This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Virtustream UK Limited are still valid.
Virtustream UK Limited

Virtustream Enterprise Cloud

Virtustream Enterprise Cloud is an Infrastructure as a Service cloud hosting platform designed for enterprise-class applications.

Features

  • Availability and performance SLA's
  • Application and data security
  • Development and flexibility
  • Application flexibility
  • Reliability and resilience
  • Manageability
  • Interoperability
  • Compliance certifications and authorizations
  • Performance assurance
  • Comprehensive security

Benefits

  • High availability
  • Disaster recovery
  • Consumption-based pricing
  • Dedicated VLAN's
  • Tenant isolation
  • Critical application migration
  • Managed services from infrastructure to application
  • Increased reliability
  • Data replication

Pricing

£0.07 a gigabyte

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@virtustream.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

2 1 4 0 4 2 8 4 8 6 1 3 8 4 9

Contact

Virtustream UK Limited Mark Switzer
Telephone: 02075105810
Email: gcloud@virtustream.com

Service scope

Service constraints
There a no known constraints.
System requirements
  • Support wide array of OS, platform, and software
  • Support x86 and VMware hosted platforms

User support

Email or online ticketing support
Email or online ticketing
Support response times
Virtustream's Global Service Desk is available 24 hours a day, 7 days per week.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Virtustream offers a range of SLAs and SLOs for the IaaS and Application Managed Service as follows:

* IaaS availability up to 99.999%
* SAP application availability up to 99.90%

The cost of the SLAs is inherently built into the cloud solution models being proposed. For example, customers with DR in the non-internet facing zones will have higher SLAs i.e. availability SLAs are directly linked with the solution design.

Technical Account Managers are aligned with all services and the support is available on a tiered service model of Base, Silver, Gold and Platinum.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
After the Planning, Setup and Implementation, Migration, and Service Transition work streams are complete, Customers and Virtustream will review the project against the success criteria that was defined during the kickoff, and discuss project feedback. The documentation and knowledge transfer information that was created during the project phases are made available to the applicable ongoing Service Operations team. The Virtustream project team will provide readiness support to the ongoing Service Operations team, in advance of the service go-live to ensure that the operational runbook and ongoing management needs are understood. The understanding of the operational runbook is paramount in ensuring successful ongoing service delivery. On signoff and commencement of service go-live, the Virtustream project team will remain involved as part of an incubation period to ensure that the service has been transitioned successfully. At the end of the incubation period, the customer and Virtustream will do a final signoff on completion of the project so that the live systems/environments can be supported by the ongoing management teams.

Training is delivered is a verity of ways depending on the customers needs. This can be online, via webex or classroom based.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Virtustream’s contract separation services are typically outlined in a Statement of Work (SOW) after engagement. Transition services address terms pertaining to equipment, data and resource termination. Examples of services that can be addressed in an SOW are listed below.
Data Disposal. After securely returning data to the customer, any data that remains after a contract comes to termination will be located and destroyed and rendered irretrievable. The disk repetitive overwrite process will be used as described by NIST 800- 88 Rev.1. This process also applies to laptops used to process customer data.
Data Ownership. Throughout the contract terms, the customer retains data ownership of data on its systems hosted on the Virtustream platform. In the event of contract termination, the customer can request a transfer of its data to its new target environment.
Data Availability. In the event of a contract termination, data will be available to the customer based on the specific technical requirement (e.g., data transfer in-house to the customer or another service provider using existing network connections, NAS device). Virtustream can provide a OVM image too.
End-of-contract process
At a high level, the exit process will include:
Data Disposal. After securely returning data to the customer, any data that remains after a contract comes to termination will be located and destroyed and rendered irretrievable. The disk repetitive overwrite process will be used as described by NIST 800- 88 Rev.1. This process also applies to laptops used to process customer data.
Data Availability. In the event of a contract termination, data will be available the customer based on the specific technical requirement.
System Relocation. When the contractual period comes to the end or is terminated, both parties will agree a reasonable period of time to allow the systems to be moved to a new location. At the point that it is agreed that the systems should be shut down, Virtustream will give the customer access to the data for an agreed period of time.
Confidential Information. Upon termination of the SOW, Virtustream shall cease performance of the Services and the customer shall cease use of the Cloud Services and each party shall promptly return any Confidential Information of the other party in its possession.

Using the service

Web browser interface
Yes
Using the web interface
Virtustream xStream Cloud Management Platform provides an interface and orchestration tool that allows users to monitor and manage their virtual machines and storage through a “single pane of glass.” Multiple sites and different types of clouds are viewed from a single unified dashboard. xStream provides visibility into the consumption of resources throughout the customer's cloud. The web interface allows users to managed VMs as follows:
*
Power On VMs
*
Power Off VMs
*
Suspend VMs
* Clone VM
* Shut Down OS
* Standby VMs
* Reboot VMs
* Delete VMs
* Edit VM Instance
* Snapshots VMs
* Create a Snapshot
* Delete a Snapshot
* Revert to Snapshot
* Convert to Template

The xStream scheduling function allows a tenant to automate their VM operations, consumption management, and availability according to a predefined schedule.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The xStream Portal allows customer to access their tenant space. Within the portal customers can view cloud resources, generate consumption reports to align with billing, transfer files, create OS images, customize their OS, add VM instances, manage their VM instances to include managing NICs, manage hard disks, manage snapshots, and migrate VM's. Virtustream shall provide an xStream Portal User Guide to all customers who wish to use the portal.
Web interface accessibility testing
The xStream portal does not have assistive technology at this time.
API
Yes
What users can and can't do using the API
An API (application programming interface) is available for customers seeking to integrate with the Virtustream xStream Cloud Management Platform. Customers using the APIs benefit from controllability and configurability without having to recode their applications specifically for Virtustream. The xStream API is based on standards such as HTTP (Hypertext Transfer Protocol), JSON (JavaScript Object Notation), and publicly available encryption algorithms.
Every action in the xStream portal consists of one or more calls to the xStream API. That means that every portal function is available programmatically through the API. This provides an option to automate functions via the API that they would otherwise perform manually through the xStream user interface.
The xStream API strives to remain RESTful and is consistent throughout each call. Every call is made through HTTP to a URI (Uniform Resource Identifier) using one of the verbs GET, POST, PUT, and DELETE. Each call then returns a response in the format of the caller’s choosing, which can be JSON or XML.
API automation tools
  • Ansible
  • SaltStack
  • Puppet
  • Other
API documentation
Yes
API documentation formats
PDF
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Virtustream's customers are logically separated into unique tenant spaces. Each customer's VLAN is dedicated to their firewall context and is not ported to any other customer. A customer's WAN connection to the Virtustream boundary is solely used for their tenant space.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • IaaS data
  • OS Data
  • Database Data
  • VMs
Backup controls
The Virtustream service offering includes different tiers of back-up and frequency of these back-ups. The standard is:
· Production /Mission Critical Storage: Backup once weekly with daily incremental backups. SAP HANA databases are backed up daily.

· Non-production Storage: Backup once weekly with daily incremental backups.

· Database Logs: Backups every two to four hours.

· Large backups (e.g., >5 TB) that cannot be completed during the standard backup window (e.g., >12 hours between 6 pm – 6 am local time) will be considered on an individual customer basis.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Virtustream's typical SLA's are and RTO of two (2) hours and and RPO of fifteen (15) minutes. Virtustream can adjust the SLAs per customer if mutually and contractually agreed upon.
Virtustream offers a range of SLAs and SLOs for the IaaS and Application Managed Service as follows:

*
IaaS availability up to 99.999%
*
SAP application availability up to 99.90%

If the SLAs are exceeded, customers are refunded via charge back credits as contractually agreed upon.
Approach to resilience
Available upon request.
Outage reporting
Virtustream notifies customers directly through the contracted notification method. Typically, customers are alerted by email. If necessary, Virtustream will set up a conference call with customers to support them through the outage. All outages will have a root cause analysis and after action review report available.

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Virtustream's customers are responsible for their access control within their tenant space. Virtustream restricts access within the management zone to approved, privileged users. Virtustream privileged users are required to authenticate with unique username, password, and two factor authentication.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
No audit information available
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
A-lign
ISO/IEC 27001 accreditation date
4/3/2016
What the ISO/IEC 27001 doesn’t cover
Physical media transfer above the hypervisor within the customer zone. Outsourced development. Regulation of cryptographic controls.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
A-lign
PCI DSS accreditation date
6/4/2018
What the PCI DSS doesn’t cover
FedRAMP and ITAR cloud services.
Other security certifications
Yes
Any other security certifications
  • ISO 27001/27017/27108
  • SSAE18/SOC2/SOC3
  • ISO 9001
  • ISO 22301
  • NHS/N3

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Virtustream has a security incident response process in place. Virtustream's incident response notification to customers is in accordance with what is mutually and contractually agreed upon. All Virtustream employees are required to adhere to Dell/EMC Technology policies where its applicable to corporate network operations. All Virtustream employees who are privileged users within the commercial management zone that supports GOV.UK are required to adhere to the ISO 27001 information security policies.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to the Virtustream IaaS are required to pass through the change control board prior to implementation. All changes are tracked through the Virtustream ServiceNow ticketing system. All changes are assessed and reviewed for operational and security impact on the customer zone and the management zone.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Virtustream performs weekly vulnerability scanning. Virtustream applies patches to affected systems according to the PCI DSS standard. Critical and high vulnerabilities are patched within thirty (30) days (unless vendor/operational dependent) and moderates are patched within sixty (60) days (unless vendor/operational dependent). Virtustream's Security Intelligence Operations Center uses over thirty (30) industry recognized threat feeds to analyze threats to the Virtustream IaaS.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Virtustream maintains a comprehensive set of rules regarding event notifications, and we monitor these notifications 24x7. It is Virtustream’s responsibility to ensure that alerts/event triggers associated with the Infrastructure as a Service (IaaS) platform – up to the hypervisor stack – are managed internally by Virtustream as part of the core IaaS offering. There are several hundred parameters that are monitored on the IaaS platform that can trigger notifications or alerts. For example, notifications or alerts are configured for capacity, security, availability, environmental conditions, status of configuration items (CI), normal activity, and more.
Incident management type
Supplier-defined controls
Incident management approach
Virtustream following ITIL best practice for incident management. The Virtustream ITSM ticketing system is used to track (including report) the status of the ticket, escalate it to a higher support level if necessary, and close out the ticket with the initiator once the request is resolved. The Virtustream ITSM ticketing system tracks the service level performance, records the time elapsed, notifies the informed parties, and allows the solution provided and the closure status of the ticket to be recorded. Furthermore, the Virtustream ITSM ticketing system archives ticket data for historical analysis.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Tenant isolation is provided by individual VRFs and VLAN segmentation.

Energy efficiency

Energy-efficient datacentres
Yes

Pricing

Price
£0.07 a gigabyte
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@virtustream.com. Tell them what format you need. It will help if you say what assistive technology you use.