Rackspace Managed UKCloud (up to OFFICIAL-SENSITIVE)
Rackspace's fully managed and accredited service allows you to make the most of the flexibility and security of UKCloud’s IaaS and PaaS cloud platforms. Rackspace's solution is based on a proprietary, secure management environment, which is fully PSN accredited to allow support up to a handling guidance of OFFICIAL-SENSITIVE.
- On demand solution - billed hourly for the resources used
- Solutions aligned to your applications and workloads
- A range of service levels, VM sizes and licensing options
- Dedicated and accredited support environment tailored to customer security requirements
- Supported by UK-based SC and NPPV cleared personnel
- Fully compliant with NCSC 14 Cloud Security Principles
- Connect via the PSN, PNN or RLI
- Platform resilience: two UK data centres separated by over 100km
- Based on enterprise grade systems from VMware, Cisco and EMC
- 24x7x365 manned helpdesk and service monitoring
- Enable cost savings by controlling VM power states
- Access the skilled resources you need, when you need them
- Use Rackspace support to get the best from your applications
- Align your organisational requirements with your IT spend
- Design solutions with confidence that applications and services remain available
- Create compelling citizen facing services, whilst ensuring data remains safe
- Strengthen your access and authorisation capabilities
- Choose cloud solutions aligned with NCSC best practice
- Access a range of connectivity options
- Use known technologies to de-risk your cloud transition
£2000 per unit
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Terms and conditions
- Modern Slavery statement
Management up to and including the OS is mandatory. Management up to the hypervisor only is not permitted.
Customers must prove compliance with the access requirements of private networks.
Planned maintenance windows are identified in the service description.
Emergency maintenance windows are identified in the service description.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Priority One incidents are responded to within 15 minutes of the incident being logged, 24 hours a day, 7 days a week. Incidents are logged either by phone, email or the automated monitoring of infrastructure and applications.
Full details of the service response targets for incidents, changes and requests can be found in the terms and conditions.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
Rackspace's support model is all-inclusive and untiered. We offer the same level of service to every customer. Our core customer engagement principle is to be ‘Easy to Work With’. This culture is most visible in our Operations Centre, where specialist teams work closely together with a shared understanding of our customer’s drivers and their required outcomes.
This is achieved by the following alignment structure:
> Account Team (Lead): Our Planners and Thinkers
• This team is responsible for understanding and communicating the required customer outcomes to the rest of the Rackspace business and is accountable for maintaining the partnership between the customer and Rackspace.
> Service: Our Deliverers and Analysts
• This team is responsible for managing the delivery of customer outcomes that have been set during the discovery, analysis and design phases. The service team are responsible for ensuring the customer's sevice experience meets expectations throughout live service.
> Operations: Our Engineers and Explorers
• This team is responsible for maintaining and accelerating the delivery of our customer outcomes through deep technical specialisms combined with a thorough understanding of the customer's business.
|Support available to third parties||Yes|
Onboarding and offboarding
Rackspace has extensive experience of on-boarding customers into a UKCloud secure environment. The standard on-boarding process consists of a series of customer workshops where all relevant customer requirements are defined, including network connectivity required for an initial data migration. Rackspace will work with the customer service team to balance risk and cost to meet required timescales and minimise impact to the customer’s business.
Rackspace’s service management team will develop customer specific support ‘runbooks’ that will define the customer’s environment, relevant contacts and any specific service requirements related to the daily management of a customer’s workload. During the actual on-boarding process, a customer will be assigned a dedicated service delivery manager who will ensure that the transition plan is managed and delivered as agreed.
The SDM will enrol customer staff and provide training in the use of the UKCloud portal, either directly or using Rackspace lead engineers who are trained in supporting UKCloud workloads. This training can be conducted via webex calls for large numbers of users or via onsite face-to-face training if that is more suitable.
|End-of-contract data extraction||
Users can extract their data across the network via VPN or other secure network protocol. Snapshots of virtual machine images can be provided if required which can then be transferred across a secure link.
In the event you require a live migration of virtual machines or database data, replication services may be configured, subject to analysis by Rackspace, which may incur additional costs.
Design and service documentation is located on the Rackspace portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
If you feel the need to switch providers, we will work with you to expedite the off-boarding of your services to another environment. Rackspace’s solutions are all based on standardised infrastructure and software, with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete.
As standard, Rackspace will provide secure access to third parties to extract your data and application configurations to help you get applications up and running in the target environment. In the event you require a live migration of virtual machines, and assuming the target is supported by the replication software, additional replication services may be available at an additional cost.
Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and cutover of services to the new provider are aligned precisely to your requirements.
Using the service
|Web browser interface||Yes|
|Using the web interface||
Users can create and manage incidents, changes and requests through the Rackspace portal.
Customer documentation is stored on the portal, allowing customers to view service reports, design documentation and invoices.
Customers can create and remove users of the portal for their organisation and adjust the type of user account they have.
Rackspace can provide access to the UKCloud portal delivering enhanced functionality through a control panel allowing users to provision, manage and decommission various aspects of this service. It also allows users to interface with the UKCloud service management system including raising tickets and requests. The web interface also provides access to a comprehensive set of documentation and videos. Launch, manage and delete virtual network, compute and storage resources. Display network topology. Manage images including creation and recover of backups. Control access and security including key pairs, API access and floating IPs. Manage load balancers.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||No specific web interface technology testing has been undertaken with assistive technology users, however good practice development methods have been used to optimise the end user experience.|
|Web interface accessibility testing||No specific web interface technology testing has been undertaken with assistive technology users, however good practice development methods have been used to optimise the end user experience.|
|What users can and can't do using the API||You can use API calls to create, manage and monitor Service Requests and view information about the components of your environment. Rackspace can provide native access to underlying APIs such as vCloud and OpenStack. These are compatible with tools such as Terraform and platforms such as AWS S3.|
|API automation tools||
|Command line interface||No|
|Independence of resources||In order to guarantee that users are not affected by the demands from other users, Rackspace architects the UKCloud solution in line with the requirements of your application and users. We also have the ability to use resource reservations and shares such as internet bandwidth shaping. In addition, the Rackspace capacity planning team will work closely with the UKCloud capacity team to ensure that usage in terms of all resources are constantly monitored and increased accordingly relating to user demand.|
|Infrastructure or application metrics||Yes|
|Supplier type||Reseller providing extra support|
|Organisation whose services are being resold||UKCloud|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||Encryption services can be tailored to meet customer requirements and will be defined at the service design phase of the engagement.|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Backup schedules and file or folder inclusions/exclusions are agreed with the customer at the point of contract and an appropriate schedule is documented and implemented as part of the onboarding process. If the customer requirements change, a ticket can be logged to amend the schedule. The appropriate customer documentation will also be updated.
Backup success is reported on a regular basis in the Service Reports provided to the customer. Any backup failures are retried the next day and failure records are reported to the customer.
|Scheduling backups||Users contact the support team to schedule backups|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Approach to resilience||The service is deployed across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware). Rackspace will work with customers to implement solutions with the appropriate resilience, which will mean their workloads spans multiple sites, regions or zones to ensure service continuity should a failure occur.|
The Rackspace portal details scheduled maintenance, outages and incidents affecting multiple customers.
In the event of an incident, nominated contacts for each customer, as documented in the operational run book, are notified and updated at least every 60 minutes of the progress towards resolution of the issue.
Technical Escalation Managers are also deployed onto customer incidents depending on severity, who take ownership of resolution outcomes and provide a central point of contact for all comms.
Identity and authentication
|Access restrictions in management interfaces and support channels||Access is limited via a secure two -factor authentication method, using 'least privilege' access to systems. Customers can log tickets via email or telephone and all initial interactions are security validated against a list of known email addresses, persons, telephone numbers and security information. Rackspace performs all management through Secure Management Environments (SME). This is a walled garden approach to customer identity management. An engineer must first provide a username & FIPS 104-2 compliant one time password (OTP) combination, then valid active directory password associated with the users lowest level account. All customers can use their own authentication source.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI (certificate number: IS 636168)|
|ISO/IEC 27001 accreditation date||21/10/2018 (expires 20/10/2021)|
|What the ISO/IEC 27001 doesn’t cover||Anything above the Hypervisor is not covered by the Rackspace ISMS. Rackspace use a shared security model to ensure all parties are aware of their responsibilities and agree how to manage risk.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||PSN Service Provider, Cyber Essentials +|
|Information security policies and processes||
In order to protect both ourselves and our customers, we have invested in maintaining core security certifications for ISO 9001, ISO 27001, Cyber Essentials and PSN Service Provider. The Rackspace Executive Team are committed to providing a robust framework that prioritises security across our business. The board have recognised Information Security and Cyber Security are vital to the protection of any organisation’s key assets and supporting the global digital economy. Security risks, requirements and controls are primarily designed around the CIA Triad, which relates to Confidentiality, Integrity and Availability.
Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements. As we are fully certified in both ISO27001 and PSN we have robust compliant policies that are regularly audited by ourselves. Policy implementation is measured though metrics which are reported quarterly to the board, direction is then communicated to heads of department for rectification.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Rackspace follow the ITIL definition of change management to provide a standardised method for the management of the risk and impact associated with amending live configuration items. The process covers both Rackspace and customer configuration items.
Changes are categorised as Standard, Normal or Emergency allowing for appropriate due diligence to be performed. The change team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a formal disciplinary process within Rackspace for those who do not follow the change management process.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Rackspace Security regularly carry out vulnerability scans using authorised scanning vendors on external interfaces as well as internal scans using Alien Vault SIEM. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. We closely monitor multiple vendor websites and receive vendor e-mails for patch releases, vulnerability notification or vendor specific warnings. We are also signed up to NCSC CiSP. Notifications of vulnerabilities are distributed to our relevant teams teams who inform our customers. Rackspace use standard patching timeframes of 30/60/90 but for government customers we aim for critical patches within 14 days.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Rackspace utilises the AlienVault Unified Security Management for our protective monitoring solution on our platforms. USM combines five essential security capabilities, Asset Discovery, Behavioural Monitoring, Vulnerability Assessment, SIEM and Intrusion Detection into a single management plane. Rackspace, through AlienVault USM, has a complete view of our estate ensuring the complete integrity of our systems by identifying potentially compromised systems and suspicious behaviour, assess vulnerabilities, correlate and analyse security event data.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Where Rackspace has not acknowledged an issue through proactive monitoring, users can report incidents by phone or email, 24x7, to the service desk. Rackspace follows the ITIL definition of Major Incident prioritisation: Sev 1 Critical - Single Client Total Outage. Sev 2 Major - Single Client Impairment. The Major Incident Management Process is implemented by the Rackspace Operations team with the goal of managing unplanned service interruptions. This includes customer communications (by phone and email) to a defined schedule. The Operations group, specifically the Technical Escalation Manager (TEM) is responsible for initiating and managing the incident reporting process.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||At the compute/storage layer, consumers are separated via robust hypervisor controls based on VMware vSphere technology. This solution has been previously been validated by the NCSC PGA and the implementation is regularly tested via by regular PGA scoped independent IT Security Health Checks conducted by a CHECK service provider.|
|Description of energy efficient datacentres||
With reference to the EU Code of Conduct (CoC) Best Practices, Rackspace’s strategy’ for energy management is broadly as follows:
1. Airflow Management (segregation of air masses - blanking panels, identification & fixing of leaks, closing cable access holes in floors, hot/cold aisle configuration, hot/cold aisle containment systems, etc.)
2. Cooling System Efficiency (installation of VSDs to CRAC/CRAH fans & pumps, utilisation of free cooling, optimisation of data floor & chilled water temperatures, addressing customer temperature SLAs, etc.)
3. Capital Plant Replacement (Energy efficient Chillers & free cooling solutions, energy efficient CRACs/CRAHs, modular & efficient UPS, LED lighting and generally utilising best available technology, etc.)
Rackspace''s DC facitilies partner is certified to ISO 50001 Energy Management System guidelines which is accepted as meting the EU CoC on energy efficiency.
|Price||£2000 per unit|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Rackspace will work with organisations to create custom proof of concept based on mutually agreed criteria.
Typically this would be an MVP to 'prove before you use', limited to 2-4 weeks with clear scope and involve a limited size network.
Large scale data migrations.