, software, Software as a Service, Solution, sovereignty, Special Cloud Service, SQL Server, Standards, storage, store, subscription, supportable, suspicious behaviour, Sustainability, SV, Technical Boundaries, test, Thresholds, TIA 942 Tier 3 Data Centre, tool, tools, Top Secret, Trusted, Trusts, UK, Unclassified, Unified Management, Uninterruptible
Power Supply, Unix, unmanaged, upkeep, UPS , upscale, uptime, Vetted, Virtual, Virtual Machine, virtual machine builds, Virtual Private Network, Virtualisation Management Tools, Virtualised servers, Virus, Virus detection, Virus update, VM, VM hosts, VMWare, VMWare V Centre, VPN , W3C Standards, Windows,
© Crown Copyright 2014. No part of this document may be reproduced in any form or by any means, electronic or mechanical, including photocopying, for any purpose other than for use by
the Foreign and Commonwealth Office without the express permission of FCO Services.
Further copies of this document are available on request from: FCO Services, Hanslope Park, Milton Keynes, Buckinghamshire, MK19 7BH
Version 5.0 Page 20 of 20You can also read
