vDCaaS (virtual Data Center as a Service)

Virtual DataCenter as a Service (vDCaaS) offers the capability of provisioning all the components of a (virtual) DataCenter: virtual machines, storage resources, networking resources (logical LANs, virtual routers, load balancers, virtual firewall, etc). You can define the topology and architecture of your vDC. The cloud Platform is based on OpenStack


  • Define the topology and architecture of your vDC (virtualDataCenter).
  • Deploy your network resources: virtual-LANs, virtual-routers, load-balancers, virtual-firewall, etc.
  • Deploy your Virtual Machines (different flavors and operating systems).
  • Provision the storage you need: choosing performances and features.
  • Snapshot service available for both virtual machines and/or storage.
  • Templates for resources deployment orchestration and automation.
  • Graphical Management Dashboard.
  • Real time usage metrics.
  • 2 Mbps bandwidth included per floating IP
  • 24h*365d Advanced Service Desk Support


  • Pay-per-use (hours of virtual data center).
  • Specific capabilities could be requested: images, storage, etc.
  • Open, Interoperable (based on OpenStack). No vendor lock-in. Portable.
  • Service and operations are IS0-27001 & ISO-20000 certified.
  • Reliability and availability: Tier IV DataCenter in the EU.
  • EU Privacy laws compliancy.
  • High Energy Efficiency: ISO-50001, ISO-14001, EU Code of Conduct.
  • Ready for Hybrid Cloud deployment.


£0.15 to £3.60 per unit per hour

Service documents

G-Cloud 9




+34 963 939 900


Service scope

Service scope
Service constraints This service is build on “OpenStack”, an Open Source Cloud Computing Software (supported by probably the most active and biggest cloud community and it’s backed by a Foundation too), so it depends on it.
System requirements
  • Internet connection required to access the service.
  • Traffic open (routing, ACL, firewall permission, open ports, etc)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide:
• 7x24 h for web and e-mail access
• 8h to 17h, Monday to Friday support for phone calls (Central European Time)
The response times we offer depends on the serverity of the incident
For critical priority incidents (Critical impact on business) the response time is 4 hours.
For high priority incidents (Significant impact on business) the response time is 12 hours
For medium priority incident (Minimum impact on the business) the response time is 24 hours
For low priority incidents (No impact on business) the response time is 48 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels We provide an unique support level for our service, standard support. This support is included in the service price without additional cost.
The response times of the standard support depends on the serverity of the incident:
For critical priority incidents (Critical impact on business) the response time is 4 hours.
For high priority incidents (Significant impact on business) the response time is 12 hours
For medium priority incident (Minimum impact on the business) the response time is 24 hours
For low priority incidents (No impact on business) the response time is 48 hours
We provide a technical account manager or cloud support engineer for Customers that purchase us the “enhanced dc” or “premium dc” packages, or for customers that purchase us various inferior vDC packages but the sum of what they pay per month is equal or superiar at the price of “premium dc” package.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The service will be activated and available next day after we get the Contract signed by you.
To enable the service we must:
• Configure the access to the service.
• Configure our firewall rules to let your access.
• Assign credentials (user and password).
• Set the data access url.
• Set the dashboard url.
• Provide all above to the customer by email.
We provide the customer manuals of our service.
We provide access to our support web with access to manuals, FAQs, questions and answer and other documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Concerning to the Data extraction, once Customer has shown (either explicitly or implicitly or in omission or by default) he is not interested on the renewal of his Contract or in case of “earlier termination” we commit to remind him (supplying a list of) his computing units active instances, so the customer can extract them.
We also provide consultancy services to assist you, the Customer, in your data extraction process. This consultancy services should be requested with enough time in advance. If the customer has problems to extract data, you should pact with us an additional persistence period that could be billed to you (at the established services prices) depending on your historic usage of our service. For these consultancy services we’ll apply an average price of £50.00 per hour (VAT not included) and the same remaining condition stated for on-boarding processes. You, the Customer, will be responsible for providing our staff the access to your data destination (user, password, url, IP and in general any necessary information to get access to your data destination).
End-of-contract process One month before the end of the Contract we send you a notification with the expiration date and a request for its renewal or advising you about to revoke the service and erase your data.
If expiration date is reached, unless we have received your termination notification, a new notification is sent asking you for its urgent renewal on the next 2 business days or warning the service unavailability then.
After those 2 business days the access to computing units and its data will be lost. The Customer can explicitly request for a free extra-persistence of data for a 5 calendar day period, after which data will be completely erased: this complimentary extra service is only to let Customer verify the consistency of its downloaded data, but without normal access to our service. Then the Customer will be able to audit the probes of its destruction for 10 days after the effective day of destruction: expenses of this audit will be afforded by Customer.
If you detect any problem in your downloaded data during the extra-persistence period, you could decide to renew the service for a month more at your cost or contract our consultancy services to help you.

Using the service

Using the service
Web browser interface Yes
Using the web interface All the functionalities of the service are available through the web interface.
If the user cannot do an action or change through the web interface is because this functionality is not available in the service.
Web interface accessibility standard WCAG 2.0 A
Web interface accessibility testing We are planning to do some web interface testing. At the moment we have not done complete web interface testing.
What users can and can't do using the API There’s a programmatic interface (or API). In such way, developers can automate access or build tools to manage their resources using the native OpenStack RESTful APIs (each component has its API). They are RESTful and OCCI (the Open Cloud Computing Interface) compliant. (Note: OCCI is a Protocol and API for all kinds of Management tasks, currently supported by OpenStack and others that comprises a set of open community-lead specifications delivered through the Open Grid Forum)
OpenStack also has Amazon Web Services’ EC2 and S3 compatible APIs.
API automation tools OpenStack
API documentation Yes
API documentation formats HTML
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Our Data Center management and operations are certified in the ISO 20000 standard. One of the most important process we manage is Capacity Management. We have applications that monitor the capacity of the systems, and generate alerts in case the defined umbral is exceeded.
By means of the capacity plan and the continuous management of the infraestructura capacity, we can rapidly manage the necessary resources to the service according to our processes.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Our Information Security Management System is ISO 27001 certified. We have specific procedures for data at rest protection:
The pysical access to the hard disk is protected by Data Center biometric access control.
We have perimeter-based defenses such as firewalls and anti-virus programs
And when is necessary we encrypt hard disk information
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual machines
  • Openstack volumes
Backup controls The user can define a different backup policy for each virtual machine and each volume.
For each backup policy, the user can select:
• The time when the backup will be done (for example 22:00 pm)
• The periodicity of the backup (for example daily)
• The rotation, number of copies to keep.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Service Level Agreement (SLA) we offer on this service is 99,995%, where the Service Availability is calculated according to the following formula:
% Availability = ((Service committed hours) – (Service down hours)) / (Service committed hours)
o Service committed hours: Amount of hours where service infrastructures will be available apart from maintenance windows.
o Service down hours: Amount of hours where service infrastructures won´t be available apart from maintenance windows.
o Availability: Percentage of committed service hours where service infrastructures are available.
This Service Availability is measured each month.
In case of non-compliance with our offered SLA we offer the following Financial Recompense Model:
We apply a discount on next month quota in case of service levels are not meet as follows:
• 5% discount for meeting service level under 95% (measured over last month medium).
• 2% discount for meeting service level under 98% (measured over last month medium).
Approach to resilience Our service is hosted in our Tier IV Data Center design certified by The Uptime Institute. This guarantees a high level of reliability and availability.
We consider for our data center resilience the natural threats (is built considering earthquake, flooding, winds, extreme climatic temperatures, etc), human and security threats (the data center is secure against unauthorized access, vandalism, etc.), environmental threats (multiple power supplies, redundancy communications, redundacy in refrigeration system, fire protection system, etc...) and our ISO 20000 an ISO 27001 certification for Management, Operational and Technical Controls.
More detailed information is available on request
Outage reporting Our service is monitored by different applications. We have monitors that check the status of processes, services, daemons, devices, access, response times, capacity, etc. In case of an outage or incident, the monitoring system automatically generates an alert to our incident managemet system, and informs as well to the customer by email.
Our service desk starts to work on resolution of the incident, and periodically informs the customer about the status of the incident and the expected resolution time.
If during a month the service has had any outages, we send the Customer a report with detailed information about it.

Identity and authentication

Identity and authentication
User authentication
  • Username or password
  • Other
Other user authentication For user authentication is necessary to provide domain, username and password.
Access restrictions in management interfaces and support channels Management interfaces and support channels are only available for users with the right profile and permissions. The user must provide domain, username and password for authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • Username or password
  • Other
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 IQNet and AENOR, Spanish Association for Standardization and Certification
ISO/IEC 27001 accreditation date 21/10/2016
What the ISO/IEC 27001 doesn’t cover We comply with all the requirements of the ISO/IEC 27001 standard
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Spanish LOPD 15/1999 ("Ley Orgánica de Protección de Datos”)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Directive 95/46/EC, which relates to the processing of personal data and on the free movement of data, and the equivalent Spanish Law: “Ley Orgánica de Protección de Datos de Carácter Personal (LOPD) 15/1999”
Information security policies and processes Our security policy aims to protect our information assets against all types of threats, whether internal or external, deliberate or accidental.
Information security is defined as the preservation of the following characteristics:
Confidentiality: it is guaranteed that the information is accessible only to those persons authorized to have access to it.
Integrity: safeguards the accuracy and completeness of information and processing methods.
Availability: It ensures that authorized users have access to the information and related resources when required.

In our Security Policy we define:
• The security policy, where is defined the vision and goals of our Security Management System.
• The security regulations, that are guides to action on which the procedures are based, and that identify at a high level the regulations that should be considered.
• The security process, that develop more specific aspects of the regulations.For example, we have specific security processes for security incident management, Security audits, Risk Assessment, Physical access to the data center. Logical access, etc.
If the security policies are not followed, any premeditated or negligent violation of the security policies and norms will be sanctioned according to the mechanisms enabled by the legal, contractual and corporate regulations.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Service and Data Center operations are ISO 27001 and ISO 20000 certified.
Configuration management process is based in a CMDB. We:
• Registry Configuration Items (CI)
• Control, information and changes to CIs, so we maintain the state and the lifecycle of them.
• We implement de audit process of the CIs.
In relation with the change management process, each Request for Change (RFC) is evaluated in a CAB meeting and is assessed for potential impact in each process (capacity, security, business impact, etc…). If change is approved, is scheduled for implementation, and finally a post implementation review is done.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our vulnerability management process includes:
• Determine criticality of the assets, the owners, the frequency of scanning, establishes timelines for remediation;
• The discovery and inventory of assets on the network;
• The discovery of vulnerabilities
• The reporting and remediation of discovered vulnerabilities.
We use EAR / PILAR (Environment for the Analysis of Risk) for assess potential threats to our services
We get information about potential threats from INCIBE (Spanish National Cybersecurity Institute), CCN-CERT (Spanish national cryptological center) and vulnerabilities reports and patches information of our assets providers.
For critical threats we deploy a patch as soon as possible.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We continually scan our infrastructure and systems looking for unusual patterns of behaviour. We use Intrusion Detection Systems for detect and automatically alert us about potential compromises.
This alert are managed by our 24x7 Security Operating Centre (SOC) that can respond in a few minutes to an incident.
We have an Intrusion Prevention System and for the rules and configuration we have made it responds immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our incident management process is under the ISO 20000 certification. The objective is to restore the service as soon as possible.
Incident management is based on a ticketing tool that allows us to record, classify, escalate, manage the state and manage SLAs compliance.
Our Service Desk is a three level support team. We have pre-defined processes and Incident Management Work Instruction that are step by step instrucctions for common and known incidents and for workarounds.
We provide monthly incident reports to the customer by email.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider KVM
How shared infrastructure is kept separate Our service is based on Openstack, so we use the different Openstack modules for share the different physical resources: KVM virtualization for virtual machines, that permit us share physical server resources, Neutron for share network resources, etc...

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £0.15 to £3.60 per unit per hour
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑