Sungard AS’s Managed Cloud Services for UK Government (Public) service provides managed consumuption of AWS. Sungard AS provide configuration and management of the AWS resources using secure blueprints. Each customer is assigned one or more Virtual Data Centre(s) with compute, network, storage resources and operating system management.
- 7 availability zones, 3 EU regions (including the UK)
- NCSC Cloud Security Principles aligned, Security Cleared (SC) staff available
- Elastic, web-scale computing made easier for developers
- Choice of multiple instance types, operating systems, and software packages
- Select configuration of memory, CPU, and instance storage
- Tools to build failure resilient and scalable applications
- Support for Microsoft Windows, RedHat, SUSE, CentOS, Ubuntu and more
- Support for recovery to different AWS region
- Enhanced scheduling and management of Snapshots
- Secure, through integrated role-based access control across all services
- Comprehensive, cross service API audit logging and security (CloudTrail)
- 24x7 support and consolidated billing
- Architectural patterns/guidance (well architected)
- Quickly scale capacity, both up and down
- Pay only for capacity you actually use
- Highly reliable environment
- Proven migration processes and procedures
- ITIL aligned Service management
£0.007 per virtual machine per hour
Sungard Availability Services (UK) Ltd
Sungard Availability Services
0800 143 413
|System requirements||Customers must subscribe to both managed and self-managed VPCs|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Critical - 15mins; High - 15mins; Medium - 60 mins; Low - 24 hours.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
Sungard AS offers several support functions – NOC, Service Desk, resolver teams etc. as part of its management services for ticketing.
24/7/365 support for the Service Desk.
Support teams are arranged in a first, second and third line of support with escalation to third party suppliers if required. Service affecting outages are escalated through the Sungard AS management process in line with the ITIL methodologies.
Technical Account Managers are available at additional cost.
|Support available to third parties||Yes|
Onboarding and offboarding
Through proactive account management and service management, Sungard AS works with customers to ensure that there is an understanding of goals and objectives of the Customers business. To this end, we are able to respond solutions to create a win-win scenario for Sungard AS and the Customer. The success of this methodology has been proven in the level of customers who began working from Sungard AS as a Business Continuity and Recovery Services provider and who now see us as a strategic supplier to their business for hosting solutions. Sungard AS have witnessed and facilitated the migration of customers from colocation and physical hosting environments in our datacentres, to Infrastructure-as-a-Service (IaaS) platforms.
The account management team ensure the contract creation and development process is handled quickly and professionally and that customer requirements are negotiated to deliver mutually beneficial commercial outcomes. All teams are supported by a defined management structure with quick and easy points of escalation.
Every Sungard AS customer has an account manager who will manage the business relationship and will deal with all day-to-day contractual and commercial requirements. The Account Manager will also act as an escalation point for any commercial or contract-related matter.
|End-of-contract data extraction||Sungard AS can work with the customer to identify and design appropriate methods for data extraction. This can range from simple solutions such as OS-level tools (for instance xopy or rsync) to full blown migration services similar in scope to on-boarding services.|
|End-of-contract process||Data will be maintained for at least 30 days following the termination of the contract. Charges for data retention and any other AWS charges to support access or extraction of the data continue to apply until complete removal of the services.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
Simple user management to enable federated access to the AWS console.
Management of Enhanced Snapshot Services.
For self-managed VPCs the full features as provided by AWS are provided;
Almost all functionality for each of the services is exposed through the AWS web console.
The web console facilitates management for all aspects of the AWS account in a consolidated view whilst providing access to all services and their respective functionalities.
In some cases, specific configuration parameters of a service are dedicated to, and only available from, the CLI, SDK, or API interface.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||
Our web portal is accessible through a standard internet browser. Sungard AS is making every effort to ensure Viewpoint is compatible with modern browser releases, is optimised for use on iPad and Android tablets and is mobile-friendly. Optimal browsers for use include: - Chrome in the Windows, Macintosh, and Linux environments - Firefox in the Windows, Macintosh, and Linux environments - Internet Explorer 9 or above in the Microsoft Windows environment* - Safari in the Macintosh environment * Earlier versions of Internet Explorer (IE 8, 7, 6, 5) are not supported. From Ticketing, to access the following you must use Internet Explorer 9 or above and you will be required to re-authenticate.
Navigation is text based, allowing customers to use text to speech readers.
|Web interface accessibility testing||None|
|What users can and can't do using the API||All functionality is exposed via an API for self-managed VPCs.|
|API automation tools||
|API documentation formats||
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||All functionality is available via the CLI for self-managed VPCs.|
|Independence of resources||
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.
Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.
AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.
|Infrastructure or application metrics||Yes|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Amazon Web Services|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
AWS adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”).
AWS is responsible for the security of the cloud; Sungard & it's customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).
Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage.
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||In-house destruction process|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||Virtual Machine Image|
|Backup controls||Backups are scheduled through Sungard AS Enhanced Snapshot Service which provides enhanced scheduling, compression, de-duplication and migration of aged snapshot blocks to S3 storage,|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||Other|
|Other protection within supplier network||
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. AWS gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.
AWS enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use.
API calls can be encrypted with TLS/SSL to maintain confidentiality; the AWS Console connection is encrypted with TLS.
Availability and resilience
Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on the AWS website via the links below:
• Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/
• Amazon S3 SLA: http://aws.amazon.com/s3-sla
• Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/
• Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/
• Amazon RDS SLA: http://aws.amazon.com/rds-sla/
• AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/
Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.
Further to this Sungard Availability Services can optionally recovery services between discreet AWS regions with SLAs for both Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
|Approach to resilience||
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.
AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Sungard Availability Services can implement contingency planning, training and testing for their systems hosted on AWS and optionally provides customers with a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
|Outage reporting||Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging)|
Identity and authentication
|Access restrictions in management interfaces and support channels||Sungard AS personnel have access granted as per necessary access control permission whilst customers have to adhere to the Customer Procedures|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Lloyd's Register Quality Assurance (Sungard AS), EY CertifyPoint (AWS)|
|ISO/IEC 27001 accreditation date||12/3/2013 (Sungard AS), 11/11/2016 (AWS)|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The Sungard Availability Services (AS) Information Security Policy and supporting standards and procedures are based upon the industry standard ISO 27002:13 and provide the foundation on which Sungard AS develops and maintains a consistent and secure environment for the operation of its business processes. This document outlines Sungard AS’ security fundamentals and identifies the responsibilities that are essential to the control of risk when handling business and customer information.
It is the policy of Sungard AS, that information be considered as a corporate asset, and be appropriately evaluated and protected against all forms of unauthorized access, use, disclosure, modification, destruction, or denial. Security controls must be sufficient to ensure confidentiality, integrity, availability, accountability, and audit-ability for important information and associated information technology resources.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Change and Service Management serves as the customer connection for escalation, support, and reporting. They provide proactive escalation management for customer contracted services, with focus on the continual measurement and improvement of the IT services delivered. Where assigned, a named Service Manager works closely with both the customer and internal teams ensuring the delivery of Sungard AS services in accordance with the customer’s requirements, in line with Service Level Commitments. Key responsibilities are:
* Primary services escalation;
* Service Orientation;
* Service Review Meetings and Service Reporting;
* Continuous Improvement;
* Incident and Problem Management escalation;
* Policies and Process.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
As a requirement of Sungard AS PCI DSS assessment, penetration and external/internal vulnerability assessments are performed across the platforms within the scope of the assessment. Penetration testing includes network and application layer testing as well as controls and processes around the networks and applications, and occurs from both outside the network trying to come in (external testing) and from inside the network.
Sungard AS has a documented Patch Management process in place which is endorsed by Corporate Compliance. Information regarding threats is managed by our IT Operations department who receive and monitor threats from various organisations
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Regular on-going compliance monitoring activities are performed covering [customer] information with control deficiencies tracked and managed via a formal remediation process. This is assessed as part of our ISAE3402, ISO27001, BS25999 and ISO9001 certification.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||A formal Security Incident Management process is in place which is tested on an annual basis and forms part of our ISO 27001 certification. Notifications of incidents are made through the Service Desk function who provide regular updates to resolution|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Other|
|Other virtualisation technology used||AWS Proprietary|
|How shared infrastructure is kept separate||
Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.
Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. The Amazon EC2 firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets pass through this layer. The physical random-access memory (RAM) is separated using similar mechanisms.
|Price||£0.007 per virtual machine per hour|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|