IaaS - Infrastructure as a Service & Cloud Control - OCSL

Infrastructure as a Service is an operational model for providing Virtual Machines on-demand via convenient access to a shared pool of configurable computing resources, tailored to the specific needs of each Client. These can be rapidly provisioned and released with minimal management effort or customer interaction.


  • Infrastructure as a Service - 99.95% availability
  • Cloud Control: simplifying on premises, private & Public Cloud management
  • Virtually unlimited server instances
  • Tiered incident resolution and agreed SLAs
  • Usage & billing reporting monthly
  • Backup success/fails reporting daily
  • Optional full management & monitoring to OS level
  • N3 Aggregator
  • Janet Partner
  • HSCN Partner


  • Utilise our enterprise grade infrastructure
  • Remove management overheads
  • Improve availability & user satisfaction
  • Improve security
  • Leverage OCSL IT skills
  • Reduce IT TCO
  • Deliver IT services to SLA
  • Predictable OPEX budgeting, no hidden costs
  • Enable remote working
  • Improve reliability of your development environment


£49.58 to £615.94 per virtual machine per month

  • Free trial available

Service documents

G-Cloud 9



Mark Skelton

0845 605 2100


Service scope

Service scope
Service constraints The platform is fully owned, managed and monitored by OCSL. The customer cannot access the Datacentre Racks, Hardware, Hypervisor or related management tools. The platform is not for the customers sole use. Customers do not have access to the configuration tools for the Hypervisor, or hardware platform. Certain configuration capabilities are available and are as described in the Service Catalogue for OCSL Cloud Control. OCSL will use industry standard Anti-Virus protection (optional). Purchase of Systems Monitoring is necessary in order to measure VM Availability, if not purchased Availability SLA’s will not apply.
System requirements
  • Operating System Version Minimum O/S Disk Minimum CPU Minimum RAM
  • Microsoft Windows Server 2008 R2 onwards 60GB 1 core 4GB
  • Red Hat Enterprise Linux V4 onwards 10GB 1 core 2GB
  • Ubuntu Version 14.04 LTS onwards 10GB 1 core 2GB
  • SUSE Linux Enterprise Server V11 onwards 10GB 1 core 2GB
  • CentOS Version 5 onwards 10GB 1 core 2GB

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority Level - Initial Response - Progress Update - Target Resolution
1 - 15 mins* - 1 hour - 4 hours
2 - 1 hour - 2 hours - 8 hours
3 - 2 hour - 1 day - 10 working days
4 - 4 hour - 1 day - 20 working days

*P1 calls must be logged by telephone
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Priority Level - Initial Response - Progress Update - Target Resolution
1 - 15 mins* - 1 hour - 4 hours
2 - 1 hour - 2 hours - 8 hours
3 - 2 hour - 1 day - 10 working days
4 - 4 hour - 1 day - 20 working days

*P1 calls must be logged by telephone
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Service inception can incur via several methods for IaaS virtual machines, in several different scenarios, or a combination of both. These may be subject to change based upon customer requirements, but typically consist of:

o Greenfield deployment of new workloads
o Inception from an existing On-Premises environment
o Inception from an existing incumbent supplier

These are typically achieved via a number of different inception methods, depending upon customer requirements

o Greenfield build - The spinning up of virtual machines to Operating System level, to agreed client specifications. OCSL may also assist in migration of applications and data as part of a separate service. The customer may also self-provision using Cloud Control.
o Seeding and replication of existing servers
o OCSL operates a proven method of virtual machine migration, referred to as Seeding. This method is used to migrate existing virtual workloads from an incumbent datacentre, be that on customer premises, or an incumbent hosting provider.
o Transformation of exiting workloads into an upgraded environment in the OCSL datacentre, prior to move and test of the application workloads and data. This is always split into application by application work streams and one application transformed at a time.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction OCSL will provide copies of the customer’s virtual machines and data in the format in which they are held, or allow a third-party access on a secure basis to perform an outbound transition/migration project.
End-of-contract process Upon receiving notification of termination, OCSL will on a mutually agreed date, simply delete the customer’s data securely from the IaaS platform, and disable the customer’s access.

Using the service

Using the service
Web browser interface Yes
Using the web interface O Deploy Workloads to Multiple clouds: Azure, AWS, Google and OCSL clouds
o Console Access to Multiple clouds: Azure, AWS, Google and OCSL clouds
o Integration with existing infrastructure and service management tools
o Virtual machine OS choices from cloud vendors
o Library for automation and scaling
o Real-time reporting of Monitoring Statistics
o Real-time reporting of Backups
o Virtual to Virtual Hybrid Cloud Migration
o Consolidated usage reporting
o Consolidated billing
Web interface accessibility standard None or don’t know
How the web interface is accessible Private URL via VPN
Web interface accessibility testing Unknown
What users can and can't do using the API The OCSL CloudControl portal has API access into approximately 70 different mainstream Cloud Platforms, Hypervisors, Operating Systems, Backup technologies, ITSM systems and DevOps platforms. Please contact OCSL for more details.
API automation tools
  • Chef
  • OpenStack
  • Puppet
API documentation No
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources OCSL IaaS is built to a multi tenant design and strictly capacity planned to ensure sufficient performance capacity is available. Customers environments are pooled into resource allocations and virtual resources are uncontended against physical capacity.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Failure
  • Capacity
  • Server hardware components such as system fans
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • We provide this as a seperate service
  • Please see: BaaS - Backup as a Service - OCSL
Backup controls Please refer to: BaaS - Backup as a Service - OCSL
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The availability of each VM will be measured by OCSL at virtual machine level. The VM will be deemed to be available if the Nimsoft monitoring agent is responding (“VM Availability”), from the OCSL point of egress on the network. The Customer acknowledges that the purchase of Systems Monitoring is necessary in order to measure VM Availability.
The VM Availability of each VM will be calculated as a percentage each calendar month and measured using the following formula:
Availability % = ((AST – USD) / AST) x 100
AST*1 = Agreed System Time
USD*2 = Unscheduled Downtime

*1 Agreed System Time will be defined monthly

*2 The following shall not be counted as Unscheduled Downtime:
(i) Any scheduled downtime, (including any scheduled testing)
(ii) Maintenance Events
(iii) Customer- caused or third party- caused outages or disruptions (except to the extent that such outages or disruptions are caused by those duly authorised third parties sub-contracted by the Supplier to perform the Services);
(iv) outages or disruptions attributable in whole or in part to Force Majeure Events.

*3 During a leap year
Approach to resilience OCSL IaaS is built from Enterprise class best of Breed hardware and is fully N+1 resilient with no single point of failure.
Outage reporting OCSL is ISO2000-1 accredited and follows standard ITIL conformant Major Incident Management processes.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Active Directory is used to control user identification and authentication. OCSL Managed Services uses unique user IDs to enable users to be linked to, and held responsible for, their actions. This is in the following format: Firstname.Surname. Each computer also has a host name.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Registrar of Standards (Holdings) Ltd
ISO/IEC 27001 accreditation date 21/06/2011
What the ISO/IEC 27001 doesn’t cover There are 114 controls within ISO 27001:2013. •OCSL Managed Services has currently adopted 110 of the controls. The remaining 4 controls have not been adopted at this stage. A.14.1.2 (OCSL Managed Services do not use public networks). A.14.1.3 (OCSL Managed Services do not use application transactions). A.14.2.1 (OCSL Managed Services do not develop software). A.14.2.7 (OCSL Managed Services do not outsource software development).
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • Government OFFICIAL
  • NHS N3 Aggregator

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards OCSL is accredited to the following governance standards

o ISO9001 (Quality)
o ISO20000-1 (Service Management)
o Government OFFICIAL
o NHS N3 Aggregator
Information security policies and processes All ISO27001, Commercial N3 Aggregator, Government Official, Cyber Essentials & NHS IG Toolkit required policies. No policies have been excluded from scope.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Our methodology minimises the impact of change-related incidents on service quality and improves the day-to-day operations of the organisation. The procedures are designed to ensure that all changes are correctly planned, interested parties are notified and any service interruption is controlled. Changes can be initiated by the client or internally within OCSL. A robust Change Control process minimises the risk associated with changes. It enables all parties to keep track of changes made to systems, ensures implications of changes are assessed and that interdependencies are explored. A back-out process is also considered before any change is implemented.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Annual IT Health Checks are completed by a CHECK accredited independent organisation under the CHECK Scheme. The CHECK scheme enables penetration testing by CESG approved companies, employing penetration testing personnel, qualified to assess HMG and other public and private sector bodies. The testing personnel are CHECK Team Leaders who have proven their technical competency through lab examinations and written exams, they are skilled in application and infrastructure testing. They have also undergone thorough background checking. This technical compliance review is an extensive internal and external examination of operational systems to ensure that hardware and software controls have been correctly implemented.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach User activities, exceptions, and information security events are recorded and kept for an agreed period to assist in future investigations and access control monitoring. Software is used to monitor system use. As per the ‘Systems monitoring policy’.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The OCSL Service Desk enables our team to co-ordinate the work of restoring supported systems as soon as possible and within agreed SLAs. The Service Desk determines the nature of incidents so they can be sent to appropriately skilled engineers for resolution. An IMS is incorporated within the Service Desk. When logging calls via the telephone Service Desk, the call operative uses the same call logging software that the customer will have access to via our secure web portal. Integrated with this functionality is our knowledge base, which is used to capture information and provide accurate incident reports.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used HPE 3 PAR storage virtualisation, Cisco Nexus converged network virtual LAN and SAN, Cisco ASA Firewall Contexts and vASA appliances.
How shared infrastructure is kept separate VLANs, firewalls and storage zones.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £49.58 to £615.94 per virtual machine per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Details available upon request


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑