Private Cloud powered by OpenStack
Suitable for OFFICIAL and may satisfy more stringent requirements. Compute and storage private cloud based on OpenStack software. Provides a stable and supported code distribution, operational support services and published hardware reference architecture. Can be deployed at a Rackspace/customer/partner data centre.
Features
- Scales to over 200 nodes
- Industry-leading 99.99% API uptime guarantee
- High availability derived from a four server control plane
- Deploy in Rackspace, Customer or partner data centres
- Based on open source software, no vendor lock-in
- Built-in automation (Director) for deploying infrastructure
- Optional Hybrid Cloud capability to securely connect with Public Cloud
Benefits
- Unlimited 24x7x365 access to our support engineer teams
- Trusted advice from the OpenStack Founder and Platinum member
- 24x7 monitoring and management of your account
- Proactively monitor and maintain the health of your private cloud
- 15-minute live response time guarantee to emergency tickets
- Nominated Account Manager
- Architecture Advisors for designing customised private cloud environment
- Automate the services and applications by OpenStack Orchestration (Heat)
Pricing
£185 a server a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
2 4 2 9 5 4 8 2 0 9 9 2 2 0 7
Contact
Rackspace Ltd
UK Public Sector Sales
Telephone: +44 (0)208 734 8107
Email: ukpublicsector@rackspace.com
Service scope
- Service constraints
- OpenStack Private Cloud solutions have designed around a ‘Reference Architecture’ which is a tried and tested design in production with hundreds of successful deployments. The Reference Architecture ensures a stable platform which can be fully supported and upgraded with minimal to no downtime. To achieve this the OpenStack Projects which can be deployed are carefully selected so not all of the available projects within the OpenStack eco-system are available. Rackspace is continually assessing each project and as they reach a suitable maturity level they are included into our Reference Architecture.
- System requirements
-
- Underlying Operating Systems is Red Hat Enterprise Linux 7
- Networking needs to be 10GB
- Networking needs to be highly available
- Physical HA Firewalls and Load Balancers are required
- Each server requires 4x10 G network ports
- All hardware needs to be certified on RHEL 7
- All storage servers require combination of SAS and SSD hard-drives
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Up to minimum 15 minutes, max 4 hours depending on severity of support request and service level.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Rackspace Private Cloud Powered by OpenStack is backed with our results-obsessed service known as Fanatical Support. From initial design to ongoing management of your production environment, we manage your cloud so you can focus on your core business. Below is the support team who deliver ongoing service and support for your cloud.
Dedicated account manager: Possesses an in-depth knowledge of your environment and serves as your “go-to” resource for questions, issues or planning needs for your cloud (e.g., expanding, upgrading).
Deployment engineer: Manages the implementation process for your environment from contract to cloud deployment.
OpenStack administrator: Performs technical deployments within Rackspace or customer data centres, including the installation and configuration of the chosen OpenStack projects into the environment created by the deployment engineer.
OpenStack architecture advisor: Provides workload-specific guidance for planning, designing and architecting a private cloud environment to meet your unique needs.
OpenStack support engineers: Deliver 24x7x365 support from certified experts in managing and operating OpenStack clouds. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Customers have 24x7 access to our skilled engineers whenever you need them. We can provide architecture advice, security guidance and code development assistance. Training is typically delivered via phone / web conference and we have a comprehensive library of Knowledge Centre and Developer articles.
Rackspace provides a suite of Enablement Services for RPC, which aim to help you realise the full potential of your private cloud by helping you accelerate your cloud adoption, modernize your applications, and optimise your environment. Our enablement services include Application Modernisation, Agile Methodology, Big Data, Authentication & Federation and Cloud Optimisation. For more information, please refer to:
http://www.rackspace.co.uk/cloud/private/openstacksolutions/enablement
(If chosen, Enablement Services would be charged at an additional fee.) - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data stored on Block Storage Volumes associated with VMs can be easily exported and downloaded using the OpenStack APIs or Graphical User Interface. If Object Storage (Swift) is deployed, all data can be directly accessed via HTTP(S) and easily extracted from the system. If any custom deployment images have been created, these can also be easily exported via APIs or GUI.
- End-of-contract process
-
At the end of the contract, it will automatically roll over to monthly cycle contract unless customer gives one month notice to terminate or renew their contract. In case customer is hosted in their own DC using our open source private cloud, customer can terminate Rackspace support without any impact on their hosting infrastructure avoiding any vendor lock in.
In case customer wishes to terminate their contract, Rackspace agrees to plan, cooperate and provide exit assistance in good time to achieve a smooth transition of services with minimal disruption customer’s operation and to continue to provide the services until transfer is complete.
Additionally, RPC provides a build, operate, transfer (B.O.T.) model for customers wishing to eventually self-operate their private cloud. Leveraging this model is highly customized.
Using the service
- Web browser interface
- Yes
- Using the web interface
- You will have access to OpenStack Horizon dashboard, a simple easy to use GUI enabling access to common OpenStack features.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface can be accessed via https or VPN.
- Web interface accessibility testing
- No testing with users of assistive technology has been completed.
- API
- Yes
- What users can and can't do using the API
- RPC uses the native OpenStack APIs and exposes the full features. More information is available at :http://developer.openstack.org/api-guide/quick-start/
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- Other
- Other API automation tools
- OpenStack Heat
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- All the OpenStack functionality can be accessed by CLI.
Scaling
- Scaling available
- Yes
- Scaling type
- Manual
- Independence of resources
- It is a private cloud offering with no shared infrastructure components among various customers and therefore will not impact with other users demands.
- Usage notifications
- Yes
- Usage reporting
-
- API
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- OpenStack Service Availability
- Underlying Service Status
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Data Encryption is implemented as per the customers requirements.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Complete VMs Images, VM Snapshots or individual Block Storage Volume
- Swift Object Storage has the ability to automatically replicate
- Host OS backups
- OpenStack Control Plane Node backup
- Backup controls
- Users can leverage the OpenStack APIs to gain full granular control of backups down to individual volume level. External automation is used to trigger the APIs calls into the system, and these can originate from external management systems, or from VMs running within the cloud. Users can request Host OS and Control Plane backup schedules.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Below are the availability SLAs: -Power: A/C power to the outbound port on your serving PDU will be available 100% of the time. -Network: The data centre network will be available 100% of the time in a given month. -1 Hour Hardware Replacement: Rackspace will repair or replace failed hardware components that we provide at no additional cost, and within an hour of identifying the problem. -Support Request Response Times : As part of intensive service level, Rackspace provides 15 minutes response time SLA for emergency upto 4 hours for standard priority tickets.
If you purchase OpenStack Support or RPC Red Hat Support, then we guarantee any given Rackspace Private Cloud Control Plane will have 99.99% Monthly Availability. - Approach to resilience
- Rackspace Private Cloud is designed from the ground up to be highly available. The control plane is distributed across three physical controllers which all run a copy of every OpenStack API. Configuration data is stored in a multi-node database again with at least three copies of the data. All networking is n+1 with dual NICs in every server and HA switches. Storage sub-systems such as Ceph and Swift are designed to handle failure of multiple nodes with no loss of data. Rackspace offers a 100% uptime guarantee for the underlying network within our own data centres, and a 99.99% uptime guarantee for the OpenStack API layer.
- Outage reporting
- Following a major incident, a customer may request an Incident Report from the Rackspace Service Delivery Manager. This report will be delivered via email and contains a summary of the events that occurred, along with a root cause analysis and preventative actions.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Rackspace access control policies based on the principles of ‘least privilege’ and ‘segregation of duties.’
Customer solutions reside on their own dedicated VLAN. Rackspace administrative access to dedicated customer solutions is performed via the Bastion Servers, which act as segregation points between the Rackspace corporate network and the customer environment. Access via the Bastion Servers is subject to stringent logging controls. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 21/03/2016
- What the ISO/IEC 27001 doesn’t cover
- Software development controls are excluded and some international office space is not in scope.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Protiviti
- PCI DSS accreditation date
- 03/09/2016
- What the PCI DSS doesn’t cover
- N/A
- Other security certifications
- Yes
- Any other security certifications
-
- HIPAA Compliance is obtainable
- FISMA Compliance is obtainable
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- Other
- Other security governance standards
- PCI-DSS Level 1 Service Provider.
- Information security policies and processes
- Rackspace’s Leadership Team has assigned lead responsibility for information security to the Chief Security Officer. The Chief Security Officer has reviewed and approved the information security management system (ISMS), which demonstrates the commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS. The Chief Security Officer collaborates with Rackspace Legal to monitor compliance with all local, state, and federal laws and regulations that apply to Rackspace. Rackspace has documented policies which meet the recommendations of the ISO27001 standard (including an Information Security Policy).The Rackspace Information Security Policy is reviewed at least annually or as a significant change occurs to ensure its continuing suitability, adequacy, and effectiveness. Supporting policies include: -Global Rackspace Corporate Information Security Policy -Global Organization of Corporate Information Security Policy -Management of Information Security Incidents Policy -Global Information Technology Risk and Compliance Policy -Global Business Continuity Policy -Global Supplier Relationship Management Policy -Global Communication Security Policy -Global Operations Security Policy -Global Physical Security Policy -Global Access Control Policy -Global Asset Management Policy -Global Vulnerability Management -Global System Acquisition Development and Maintenance Policy -Global Cryptography Policy Policies and processes are audited internally and externally by an independent assessor.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- CORE is Rackspace proprietary hosting automation platform, to facilitate change control with the provisioning, changing, and scaling of customer’s hosting environment. CORE centralises all information about customer and their hosting configuration and manages all change related tasks and communication. CORE seamlessly assigns work across Rackspace resources for issues that require multiple teams to troubleshoot, and by carefully controlling changes, we are able to achieve guaranteed uptime and minimise any impact on customer business operations Rackspace utilises a Technical Change Management to control changes to the shared infrastructure. Proposed technical changes are subject to Change Board approval according to defined thresholds.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Rackspace maintains an ISO27001 certified internal vulnerability management programme that includes regular vulnerability assessments of the corporate network intended to identify, assess and remediate technical vulnerabilities. In addition, the PCI Merchant program requires quarterly scans of the internal network for vulnerabilities; remediation follows PCI standard guidelines. Customers can specify the desired frequency to apply patches, however by default: 1) Linux updates are pushed into the Intensive channels once a month. 2) Windows monthly patches are released across three separate weeks.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Rackspace data centers and Network Operations Center (NOC) are manned 24/7/365. Rackspace will implement our “RackWatch” programme, which is our network monitoring service. Numerous monitoring levels are available depending on service level and segment. Our experienced technicians will automatically take action in your best interest within agreed support procedures. Please note that the level of alerting and monitoring depends on the service selected. Rackspace will respond via agreed communication channels approved by the customer Rackspace will respond as soon as possible to incidents, at a minimum within agreed SLAs.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Rackspace maintains formal incident response processes concerning both corporate network incidents and incidents affecting customer solutions. Incidents that affect more than one customer or Rackspace operations (Enterprise Impacting) are managed from a centralised tool that provides alerting and escalation paths and procedures, communication procedures and command, control and communication across all Rackspace facilities. Rackspace will work with you to institute a formal incident response plan for your environment. Rackspace can optionally provide a dedicated Intrusion Detection Service device with Managed Services for this purpose.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- KVM hypervisor
- How shared infrastructure is kept separate
- It is a private cloud product with no shared infrastructure components.
Energy efficiency
- Energy-efficient datacentres
- No
Pricing
- Price
- £185 a server a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Dedicated trial and demo environments are available for customers for up to 90 days.