Fujitsu Services Limited

VMware Cloud on AWS Touchdown (VMC-T)

Fujitsu VMware Cloud on AWS Touchdown (VMC-T) is part of Fujitsu’s portfolio of Hybrid IT solutions and allows customers to easily transition to a public cloud environment whilst still leveraging the features of a VMware environment.

Features

  • Deployable in hours, scaled in minutes, billed by the hour.
  • Secure with options for Official classification
  • Integrated, orchestrated and delivered as a Service
  • Seamless Integration with Fujitsu's Manged private cloud service
  • Transparently links back to your existing Vmware estate
  • Scalable across multiple AWS AZ in a region
  • Available on a pure OPEX model
  • Deliverable from AWS regions globally
  • Easily consume native AWS services
  • Provides Vmware standard DR capabilities as a Service.

Benefits

  • Standardized expandable pod based cloud infrastructure
  • Built using standard hardware, software to ease assurance
  • Customer specified virtual machine configurations
  • Customer specified or provided O/S images and templates
  • Ability to automatically reduce run costs by turning off Hosts
  • Can be configured to autoscale to ensure capacity is available
  • High bandwidth resilient internal fabric linked to native AWS
  • Highly available resilient infrastructure with no single points of failure
  • Flexible and customisable design to suit customer requirements
  • Supportable using onshore, nearshore or offshore Fujitsu teams.

Pricing

£6.03 a server an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@uk.fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 0 0 3 6 5 4 7 1 9 7 4 6 0 8

Contact

Fujitsu Services Limited Government Frameworks Desk
Telephone: 07867829234
Email: government.frameworks@uk.fujitsu.com

Service scope

Service constraints
Customers must provide VPN over internet or AWS direct connect .
Customers must allow VPN acess for Fujitsu administrators.
System requirements
  • Customer to provide 1st line support, escalations passed to Fujitsu
  • Extra cost for 1st line service desk service from Fujitsu
  • Access to Active directory service to authenticate customer users.
  • Access to Network Services such as Time, DNS & PKI
  • Selection of Remote Support location, On-Shore, EEA & India.
  • Provision of physical access for Fujitsu teams for maintenance.
  • Provision of network access for Fujitsu teams to environment.
  • Provided at extra cost by Fujitsu to meet customer requirements.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Incident Management Service levels:
Priority 1: 4 hours
Priority 2: 8 hours
Priority 3: 16 hours
Priority 4: 3 days
Priority 5: 5 days
Please review the Service Definition for further information on service levels
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
Incident Management Service levels:
Priority 1: 4 hours
Priority 2: 8 hours
Priority 3: 16 hours
Priority 4: 3 days
Priority 5: 5 days
Please review the Service Definition for further information on service levels
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Provide documentation and optional platform specific training sessions (at additional cost) as well as relevant Vmware training courses (at additional cost)
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Word
End-of-contract data extraction
By migration of virtual machines via network . backup and restore using customer chosen backup tool. Fujitsu will support these activities at additional cost if required.
End-of-contract process
Whilst capacity is being paid for on the platform it will continue to exist, the customer can then migrate at their leisure supported if necessary by Fujitsu teams, the customer bill will reduce as capacity rolls off. When the customer requests cessation of service a final bill will be raised continuing any current spend or committed charges.

Using the service

Web browser interface
Yes
Using the web interface
As standard API supports create delete change and power on/off of virtual machines via standard templates as well as console access Custom extensions for network, security and multi machine blueprints can be added.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
N/A
Web interface accessibility testing
N/A
API
Yes
What users can and can't do using the API
As standard API supports create delete change and power on/off of virtual machines via standard templates as well as console access . Custom extensions for network, security and multi machine blueprints can be added.
API automation tools
  • Ansible
  • Terraform
  • Other
Other API automation tools
REST API calls. Vmware Cloud Assembly
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Dedicated hosts for each customer.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Customers optionally have the ability to via our cloud security service encrypt each virtual machine inside the operating system, this removes all visibility of data from virtual machine disks from cloud administrators.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Vmware Cloud on AWS Touchdown leverages Vmware NSX-T to provide a software defined network capability with boundary firewalls and micro segmentation to control east-west traffic.

Availability and resilience

Guaranteed availability
Upto 99.9% for single site or 99.99% for dual AZ stretched cluster
Approach to resilience
All storage is protected against 1 or in services with 6 or more hosts in a cluster 2 concurrent failures. If a host fails a new host is automatically added to the cluster at no cost taking over if the original host does not recover. One host will then be removed from the cluster. Virtual machines are automatically restarted after host failure on a working host. WAN connections use the AWS network architecture which offer resilient connections across multiple endpoints.
Outage reporting
Outages are reported to the Fujitsu Service management team that then inform the customer of any service impacting outages.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Users accessing the service are administrative users, end users do not directly access the service. The interface is linked to the customer active directory and authenticates all administrative users using accounts in that directory.
Access restrictions in management interfaces and support channels
Access to management interfaces is managed by network segmentation and firewall rules within the service itself.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
There are two management interfaces the Cloud Provider hub - and vCenter. Cloud provider hub is an internet facing service and uses a 2FA security mechanism via Google Authenticate one time codes. The deployed vCenter operates within the service boundary and user accounts are authenticated against the customer active directory. Access to vCenter itself is controlled using network access controls within the service.
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Bureau Veritas
ISO/IEC 27001 accreditation date
30/11/2018
What the ISO/IEC 27001 doesn’t cover
All Reference control objectives and controls of the standard are in scope, and all aspects of the offerings
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
06/04/2020
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
The Fujitsu Service provided on top of the Vmware Service
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
N/A
Information security policies and processes
ISO27001-certified governance regime for company

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ISO27001-certified configuration and change management regime for company
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
ISO27001-certified vulnerability management process for company
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Underlying platform is instrumented with audit logs being collected in the platform and forwarded to an external customer defined SIEM service (potentially delivered and managed by Fujitsu)
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ISO27001-certified incident management process for company

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Vmware
How shared infrastructure is kept separate
Private Cloud - dedicated infrastructure per Organisation

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
The Strategic Fujitsu Datacentres are registered “participants” in the EU Code of Conduct for datacentres, complying with their energy efficiency guidelines conforming to ISO50001 Energy Management. The Supplier’s infrastructure planners have used optimal layouts, as determined by the EU Code of Conduct to build the service within these datacentres.

Pricing

Price
£6.03 a server an hour
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@uk.fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.