OVHcloud

Public Cloud Hyperscale IaaS

Based on OpenStack open-source software, OVHcloud Public Cloud is distinguished by powerful features: leading price-performance ratio, ecosystem interoperability and flexibility.

Compute and storage space is logically isolated, provided on on a fully-mutualised infrastructure: network, compute clusters, storage clusters. Resources for every instance are fully guaranteed: there is no over commitment.

Features

  • Fast, automated deployment
  • OpenStack Horizon Interface one of the largest global OpenStack deployments
  • Predictable pricing with traffic included
  • No Hypervisor costs
  • Additional disk
  • OVHcloud firewall included
  • No private network charges
  • Anti-DDoS
  • Rebuild and back up instances
  • Choice of operating system

Benefits

  • Saves time provisioning hardware & software
  • Free, unmetered private network (vRack)
  • Free, unmetered public bandwidth Ingress & Egress
  • Opex model
  • Instance Backup
  • Instance Snapshot
  • Shelve Instance
  • Hourly or monthly billing
  • Instance VNC console access / KVM
  • Instance protection

Pricing

£30.59 to £4,400.12 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@ovhcloud.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 2 0 8 1 2 0 3 9 9 4 9 7 4 7

Contact

OVHcloud Hiren Parekh
Telephone: 03333700425
Email: publicsector@ovhcloud.com

Service scope

Service constraints
Bandwidth Egress charges in APAC region.
Volume (Block storage) limited to 4Tb.
System requirements
OVHcloud Public Cloud operates based on Openstack.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard: Response time < 4 hours
Phone support in local language during office hours, contact via email or OVH manager only during nights and weekends.

Business: Response time < 30 minutes
Phone support in local language, French and English 24x7. Support also available via email or OVH manager.

Enterprise: Response time < 15 minutes
Phone support in local language, French and English 24x7. Support also available via email or OVH manager.
24x7 incident management.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
STANDARD (Included)
Standard support is the support that is provided for every customer when they buy from OVHcloud. Online content provided in the form of Guides, FAQ's and a chatbot, provided during business hours. Initial response time: <4 hours.

BUSINESS (+10% of monthly bill)
For companies that have their own commitments, provided is 24/7 access to OVHcloud team of experts. Initial response time: 30 minutes.

ENTERPRISE ( +30% of monthly bill)
For companies that have their own commitments, provided is 24/7 access to OVHcloud team of experts. Initial response time: 15 minutes.
Support available to third parties
No

Onboarding and offboarding

Getting started
OVHcloud provide online guides, FAQ and OVH community.

Regular OVHcloud acadamies.

Partner Acadamies.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
There is no set method. Instance disk file extension is agnostic and not constrained to OVHcloud.

Users may use their own preferred extraction methods.
End-of-contract process
Services cease and hardware is wiped and reprovisioned for usage.

There are no costs or hidden activities.

Using the service

Web browser interface
Yes
Using the web interface
OVHcloud Manager is general dashboard to manage any OVHcloud product. It is reachable at www.ovh.cloud.com/manager and exists in more than 10 different languages (including German, French, Spanish and English). It can be used to:-

* Add any resources (compute, block storage, etc.): Infrastructure Submenu.

* Create and access to an Object Storage container: Storage Submenu.

* Inspect the tenant management information (quotas, billing, current monthly consummation, billing-alert creation, associated OVHcloud accounts etc.): Project Management Submenu.

* Give accesses to the tenant through Horizon Interface or OpenStack API: OpenStack Submenu.

Horizon is OpenStack’s native administration graphical interface. Access is granted using Keystone credentials, internal to OpenStack platforms. These credentials could also be used to interact with all the OpenStack APIs.

This interface is project centered: any project access needs a dedicated account (created through OVHcloud Manager). It can be used to:

* Display any information (exception of the invoicing ones) regarding a tenant.

* Interact with instances: start, stop, restart, resize, etc.

* Create snapshots of instance and additional disks.

* Manage SSH Key Pairs.

* Define Security Groups.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
OVHcloud Manager is general dashboard to manage any OVHcloud product. It is reachable at www.ovh.cloud.com/manager and exists in more than 10 different languages (including German, French, Spanish and English). It can be used to:-

* Add any resources (compute, block storage, etc.): Infrastructure Submenu.

* Create and access to an Object Storage container: Storage Submenu.

* Inspect the tenant management information (quotas, billing, current monthly consummation, billing-alert creation, associated OVHcloud accounts etc.): Project Management Submenu.

* Give accesses to the tenant through Horizon Interface or OpenStack API: OpenStack Submenu.

Horizon is OpenStack’s native administration graphical interface. Access is granted using Keystone credentials, internal to OpenStack platforms. These credentials could also be used to interact with all the OpenStack APIs.

This interface is project centered: any project access needs a dedicated account (created through OVHcloud Manager). It can be used to:

* Display any information (exception of the invoicing ones) regarding a tenant.

* Interact with instances: start, stop, restart, resize, etc.

* Create snapshots of instance and additional disks.

* Manage SSH Key Pairs.

* Define Security Groups.
Web interface accessibility testing
N/A
API
Yes
What users can and can't do using the API
OVHcloud provides access to the Application Programming Interface (API), which includes all possible actions from the client space (Manager OVH). Based on a RESTful standardized architecture, these interfaces enable: Consult all the services you have subscribed (Private Cloud, vRack, etc.), Interact directly with these services (status, add options, vRack association, etc.), Order new services (calculation resources, public IP, etc.), View its billing information or payment status.

These interfaces can be used through a web interface (https://api.ovh.com) or directly through a web call within the scripts of our clients. The OVHcloud API is available at https://api.ovh.com

OVHcloud APIs are used securely for the web interface via OVHcloud client identifiers and for use in third-party applications/scripts using 3 elements: Application Key, Secret Application, Consumer Key

The Consumer Key determines the application/script permissions.

Each call to APIs is signed and timestamped.

To allow the integration of OVHcloud APIs into software, OVHcloud provides code elements to consume APIs in different programming languages:
Java, Swift, Golang, Python, JSnode, PHP, C#, Crystal.
API automation tools
  • OpenStack
  • Other
Other API automation tools
Public Cloud is based on Openstack and provides standard API
API documentation
Yes
API documentation formats
HTML
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Each instance is provided with Compute, RAM and Network connectivity which is allocated without oversubscription. The Insance recieves it's provisioned disk allocation from a shared disk within the host but when adding additional storage, it's provided from storage with guaranteed IOPS. (250/3000 IOPS depending on chosen performance.)
Usage notifications
No

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
Public Cloud Instance (Virtual Machines)
Backup controls
Using a single pane manager, it is possible to enable Backup for Virtual Machines/Public Cloud Instances.

Users may create a backup per Instance/Virtual Machine or create an automatic backup (schedule).

When scheduling users may opt for 'Rotation 7' , 'Rotation 14' or a Custom.
Datacentre setup
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
"OVH is committed to the following service levels:-

Guaranteed Resource instances (CPU, RAM, General Purpose): monthly availability rate of 99.999%
Sandbox instances: 99.95% monthly availability rate
GPU instances: monthly availability rate of 99.999%

Object Storage containers: 99.9% monthly availability
100% monthly data resilience rate"
Approach to resilience
OVHcloud has implemented redundancy mechanisms to ensure compliance with regulatory, statutory and contractual obligations. OVHcloud maintains a framework that is consistent with industry best practices for the Business Continuity and Disaster Recovery Program at all levels.

OVHcloud provides customers multiple datacenters for Geo redundancy, system functionality allows customers to capture and restore virtual machine images at any time to support their resiliency needs.

Underlying phsical hardware have RAID configured for disk redunancy, Network cards are configured in pairs for redundancy. Datacentres are stocked with replacement parts and have a repair workshop. Systematic dual power supply: Every datacentre is supplied by two separate power sources. In the event of failure, generators are on standby to take over. Datacentres have a minimum of 2 incoming network feeds; inside, 2 twin network rooms which can take over from one another.
Outage reporting
OVHcloud provide different levels of services with specific means of communication to customers.
At a basic level, Communication with OVHcloud is through Customer Advocate, who is the unique point of contact with customers.
-Customers open tickets to get assistance.
-Incident or Event communication : Website http://travaux.ovh.com is communication canal used for our customers

In case of the subscription to the Professional Services support, communication with OVHcloud is through Technical Account Manager (direct call /mail).

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
OVH access control policy based on the principles of least privilege and segregation of duties. Customer solutions reside on their own dedicated VLAN.
Implement role-based access controls and require authorized users privileges via group membership. Administration access is managed through Bastions Servers with limited access to the specific IP address ranges.
A regular review of access is carried out as part of the monitoring and review activities implemented by OVH.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
OVHcloud operates ISO27001/ISO27017 on many other services and are commited to achieving this governance for Public Cloud by June 2021. This is supported by security governance in line with CSA Star and other open source initiatives.
Information security policies and processes
OVHcloud management put in place an (ISMS) Information Security Management System according to ISO 27001: 2013. Policies and processes are documented and available via intranet to the employees.
The scope only concerns OVHcloud Private cloud computing infrastructure and not Public Cloud, however our employees and DC management processes support effective security controls for our Public Cloud services and we aim to be compliant in 2021. This includes all the following processes: host and datastore management, maintenance, customer virtual machine environment, core business scripts, availability indicators, sales offers and virtual machine backup.

On an annual basis OVHcloud is audited by third-party auditors, to obtain an independent attestation of compliance with our policies and procedures for ISO 27001:2013 & ISO27017, SOC1 & SOC2 Type II, and OVHcloud Healthcare data hosting.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes in the servers, including applications are managed with the Technical analysis method and in dedicated environments. Security is an integral part of this method from the start and throughout the project life cycle.
We create a technical analysis when:
-if the network architecture changes permanently ;
-if the flow diagrams changes permanently ;
-If you add / remove a feature (server, network equipment);
-if modified, create a new organizational process.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
OVH has set up a monitoring process for managing vulnerabilities, analyzing, evaluating exposure to these vulnerabilities, documented and take appropriate measures to cover the associated risks.
OVH complies with ISO 27002 to ensure good information security management practices and ISO 27005 standards for risk assessment and risk handling.
The vulnerability scans are performed periodically by an approved entity.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The OVH SOC (Security Operations center) team monitors 24/7 the security issues (suspicious and unusual activities) and triggers the protection procedures.
Several monitoring mechanisms are in place depending on service level and segment. Customer is notify depending on the nature of the problem.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
An incident escalation process is implemented, to facilitate a response to security events which includes identification, analysis (scope and impact ), solutions, and lessons learned in alignment With ISO 27001 standard.
- Formal procedures are implemented for feedback and reporting of events related to information security.
- OVH notifies the appropriate parties to remediate any identified vulnerabilities.
- A knowledge base of incidents is fed to limit a new occurrence of the incident.
-Security events and incidents are reviewed by the risk manager to update the risk assessment.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
KVM hypervisor
How shared infrastructure is kept separate
The network layer is shared between our customers. A segmentation of customer infrastructures is realized through our "vRack" solution enabling our customers to interconnect Level 2 machines across our backbone in a secure manner.

Public cloud built on Openstack is seggregating instances by means of KVM Hypervisor.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
OVHcloud is a responsible global hyperscale cloud provider, which is highly committed to energy efficiency as part of environmentally sustainable digital services. With a vertically-integrated value chain, OVHcloud manufactures its servers, and designs its own datacentres. This enables maximum efficiencies and inclusion of ongoing innovations, able to achieve a leading Power Usage Effectiveness (PUE) ratio of 1.09.

OVHcloud has pioneered water cooling systems for greener technology since 2003, and since 2013 our energy procurement policy has focussed only on green power and 100% renewable energy sources. Water Usage Effectiveness is extremely low (~0.29) because the cooling technology is based on closed loops using very little water. And carbon footprint is 50g CO2/MWh. Continuity planning is considered in the design, monitoring and management of datacentres using added isolation and backup energy systems.

Through designing our data centres to run without air conditioning and recycling our components for secondary markets to prolong their life cycles we maintain an environmentally friendly approach in all our design, manufacturing and operational processes. In recognition of this Francois Sterin, OVHcloud Chief Insdustrial Officer, was named in The Data Economy Climate 50, a list of the world’s most influential climate sustainability leaders in data centres and cloud.

Pricing

Price
£30.59 to £4,400.12 a unit a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
£50 free credit to use on any Public Cloud instance.

Offer is valid as of 7th July 2020.

The discount provided by the promo code is applicable for a duration of two months from the date on which it is activated, and is automatically deducted automatically from your next bill.
Link to free trial
https://www.ovhcloud.com/en-gb/public-cloud/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@ovhcloud.com. Tell them what format you need. It will help if you say what assistive technology you use.