IBM United Kingdom Ltd

IBM Private Cloud, PureApplication Service (PaaS for OFFICIAL)

IBM PureApplication Service is a Private Cloud Platform as a Service (PaaS) offering allowing complex applications and middleware to be deployed to IBM's SoftLayer cloud platform. Supported workloads include x86 Red Hat Linux and Windows applications, using a variety of IBM and non-IBM middleware components and platforms.

Features

  • Hybrid Cloud deployment of complex middleware and applications
  • Pattern based approach. Automated application topology blueprints
  • Dedicated Off-Premises Cloud Infrastructure as standard on SoftLayer
  • Accelerated deployment of complex software
  • One pattern deploys anywhere: On-Premises, Off-Premises, or Hybrid
  • Native cloud implementation
  • Supports Open Standards: Chef, Docker and others
  • Provides automated scaling, load balancing, upgrading and patching
  • Provides embedded system monitoring
  • More info: http://www-03.ibm.com/software/sla/sladb.nsf/sla/sd-6547-05

Benefits

  • Hybrid Cloud deployment of complex applications and middleware
  • Accelerated delivery of applications
  • Consistent and repeatable deployment of software
  • Reduction of risk in complex software deployment
  • Reduction of risk in complex software upgrade and patching
  • Cost reduction of deploying and running complex applications to Cloud
  • Investment protection. On-Premises and Off-Premises use the same pattern
  • Open Standard. Docker, Chef and other standards supported

Pricing

£7457.00 per unit per month

Service documents

G-Cloud 9

300764319250092

IBM United Kingdom Ltd

Jason Dymott / Sam Gilbert

+44-07753-829879 (Office)

gcloud@uk.ibm.com

Service scope

Service scope
Service constraints - The underlying technology of IBM PureApplication Service is x86
- IBM PureApplication Service is hosted on IBM’s SoftLayer Data Centers (http://www.softlayer.com/data-centers)
- IBM PureApplication Service is accessed through VPN or Direct Link connection (see also Data-in-transit protection section)
Planned maintenance is performed within IBM’s SaaS terms: http://www-03.ibm.com/software/sla/sladb.nsf/sla/dsp (See also Availability and resilience section)
System requirements Only a workstation and a browser are required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times IBM provides support through Service Requests. Response SLAs vary depending on the severity level that customers assign to the request:
1 - Critical: Within 1 hour
2 - Significant: Within 2 business hours
3 - Minor: Within 4 business hours
4 - Minimal: Within 1 business day
More details: https://www-304.ibm.com/support/customercare/sas/f/handbook/getsupport.html
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels IBM provides support through Service Requests at no charge. Response SLAs vary depending on the severity level that customers assign to the request:
1 - Critical: Within 1 hour
2 - Significant: Within 2 business hours
3 - Minor: Within 4 business hours
4 - Minimal: Within 1 business day
More details: https://www-304.ibm.com/support/customercare/sas/f/handbook/getsupport.html
On top of the Service Requests support, paid engagements can be scoped and priced based on customers’ need.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Full documentation is available here: https://www.ibm.com/support/knowledgecenter/SSNS6R
IBM also organises Proofs of Technology and PureApplication Pattern workshops at no cost for buyers.
In addition to that, training courses and tailored engagements are available at a charge.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The client has full access to their data throughout the terms of their contract. The client is solely responsible for retrieving and backing up their data prior to the end of the contract.
End-of-contract process At the end of the contract the system will be de-provisioned and all client-related data will be properly disposed. No additional service is included in the price of the contract.

Using the service

Using the service
Web browser interface Yes
Using the web interface The PueAppllication Service Console is a unified interface that provides management and administration for PureApplication Service. All operations around pattern creation and deployment, workload management, monitoring, administration and maintenance are available through the console. The console provides a number of common scenarios and tools that customers can work with. The scenarios and tools that are available to each individual depend on their user role and permissions.
Web interface accessibility standard None or don’t know
How the web interface is accessible IBM software uses the latest W3C Standard, WAI-ARIA 1.0, to ensure compliance with US Section 508 and Web Content Accessibility Guidelines (WCAG) 2.0.
Web interface accessibility testing Interface testing is performed with IBM AppScan Enterprise, which conforms to the above standards.
API Yes
What users can and can't do using the API All functionality exposed through the browser console is also accessible through RESTful APIs and a Command Line Interface. An exhaustive list can be found here:
- https://www.ibm.com/support/knowledgecenter/SSNS6R_2.2.2/doc/rest/rat_overview.html
https://www.ibm.com/support/knowledgecenter/SSNS6R_2.2.2/doc/cli/cct_usingcli.html

IBM PureApplication is a Private Cloud Platform as a Service (PaaS) offering allowing complex applications and middleware to be deployed and orchestrated to IBM's SoftLayer cloud platform. As such, the PureApplication technology provides its own set of automation and orchestration tools for workload deployment and post-deployment operations. The PureApplication technology also supports Chef and Puppet out of the box, and exposes standard RESTful APIs that can be used to integrate with other orchestration technologies. More information about the REST API can be found here: https://www.ibm.com/support/knowledgecenter/SSNS6R_2.2.2/doc/rest/rat_overview.html
API automation tools Other
Other API automation tools
  • See above
  • Maestro framework: proprietory technology providing orchestration and post-deployment automation.
API documentation Yes
API documentation formats
  • HTML
  • PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface All operations around pattern creation and deployment, workload management, monitoring, administration and maintenance, available through the console, are also available through che Command Line Interface. More information can be found here: https://www.ibm.com/support/knowledgecenter/SSNS6R_2.2.2/doc/cli/cct_usingcli.html

Scaling

Scaling
Scaling available No
Independence of resources The architecture of IBM cloud services maintains logical separation of client data. Internal rules and measures separate data processing, such as inserting, modifying, deleting, and transferring data, according to the contracted purposes.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics https://ibm.biz/BdiZHE
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Management data
  • Cloud environment data
  • Workload catalog data
  • Workload data
  • Application data
  • More information here: https://ibm.biz/BdiZHF
Backup controls The backup process transfers the system configuration to a specified backup storage server. The initial backup that is run is a baseline backup. Subsequent backups are delta backups. A delta backup is a copy of the system configuration that stores only the changes to the system configuration since the last baseline backup. The system automatically determines the type of backup to run by checking the backup storage server for the presence of a baseline backup. New baseline backups can be created at any time by configuring the location in the backup and restore system settings.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks IBM PureApplication Service offers 3 types of network connectivity:
- One-way VPN
- Two-ways IPSEC tunnel
- DirectLink access: a physical network link
More info here: http://www.softlayer.com/network
In addition to that, each middleware component running on the service can enforce a higher level of data protection, including encryption of data at rest and in motion.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Each service instance uses dedicated and private subnets. In addition to that, each middleware component running on the service can enforce a higher level of data protection, including encryption of data at rest and in motion.

Availability and resilience

Availability and resilience
Guaranteed availability IBM provides a 99.9% (three 9s) Service Level Agreement for IBM PureApplication Service.
Service Levels and Availability credits are available here: http://www-03.ibm.com/software/sla/sladb.nsf/sla/sd-6547-05
Approach to resilience Available on request.
Outage reporting Scheduled outages are agreed and planned with buyers via email.
Unscheduled outages are notified via email alerts to named contacts provided by the buyers.

Identity and authentication

Identity and authentication
User authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels IBM maintains individual role-based authorization of privileged accounts that is subject to regular validation. A privileged account is a duly authorized IBM user identity with administrative access to a Cloud Service, including associated infrastructure, networks, systems, applications, databases and file systems.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Coalfire ISO
ISO/IEC 27001 accreditation date 15/04/2016
What the ISO/IEC 27001 doesn’t cover The infrastructure and platform this offering is run on is ISO/IEC 27001 compliant. Refer to: http://www.softlayer.com/compliance
PureApplication also has it's own certification, accredited by Bureau Veritas on 30/11/2015.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 20/04/2016
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover The infrastructure and platform this offering is run on has a CSA STAR Self-Assessment certificate. The SaaS applications which run on this platform may not necessarily be compliant. The IBM CSA Star Self-Assessment can be viewed here https://cloudsecurityalliance.org/star-registrant/softlayer/
PCI certification No
Other security accreditations Yes
Any other security accreditations Refer to: http://www.softlayer.com/compliance

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IBM has an Information Technology (IT) Security policy that establishes the requirements for the protection of IBM's worldwide IT systems and the information assets they contain, including networks and computing devices such as servers, workstations, host computers, application programs, web services, and telephone systems within the IBM infrastructure. IBM’s IT Security policy is supplemented by standards and guidelines, such as the Security Standards for IBM's Infrastructure, the Security and Use Standards for IBM Employees and the Security Guidelines for Outsourced Business Services. Such are reviewed by a cross-company team led by the IT Risk organization every six months.

IBM has a dedicated Vice President of IT Security who leads a team responsible for IBM's own enterprise data security standards and practices. Responsibility and accountability for executing internal security programs is established through formal documented policies. IBM Services teams also have dedicated executives and teams who are responsible for information and physical security in the delivery of our client services.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach IBM maintains policies and procedures to manage risks associated with the application of changes to its Cloud Services. Prior to implementation, all changes to a Cloud Service, including its systems, networks and underlying components, will be documented in a registered change request that includes a description and reason for the change, implementation details and schedule, a risk statement addressing impact to the Cloud Service and its clients, expected outcome, rollback plan, and documented approval by IBM management or its authorized delegate.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach With each Cloud Service, as applicable and commercially reasonable, IBM will a) perform penetration testing and vulnerability assessments before production release and routinely thereafter, b) enlist a qualified and reputable independent third-party to perform penetration testing and ethical hacking at least annually, c) perform automated management and routine verification of underlying components’ compliance with security configuration requirements, and d) remediate any identified vulnerability or noncompliance with its security configuration requirements based on associated risk, exploitability, and impact. IBM takes reasonable care to avoid Cloud Service disruption when performing its tests, assessments, scans, and execution of remediation activities.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach IBM maintains and follows policies requiring administrative access and activity in its Cloud Services’ computing environments to be logged and monitored, and the logs to be archived and retained in compliance with IBM’s worldwide records management plan. IBM monitors privileged account use and maintain security information and event management policies and measures designed to a) identify unauthorized administrative access and activity, b) facilitate a timely and appropriate response, and c) enable internal and independent third party audits of compliance with such policies. IBM systematically monitors the health and availability of production Cloud Service systems and infrastructure at all times.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach IBM:
-maintains and follows incident response policies aligned with NIST guidelines for computer security incident handling, and will comply with data breach notification requirements under applicable law.
-investigates security incidents, including unauthorised access or use of content or the Cloud Service, of which IBM becomes aware, and, if warranted, define and execute an appropriate response plan.
-promptly notifies Client upon determining that a security incident known or reasonably suspected by IBM to affect Client has occurred.
-provides Client with reasonably requested information about such security incident and status of applicable remediation and restoration activities performed or directed by IBM.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Each IBM PureApplication service instance is single-tenant, isolated and dedicated to a single buyer. Other buyers cannot access the same service instance. Each service instance uses dedicated and private subnets.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £7457.00 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial There is a 30 day free trial service which has the same functionality as the full service would. However, operationally, the trial service will be consumed within a shared environment, with other customers using the trial.
Link to free trial https://www.ibm.com/us-en/marketplace/cloud-application-platform

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑