Sungard Availability Services (UK) Ltd

Managed Cloud Services - Public Zone

Sungard AS’s Managed Cloud Services for UK Government (Public) service provides managed consumuption of AWS. Sungard AS provide configuration and management of the AWS resources using secure blueprints. Each customer is assigned one or more Virtual Data Centre(s) with compute, network, storage resources and operating system management.

Features

  • 7 availability zones, 3 EU regions (including the UK)
  • NCSC Cloud Security Principles aligned, Security Cleared (SC) staff available
  • Elastic, web-scale computing made easier for developers
  • Choice of multiple instance types, operating systems, and software packages
  • Select configuration of memory, CPU, and instance storage
  • Tools to build failure resilient and scalable applications
  • Support for Microsoft Windows, RedHat, SUSE, CentOS, Ubuntu and more
  • Support for recovery to different AWS region
  • Enhanced scheduling and management of Snapshots

Benefits

  • Secure, through integrated role-based access control across all services
  • Comprehensive, cross service API audit logging and security (CloudTrail)
  • 24x7 support and consolidated billing
  • Architectural patterns/guidance (well architected)
  • Quickly scale capacity, both up and down
  • Pay only for capacity you actually use
  • Highly reliable environment
  • Proven migration processes and procedures
  • ITIL aligned Service management

Pricing

£0.007 per virtual machine per hour

Service documents

G-Cloud 9

754832877419413

Sungard Availability Services (UK) Ltd

Sungard Availability Services

0800 143 413

government@sungardas.com

Service scope

Service scope
Service constraints None
System requirements Customers must subscribe to both managed and self-managed VPCs

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical - 15mins; High - 15mins; Medium - 60 mins; Low - 24 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Sungard AS offers several support functions – NOC, Service Desk, resolver teams etc. as part of its management services for ticketing.
24/7/365 support for the Service Desk.

Support teams are arranged in a first, second and third line of support with escalation to third party suppliers if required. Service affecting outages are escalated through the Sungard AS management process in line with the ITIL methodologies.

Technical Account Managers are available at additional cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Through proactive account management and service management, Sungard AS works with customers to ensure that there is an understanding of goals and objectives of the Customers business.  To this end, we are able to respond solutions to create a win-win scenario for Sungard AS and the Customer.  The success of this methodology has been proven in the level of customers who began working from Sungard AS as a Business Continuity and Recovery Services provider and who now see us as a strategic supplier to their business for hosting solutions.  Sungard AS have witnessed and facilitated the migration of customers from colocation and physical hosting environments in our datacentres, to Infrastructure-as-a-Service (IaaS) platforms.  
The account management team ensure the contract creation and development process is handled quickly and professionally and that customer requirements are negotiated to deliver mutually beneficial commercial outcomes. All teams are supported by a defined management structure with quick and easy points of escalation.

Every Sungard AS customer has an account manager who will manage the business relationship and will deal with all day-to-day contractual and commercial requirements. The Account Manager will also act as an escalation point for any commercial or contract-related matter.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Sungard AS can work with the customer to identify and design appropriate methods for data extraction. This can range from simple solutions such as OS-level tools (for instance xopy or rsync) to full blown migration services similar in scope to on-boarding services.
End-of-contract process Data will be maintained for at least 30 days following the termination of the contract. Charges for data retention and any other AWS charges to support access or extraction of the data continue to apply until complete removal of the services.

Using the service

Using the service
Web browser interface Yes
Using the web interface Simple user management to enable federated access to the AWS console.
Management of Enhanced Snapshot Services.

For self-managed VPCs the full features as provided by AWS are provided;
Almost all functionality for each of the services is exposed through the AWS web console.

The web console facilitates management for all aspects of the AWS account in a consolidated view whilst providing access to all services and their respective functionalities.

In some cases, specific configuration parameters of a service are dedicated to, and only available from, the CLI, SDK, or API interface.
Web interface accessibility standard None or don’t know
How the web interface is accessible Our web portal is accessible through a standard internet browser. Sungard AS is making every effort to ensure Viewpoint is compatible with modern browser releases, is optimised for use on iPad and Android tablets and is mobile-friendly. Optimal browsers for use include: - Chrome in the Windows, Macintosh, and Linux environments - Firefox in the Windows, Macintosh, and Linux environments - Internet Explorer 9 or above in the Microsoft Windows environment* - Safari in the Macintosh environment * Earlier versions of Internet Explorer (IE 8, 7, 6, 5) are not supported. From Ticketing, to access the following you must use Internet Explorer 9 or above and you will be required to re-authenticate.

Navigation is text based, allowing customers to use text to speech readers.
Web interface accessibility testing None
API Yes
What users can and can't do using the API All functionality is exposed via an API for self-managed VPCs.
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface All functionality is available via the CLI for self-managed VPCs.

Scaling

Scaling
Scaling available No
Independence of resources Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.

Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.

AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.
Usage notifications Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Amazon Web Services

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach AWS adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”).

AWS is responsible for the security of the cloud; Sungard & it's customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).

Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Virtual Machine Image
Backup controls Backups are scheduled through Sungard AS Enhanced Snapshot Service which provides enhanced scheduling, compression, de-duplication and migration of aged snapshot blocks to S3 storage,
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network Other
Other protection within supplier network Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. AWS gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.
AWS enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use.
API calls can be encrypted with TLS/SSL to maintain confidentiality; the AWS Console connection is encrypted with TLS.

Availability and resilience

Availability and resilience
Guaranteed availability Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on the AWS website via the links below:

• Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/
• Amazon S3 SLA: http://aws.amazon.com/s3-sla
• Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/
• Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/
• Amazon RDS SLA: http://aws.amazon.com/rds-sla/
• AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/

Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.

Further to this Sungard Availability Services can optionally recovery services between discreet AWS regions with SLAs for both Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
Approach to resilience The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Sungard Availability Services can implement contingency planning, training and testing for their systems hosted on AWS and optionally provides customers with a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging)

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Sungard AS personnel have access granted as per necessary access control permission whilst customers have to adhere to the Customer Procedures
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance (Sungard AS), EY CertifyPoint (AWS)
ISO/IEC 27001 accreditation date 12/3/2013 (Sungard AS), 11/11/2016 (AWS)
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • ISAE 3402 (formerly SAS 70)
  • ISO 9001: 2008
  • ISO 22301 (formerly BS 25999)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Sungard Availability Services (AS) Information Security Policy and supporting standards and procedures are based upon the industry standard ISO 27002:13 and provide the foundation on which Sungard AS develops and maintains a consistent and secure environment for the operation of its business processes. This document outlines Sungard AS’ security fundamentals and identifies the responsibilities that are essential to the control of risk when handling business and customer information.

It is the policy of Sungard AS, that information be considered as a corporate asset, and be appropriately evaluated and protected against all forms of unauthorized access, use, disclosure, modification, destruction, or denial. Security controls must be sufficient to ensure confidentiality, integrity, availability, accountability, and audit-ability for important information and associated information technology resources.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change and Service Management serves as the customer connection for escalation, support, and reporting.  They provide proactive escalation management for customer contracted services, with focus on the continual measurement and improvement of the IT services delivered.  Where assigned, a named Service Manager works closely with both the customer and internal teams ensuring the delivery of Sungard AS services in accordance with the customer’s requirements, in line with Service Level Commitments.  Key responsibilities are:
* Primary services escalation;
*  Service Orientation;
* Service Review Meetings and Service Reporting;
*  Continuous Improvement;
* Incident and Problem Management escalation;
* Policies and Process.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach As a requirement of Sungard AS PCI DSS assessment, penetration and external/internal vulnerability assessments are performed across the platforms within the scope of the assessment. Penetration testing includes network and application layer testing as well as controls and processes around the networks and applications, and occurs from both outside the network trying to come in (external testing) and from inside the network.

Sungard AS has a documented Patch Management process in place which is endorsed by Corporate Compliance. Information regarding threats is managed by our IT Operations department  who receive and monitor threats from various organisations
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Regular on-going compliance monitoring activities are performed covering [customer] information with control deficiencies tracked and managed via a formal remediation process. This is assessed as part of our ISAE3402, ISO27001, BS25999 and ISO9001 certification.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach A formal Security Incident Management process is in place which is tested on an annual basis and forms part of our ISO 27001 certification. Notifications of incidents  are made through the Service Desk function who provide regular updates to resolution

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used AWS Proprietary
How shared infrastructure is kept separate Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.

Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. The Amazon EC2 firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets pass through this layer. The physical random-access memory (RAM) is separated using similar mechanisms.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £0.007 per virtual machine per hour
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑