Virtustream UK Limited

Virtustream Enterprise Cloud

Virtustream Enterprise Cloud is an Infrastructure as a Service cloud hosting platform designed for enterprise-class applications.


  • Availability and performance SLA's
  • Application and data security
  • Development and flexibility
  • Application flexibility
  • Reliability and resilience
  • Manageability
  • Interoperability
  • Compliance certifications and authorizations
  • Performance assurance
  • Comprehensive security


  • High availability
  • Disaster recovery
  • Consumption-based pricing
  • Dedicated VLAN's
  • Tenant isolation
  • Critical application migration
  • Managed services from infrastructure to application
  • Increased reliability
  • Data replication


£0.07 per gigabyte

Service documents

G-Cloud 10


Virtustream UK Limited

Mirjana Pejic


Service scope

Service scope
Service constraints There a no known constraints.
System requirements
  • Support wide array of OS, platform, and software
  • Support x86 and VMware hosted platforms

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Virtustream's Global Service Desk is available 24 hours a day, 7 days per week.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Virtustream offers a range of SLAs and SLOs for the IaaS and Application Managed Service as follows:

* IaaS availability up to 99.999%
* SAP application availability up to 99.90%

The cost of the SLAs is inherently built into the cloud solution models being proposed. For example, customers with DR in the non-internet facing zones will have higher SLAs i.e. availability SLAs are directly linked with the solution design.

Technical Account Managers are aligned with all services and the support is available on a tiered service model of Base, Silver, Gold and Platinum.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started After the Planning, Setup and Implementation, Migration, and Service Transition work streams are complete, Customers and Virtustream will review the project against the success criteria that was defined during the kickoff, and discuss project feedback. The documentation and knowledge transfer information that was created during the project phases are made available to the applicable ongoing Service Operations team. The Virtustream project team will provide readiness support to the ongoing Service Operations team, in advance of the service go-live to ensure that the operational runbook and ongoing management needs are understood. The understanding of the operational runbook is paramount in ensuring successful ongoing service delivery. On signoff and commencement of service go-live, the Virtustream project team will remain involved as part of an incubation period to ensure that the service has been transitioned successfully. At the end of the incubation period, the customer and Virtustream will do a final signoff on completion of the project so that the live systems/environments can be supported by the ongoing management teams.

Training is delivered is a verity of ways depending on the customers needs. This can be online, via webex or classroom based.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Virtustream’s contract separation services are typically outlined in a Statement of Work (SOW) after engagement. Transition services address terms pertaining to equipment, data and resource termination. Examples of services that can be addressed in an SOW are listed below.
Data Disposal. After securely returning data to the customer, any data that remains after a contract comes to termination will be located and destroyed and rendered irretrievable. The disk repetitive overwrite process will be used as described by NIST 800- 88 Rev.1. This process also applies to laptops used to process customer data.
Data Ownership. Throughout the contract terms, the customer retains data ownership of data on its systems hosted on the Virtustream platform. In the event of contract termination, the customer can request a transfer of its data to its new target environment.
Data Availability. In the event of a contract termination, data will be available to the customer based on the specific technical requirement (e.g., data transfer in-house to the customer or another service provider using existing network connections, NAS device). Virtustream can provide a OVM image too.
End-of-contract process At a high level, the exit process will include:
Data Disposal. After securely returning data to the customer, any data that remains after a contract comes to termination will be located and destroyed and rendered irretrievable. The disk repetitive overwrite process will be used as described by NIST 800- 88 Rev.1. This process also applies to laptops used to process customer data.
Data Availability. In the event of a contract termination, data will be available the customer based on the specific technical requirement.
System Relocation. When the contractual period comes to the end or is terminated, both parties will agree a reasonable period of time to allow the systems to be moved to a new location. At the point that it is agreed that the systems should be shut down, Virtustream will give the customer access to the data for an agreed period of time.
Confidential Information. Upon termination of the SOW, Virtustream shall cease performance of the Services and the customer shall cease use of the Cloud Services and each party shall promptly return any Confidential Information of the other party in its possession.

Using the service

Using the service
Web browser interface Yes
Using the web interface Virtustream xStream Cloud Management Platform provides an interface and orchestration tool that allows users to monitor and manage their virtual machines and storage through a “single pane of glass.” Multiple sites and different types of clouds are viewed from a single unified dashboard. xStream provides visibility into the consumption of resources throughout the customer's cloud. The web interface allows users to managed VMs as follows:
Power On VMs
Power Off VMs
Suspend VMs
* Clone VM
* Shut Down OS
* Standby VMs
* Reboot VMs
* Delete VMs
* Edit VM Instance
* Snapshots VMs
* Create a Snapshot
* Delete a Snapshot
* Revert to Snapshot
* Convert to Template

The xStream scheduling function allows a tenant to automate their VM operations, consumption management, and availability according to a predefined schedule.
Web interface accessibility standard None or don’t know
How the web interface is accessible The xStream Portal allows customer to access their tenant space. Within the portal customers can view cloud resources, generate consumption reports to align with billing, transfer files, create OS images, customize their OS, add VM instances, manage their VM instances to include managing NICs, manage hard disks, manage snapshots, and migrate VM's. Virtustream shall provide an xStream Portal User Guide to all customers who wish to use the portal.
Web interface accessibility testing The xStream portal does not have assistive technology at this time.
What users can and can't do using the API An API (application programming interface) is available for customers seeking to integrate with the Virtustream xStream Cloud Management Platform. Customers using the APIs benefit from controllability and configurability without having to recode their applications specifically for Virtustream. The xStream API is based on standards such as HTTP (Hypertext Transfer Protocol), JSON (JavaScript Object Notation), and publicly available encryption algorithms.
Every action in the xStream portal consists of one or more calls to the xStream API. That means that every portal function is available programmatically through the API. This provides an option to automate functions via the API that they would otherwise perform manually through the xStream user interface.
The xStream API strives to remain RESTful and is consistent throughout each call. Every call is made through HTTP to a URI (Uniform Resource Identifier) using one of the verbs GET, POST, PUT, and DELETE. Each call then returns a response in the format of the caller’s choosing, which can be JSON or XML.
API automation tools
  • Ansible
  • SaltStack
  • Puppet
  • Other
API documentation Yes
API documentation formats PDF
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Virtustream's customers are logically separated into unique tenant spaces. Each customer's VLAN is dedicated to their firewall context and is not ported to any other customer. A customer's WAN connection to the Virtustream boundary is solely used for their tenant space.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • IaaS data
  • OS Data
  • Database Data
  • VMs
Backup controls The Virtustream service offering includes different tiers of back-up and frequency of these back-ups. The standard is:
· Production /Mission Critical Storage: Backup once weekly with daily incremental backups. SAP HANA databases are backed up daily.

· Non-production Storage: Backup once weekly with daily incremental backups.

· Database Logs: Backups every two to four hours.

· Large backups (e.g., >5 TB) that cannot be completed during the standard backup window (e.g., >12 hours between 6 pm – 6 am local time) will be considered on an individual customer basis.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Virtustream's typical SLA's are and RTO of two (2) hours and and RPO of fifteen (15) minutes. Virtustream can adjust the SLAs per customer if mutually and contractually agreed upon.
Virtustream offers a range of SLAs and SLOs for the IaaS and Application Managed Service as follows:

IaaS availability up to 99.999%
SAP application availability up to 99.90%

If the SLAs are exceeded, customers are refunded via charge back credits as contractually agreed upon.
Approach to resilience Available upon request.
Outage reporting Virtustream notifies customers directly through the contracted notification method. Typically, customers are alerted by email. If necessary, Virtustream will set up a conference call with customers to support them through the outage. All outages will have a root cause analysis and after action review report available.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Virtustream's customers are responsible for their access control within their tenant space. Virtustream restricts access within the management zone to approved, privileged users. Virtustream privileged users are required to authenticate with unique username, password, and two factor authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 A-lign
ISO/IEC 27001 accreditation date 4/3/2016
What the ISO/IEC 27001 doesn’t cover Physical media transfer above the hypervisor within the customer zone. Outsourced development. Regulation of cryptographic controls.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification A-lign
PCI DSS accreditation date 6/4/2018
What the PCI DSS doesn’t cover FedRAMP and ITAR cloud services.
Other security certifications Yes
Any other security certifications
  • ISO 27001/27017/27108
  • SSAE18/SOC2/SOC3
  • ISO 9001
  • ISO 22301
  • NHS/N3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Virtustream has a security incident response process in place. Virtustream's incident response notification to customers is in accordance with what is mutually and contractually agreed upon. All Virtustream employees are required to adhere to Dell/EMC Technology policies where its applicable to corporate network operations. All Virtustream employees who are privileged users within the commercial management zone that supports GOV.UK are required to adhere to the ISO 27001 information security policies.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to the Virtustream IaaS are required to pass through the change control board prior to implementation. All changes are tracked through the Virtustream ServiceNow ticketing system. All changes are assessed and reviewed for operational and security impact on the customer zone and the management zone.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Virtustream performs weekly vulnerability scanning. Virtustream applies patches to affected systems according to the PCI DSS standard. Critical and high vulnerabilities are patched within thirty (30) days (unless vendor/operational dependent) and moderates are patched within sixty (60) days (unless vendor/operational dependent). Virtustream's Security Intelligence Operations Center uses over thirty (30) industry recognized threat feeds to analyze threats to the Virtustream IaaS.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Virtustream maintains a comprehensive set of rules regarding event notifications, and we monitor these notifications 24x7. It is Virtustream’s responsibility to ensure that alerts/event triggers associated with the Infrastructure as a Service (IaaS) platform – up to the hypervisor stack – are managed internally by Virtustream as part of the core IaaS offering. There are several hundred parameters that are monitored on the IaaS platform that can trigger notifications or alerts. For example, notifications or alerts are configured for capacity, security, availability, environmental conditions, status of configuration items (CI), normal activity, and more.
Incident management type Supplier-defined controls
Incident management approach Virtustream following ITIL best practice for incident management. The Virtustream ITSM ticketing system is used to track (including report) the status of the ticket, escalate it to a higher support level if necessary, and close out the ticket with the initiator once the request is resolved. The Virtustream ITSM ticketing system tracks the service level performance, records the time elapsed, notifies the informed parties, and allows the solution provided and the closure status of the ticket to be recorded. Furthermore, the Virtustream ITSM ticketing system archives ticket data for historical analysis.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Tenant isolation is provided by individual VRFs and VLAN segmentation.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £0.07 per gigabyte
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑