FUJITSU Cloud Service S5 Service Overview

Similar documents
Infrastructure as a Service (IaaS) Compute with Storage and Backup PRICING DOCUMENT

Cloud Services. Introduction

FUJITSU Cloud Service S5. Introduction Guide. Ver. 1.3 FUJITSU AMERICA, INC.

IaaS. IaaS. Virtual Server

IaaS. IaaS. Virtual Server

This component of K5 IaaS provides a virtual infrastructure accessible via the Internet within which physical computers are divided using virtualizati

FUJITSU Cloud Service K5 - IaaS Service Description February 15, 2017

IaaS. IaaS. Virtual Server

IaaS. IaaS. Virtual Server

IaaS. IaaS. Virtual Server

IaaS. IaaS. Virtual Server

IaaS. IaaS. Virtual Server

IaaS. IaaS. Virtual Server

FUJITSU Cloud Service S5 Modifying Virtual Resources

IaaS. IaaS. Virtual Server

Fujitsu On-demand Virtual System Service Service Catalogue

Fujitsu Global Cloud Platform Service Catalog

FUJITSU Cloud Service S5 Modifying Virtual Resources

Fujitsu Global Cloud Platform Service Catalogue

FGCP/S5. Introduction Guide. Ver. 2.3 FUJITSU LIMITED

FUJITSU Cloud Service S5 Creating, Modifying and Deleting Virtual Systems

MyCloud Computing Business computing in the cloud, ready to go in minutes

FUJITSU Cloud Service K5 for Public & Virtual Private Cloud Japan Region Price List (October 2016) IaaS. IaaS. Virtual Server

Service Description CloudCore

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

Service Description FUJITSU Cloud IaaS Trusted Public S5

ElasterStack 3.2 User Administration Guide - Advanced Zone

VMware vcloud Air User's Guide

Service Portal User Guide

customer FAQs CLOUD NATIVE INFRASTRUCTURE Service Instances (VMs) information contained in a virtual machine disk image.

Ordering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances

SERVICE DEFINITION G-CLOUD 7 THALES PSN REMOTE ACCESS. Classification: Open

Asset Bank - Shared Hosting. Service Description

Revera Vault provides large scale, highly, durable, object based storage infrastructure designed for mission-critical and primary data.

FUJITSU Cloud Service S5 Service Catalog

Overview Cobweb s Acronis Backup Cloud service is a comprehensive, yet simple, flexible and cost-effective cloud backup solution.

Echidna Concepts Guide

NGFW Security Management Center

FUJITSU Cloud Service K5 - API Management Service Description

FUJITSU Cloud Service K5 - API Management Service Description

The OnApp Cloud Platform

ConRes IaaS Management Services for Microsoft Azure

Citrix CloudPlatform (powered by Apache CloudStack) Version 4.5 Concepts Guide

ICBA Migration to IaaS Cloud Platform REQUEST FOR PROPOSAL

FUJITSU Cloud Service S5

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

VMware vcloud Air Key Concepts

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE UNITED KINGDOM

Features Handbook. FUJITSU Cloud Service K5 IaaS. Version 2.21 FUJITSU LIMITED. All Rights Reserved, Copyright FUJITSU LIMITED

VMware AirWatch Content Gateway Guide For Linux

FUJITSU Storage ETERNUS AF series and ETERNUS DX S4/S3 series

CIT 668: System Architecture. Amazon Web Services

How to Lift-and-Shift a Line of Business Application onto Google Cloud Platform

Veeam Cloud Connect. Version 8.0. Administrator Guide

HySecure Quick Start Guide. HySecure 5.0

IBM Case Manager on Cloud

Data Security & Operating Environment

SERVERS TO SERVICES HOW MICROSOFT AZURE CAN MODERNISE YOUR IT INFRASTRUCTURE. Joey Lau 9 November 2017

Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)

FUJITSU Cloud Service K5 IaaS Service Portal User Guide

VMware AirWatch Content Gateway Guide for Linux For Linux

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure

Statement of Compliance Cloud Platform

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

Virtual Appliance User s Guide

Cogeco Peer 1 Mission Critical Cloud

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

PCS Cloud Solutions. Create highly-available, infinitely-scalable applications and APIs

Dimension Data Public Cloud Rate Card

Clearswift Hosting Options

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

Relational Database Service. User Guide. Issue 05 Date

SoftLayer Security and Compliance:

NGF0502 AWS Student Slides

Networks - Technical specifications of the current networks features used vs. those available in new networks.

FUJITSU Cloud Service S5 Managing Templates and Images

Session 7: Configuration Manager

1V0-602.exam. Number: 1V0-602 Passing Score: 800 Time Limit: 120 min. Vmware 1V VMware Certified Associate 6 Hybrid Cloud Fundamentals

1 Data Center Requirements

Virtual Private Cloud. User Guide. Issue 03 Date

VMware Mirage Getting Started Guide

Master Services Agreement:

vsphere Replication for Disaster Recovery to Cloud

Azure Compute. Azure Virtual Machines

Flexible Computing Advanced User Guide

PCI DSS Compliance. White Paper Parallels Remote Application Server

EFOLDER SHADOWPROTECT CONTINUITY CLOUD GUIDE

Introducing VMware Validated Designs for Software-Defined Data Center

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

Get started with ReVirt

Service Description Server Patching

VMware Mirage Getting Started Guide

White Paper The simpro Cloud

Information Security Policy

CloudStack Administration Guide

SAP HANA. HA and DR Guide. Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Implementing Microsoft Azure Infrastructure Solutions

Transcription:

FUJITSU Cloud Service S5 Service Overview Date: 20/07/201 Page 1 of 18

Contents 1. INTRODUCTION... 3 1.1 Summary... 3 1.2 Typical Deployment... 4 1.3 Administrative Roles... 4 1.4 Standard Service... 4 1.5 Service Features... 5 2. SERVICE ELEMENTS... 7 2.1 Virtual Machine and Virtual System... 7 2.2 Storage... 8 2.3 Operating System Software... 10 2.4 Middleware... 10 2.5 Firewall... 10 2.6 Load Balancing... 11 2.7 Global IP Address Service... 11 2.8 Internet Connection Service... 11 2.9 IPsec VPN Gateway Connection Service... 11 2.10 System Template Service... 11 2.11 Management... 11 2.12 Indicative Timings for Provisioning / De-Provisioning... 12 2.13 Open Source Software Used... 12 2.14 Password Management... 12 3. FURTHER INFORMATION... 13 3.1 Signup and Credit Checking... 13 3.2 Cancellation... 13 3.3 Invoicing and Charges... 13 3.4 Service Levels... 14 3.5 Support Service... 15 3.6 Accreditations... 15 3.7 Security... 15 3.8 Access to and Use of the Service... 15 3.9 Self Help Training... 15 4. DEFINITIONS... 16 5. ADDITIONAL DOCUMENTATION... 17 6. CHANGE CONTROL... 18 Date: 20/07/201 Page 2 of 18

1. INTRODUCTION 1.1 Summary The FUJITSU Cloud Service S5 service delivers an Enterprise grade, dynamic, self-provisioned, pay as you go, highly available, Infrastructure as a Service (IaaS) from multiple Tier III data centres in key regions around the globe: UK, Japan, Australia, Singapore, Germany and the USA. The UK region benefits from two autonomous instances of the platform, delivered from two separate data centres providing enhanced resilience capability and guaranteed UK data residency. Both UK FUJITSU Cloud Service S5 platforms are also asserted by Fujitsu as suitable for usage by the Public Sector for OFFICIAL & OFFICIAL-SENSITIVE. This Service Overview describes the UK hosted instances of the platform The Service delivers multi-tenanted capability from a pool of IT resources (network, storage and compute) and provides customisable virtual environments based on a set of pre-defined operating system templates (Windows and Linux). Procurement, configuration and management of these for UK hosted resources are achieved using the platform s Web Portal or the API (see http://globalcloud2.uk.fujitsu.com (London East Data Centre) or http://globalcloud.uk.fujitsu.com/ (London North Data Centre)). Each platform portal includes an infrastructure design studio to allow definition or selection of templates to create multitier architectures (maximum of three), enabling rapid deployment of infrastructures. Capacity can be scaled both up and down in line with computing demands through API commands or directly through the design studio. Although each platform is independent, a customer choosing to sign up to both portals can benefit from 100% UK data residency and enhanced levels of connectivity via either Internet as standard or Inter-DC or Global WAN (GWAN) network connectivity at additional cost between their virtual systems. This provides enhanced Disaster Recovery and Business Continuity functionality, for use within a customer s DR strategy and planning. Date: 20/07/201 Page 3 of 18

1.2 Typical Deployment A typical deployment for an IaaS Customer might be a three-tier web-facing system protected by a firewall. The first tier may be for front end web services that are load balanced for optimum web performance. The second tier may be for a middleware tier for business logic. The third tier may be used for a dedicated database layer. The Internet HTTP/HTTPS Requests from the Internet Firewall Controlled Access to SECURE1 Optional Internet Access Firewall Controlled Access to SECURE2 1.3 Administrative Roles There are key roles defined for customers who are consuming the service: Customer: Responsible for the contract to use the platform Responsible for setting up Resource Administrators Responsible for paying for services consumed Resource Administrator: Creates and maintains one or more Virtual Systems 1.4 Standard Service The platform allows the creation of multi-tier Virtual Systems (vsys) that combine servers, firewalls, load balancers, storage and network into complete system definitions. These definitions can also be reused through the creation of Date: 20/07/201 Page 4 of 18

system templates to ease the work associated with deploying common solutions. Currently the following predefined Infrastructure-as-a-Service templates are available. IaaS Operating System Options: Windows Server Red Hat Enterprise Linux (RHEL) Ubuntu CentOS Linux The platform also provides access to common shared services (DNS, NTP, KMS, WSUS, and YUM) when one or more Global IP Addresses are added to a vsys. The portal also provides access to a service dashboard where system status can be monitored, VMs can be managed (Stopped/Started/Backed up/restored), resource usage can be displayed and charging monitored. The Virtual System can be accessed by defined Global IP addresses through the Internet or through Virtual Private Networks including IPsec VPN gateway over Internet or Intranet MPLS connectivity. The Global IP addresses can be mapped onto internal load balanced IP addresses, which can be adjusted through the Service Portal to accommodate changes or failure conditions. Metering data is collected to charge for usage of resources and functions. Where several Virtual Systems exist within one contract, per-system charge totals are calculated, and presented as a single bill. The main components of the platform are: Service Portal (Design Studio & System Manager): consolidated management of resources, including deployment of VMs, deployment of systems through the use of templates, management of IDs and certificates, and checking of logs. API: By using the API it is possible to execute the same operations as from the service portal Authentication Server: used to manage the User information associated with the IDs and client certificates related to this Service Shared Service Servers provided for use by all customers: Domain Name Server (DNS) provides name resolution when accessing the internet from the Virtual System Time Synchronisation (NTP) provides synchronised time across VMs and configured appliances Key Management Service (KMS) provides an activation service for Windows Server 2008/2012 VMs. Windows Server Update Services (WSUS) provides access to the latest Microsoft patches. Yellowdog Updater Modified (YUM) provides updates to the Linux VMs Customer Virtual Systems: single or multiple virtual systems, each with up to three segments (DMZ, SECURE1, and SECURE2) containing the virtual resources (virtual servers, firewalls, load balancers and storage) 1.5 Service Features 1.5.1 Support The Service is designed for commercial and enterprise use by UK Customers and includes, as part of the service charge, a 24*365 first line service desk, backed by 2nd to 4th line support for the FUJITSU Cloud Service S5 infrastructure accessed via phone or email, see paragraph 3.5 of this Service Overview for further detail. 1.5.2 Availability The platform is engineered and designed to be enterprise-ready, offering high levels of resilience, built-in redundancy and security, with an availability SLA of 99.95%. In the UK, the Service is operated out of two Tier III Data Centres, providing a choice of geographical location with guaranteed UK data residency. In addition, the London North Data Centre is Gold certified by the Uptime Institute for its design, build and operational sustainability. The platform provides un-contended performance for Virtual Machines and provides Internet connectivity as standard with an option of a Private MPLS Network connection (Intranet connection). The physical infrastructure used provides full hardware redundancy. This is achieved by mirroring of storage chassis and chassis-internal RAID mirroring, redundancy of network devices and under-floor cabling. If a problem occurs with a Date: 20/07/201 Page 5 of 18

physical device, the affected VMs will be moved to another physical server automatically by the service, thereby minimizing the downtime of the virtual system. In this case, the data that was written to disk just before automatic recovery will be saved. When there are indications of pending failure of physical devices, or when maintenance is performed at the data centre, VMs operating on the relevant physical servers are moved to other physical servers retaining their services and information in memory. 1.5.3 Flexibility Capacity can be increased or decreased within minutes, controlled by accessing the Portal or programmatically via the API. VMs that have been reserved, but turned off, are available as and when needed. 1.5.4 Security Several security technologies are used in the foundations of the service. A User is prevented from operating systems other than systems within the contract. Each system is separated by Virtual Network Technology (separation from each system network). Users cannot send/receive packets between other Users. However, Users are able to send/receive packets between the systems within the same contract. Every virtual system has a built-in firewall (security for connection to external network); by configuring the firewall rules, the Customers control the network flow from/to outside. The firewall also includes a built-in configurable Intrusion Detection system (IDS) and Intrusion Prevention System (IPS) offering 9 different attack patterns. Each disk (system disk, additional disk, backup disk, template preservation disk) is separated by Virtual Storage Technology (data security), in order not to be read by Users other than the owner. Storage provided by the service is also encrypted and is retained within the Fujitsu Data Centre. Data in the disks is deleted by the zero write method, so that other Users who may use the same data area subsequently cannot read it. Storage provided by the service is also encrypted and is retained within the Fujitsu Data Centre. To ensure membership of the service is restricted to Business Customers, access to the Service is restricted to Customers who have passed commercial identity and credit checks. To track Customer operations, all operations performed by the Customer's service manager are recorded and kept for five years to enable retrospective audits. The event logs output by Customer systems are kept for one month. Using the System Manager on the service portal, Users can display event logs, firewall and SLB statistical information (viewing can be controlled with User privileges). The client certificates used when connecting to the service portal and to Customer systems use SHA-256 bit hash function and RSA 2048 bit encryption algorithm. Login to the service portal requires two levels of authentication; a client certificate (SHA-256bit/RSA 2048bit) and an ID/Password. Passwords must be between 16 and 64 characters in length. Also, when using client certificates, PINs between 16 and 31 characters in length can be specified. The authentication server itself can only be accessed from the service portal or the public API. A client certificate is necessary when using the API 1.5.5 Charging Charging is on a unit-based charge system based on the utilisation of services with billing generated monthly in arrears. The Charges are incurred from when use of resources and functions are started, and when the Service Agreement allows for multiple systems, charges are calculated for each system. A single bill is provided for each Agreement; resource usage and billing information is available on the Service Portal. Customers can check or export monthly reports in PDF format and display the usage statistics of each virtual system as either tables or graphs including historical details up to 12 months. See paragraph 3.3 of this Service Overview for further information on the charge types. Date: 20/07/201 Page 6 of 18

2. SERVICE ELEMENTS The following are elements of the service. 2.1 Virtual Machine and Virtual System Virtual Machines (VM) are hosted in virtual containers known as a virtual system (vsys). Each vsys can host up to 20 VMs by default, with a maximum of 200 vsyss per customer contract. The platform provides a shared 1Gbps network supporting IPv4. Each customer must choose an address range from those reserved by the Internet Assigned Numbers Authority (IANA) for private networks, after which servers are automatically assigned a fixed IP address. At a minimum, each vsys comes with one network segment, known as a vnet. Each vsys has a DMZ vnet which can be configured to allow Internet access. A further 1 or 2 SECURE (no inbound internet access) vnets can be added at the point of creation, allowing the option of a 1, 2 or 3 tier network. Once the vnet topology has been configured, it cannot be changed. vnets communicate with other vnets and vsyss via the vsys Firewall. The firewall can also be configured to provide static Network Address Translation (NAT), with the option to configure dynamic NAT for both Destination Network Address Translation (DNAT) and Source Network Address Translation (SNAP-T), or a combination, for Public global IP to internal IP address translation. VIRTUAL MACHINE Functions Provided Type of Virtual Machine Number of virtual CPUs CPU performance index *1 Memory allocation Mini 1 0.5 1.7 GB Economy 1 1 1.7 GB Standard 1 2 3.4 GB Standard 7 1 2 7 GB Standard 15 1 2 15 GB Standard 30 1 2 30 GB Advanced 1 4 7.5 GB Advanced 3 1 4 3.4 GB Advanced 1 4 7.5 GB Advanced 15 1 4 15 GB Advanced 30 1 4 30 GB High- Performance 3 2 8 3.4 GB High- Performance 7 2 8 7.5 GB High- Performance 2 8 15 GB Double-High 7 4 16 7.5 GB Double-High15 4 16 15 GB Double-High 4 16 30 GB Quad-High 15 8 32 15 GB Quad-High 30 8 32 30 GB Quad-High 8 32 60 GB System disk Operating system provided Windows Server 2012 / 2008SP1 = 180 GB Windows Server 2008 / RHEL = 40 GB Ubuntu / CentOS = 10 GB As listed in 2.3 Date: 20/07/201 Page 7 of 18

Middleware software provided Number of private IP addresses allocated to Virtual Machines Number of NICs allocated to Virtual Machines Number of additional disks that can be connected to Virtual Machines Disk capacity for system backups & snapshots Disk capacity for data area backups & snapshots As listed in 2.4 1 auto-allocated via DHCP (Multiple user-defined private IP addresses can be assigned statically per VM NIC) 1 default NIC per VM Addition multiple NICs (max total 8 NICs per VM) can be allocated per VM to any vnet, on deployment Maximum 140 NICs per vnet segment. Up to 14 disks (The capacity of each disk can be specified in multiples of 10 GB between 10 GB and 10 TB) The disk capacity required for the system backup and snapshots is automatically allocated when backups are taken. The capacity for additional disk backups and snapshots is automatically allocated when backups are taken. *1 CPU performance index 1 is equivalent to a 1.0 GHz Xeon (2007) CPU. VIRTUAL SYSTEM Functions Provided Number of virtual networks per Virtual System Number of firewalls per Virtual System Content Select per active tier from 1- tier, 2-tier and 3-tier systems Normal or Turbo Firewall option, covering all active segments (DMZ, SECURE1, SECURE2). Redundant Firewall option for Active/Standby switching Firewall Throughput Normal: 8-183 Mbps Turbo: 75-350 Mbps (*based on 1518 byte packet size) Number of global IP addresses that can be acquired per Virtual System Maximum VPN connections Maximum number of firewall rules 10 20 800 Further technical specifications for the service are available from the Portal. 2.2 Storage The size of the system disk and any additional storage is defined with the Virtual Machines. Disks are established as persistent volumes until the Resource Controller chooses to destroy those disks from their inventory. Disks can be moved between VMs, with the data remaining accessible as long as the disk is initially formatted using a method suitable for all potential VM owners, e.g. NTFS between Windows VMs. System disk storage is only destroyed when the VM is destroyed. 2.2.1 Data Management Data backups - Multiple generations of backups can be taken by the Customer executing backups from the Service Website. The Customer shall be responsible for data backups and shall hold Fujitsu harmless for any damage, destruction or loss of data. Date: 20/07/201 Page 8 of 18

Data erasure - Data held on a VM system disk or data disk is erased using a multiple Zero-Overwrite method when the VM or data disk has been deleted. It is the Customer s responsibility to extract any relevant data prior to one of these disks being deleted. Data encryption - The data on disks is held in encrypted form, using ETERNUS encryption. For more details, please check the following web-site: http://www.fujitsu.com/global/services/computing/storage/eternus/products/diskstorage/feature/strsys_d11.html (English) ETERNUS encryption provides Equivalent security level with AES (128 bit) method. The length of encryption key of this mode is 123 bits. The speeds of encryption and decrypt is 3 ~ 4 times faster than AES method. STORAGE OPTIONS Product Disk Expansion Option Template Backup System Backup Data Disk Backup System Snapshot Data Disk Snapshot Pricing Unit 1GB*Hour 1GB*Hour 1GB*Hour 1GB*Hour 1GB*Hour 1GB*Hour 2.2.2 Data Extraction / Removal Criteria Data extraction for Windows based operating systems is provided by converting the system and data disks devices to virtual hard drive (VHD) files and exporting either via the management SSL VPN or via the Internet using standard file transfer protocols such as FTP. This is a Customer operation as Fujitsu does not retain administrator privileges on VMs deployed by Customers. Non FUJITSU Cloud Service S5 VMs that have been imported into FUJITSU Cloud Service S5 can also be exported to a VMDK file using the portal (system disk only). This is a self-service feature, for VMs running a supported Operating System and meeting the terms and conditions of the platform. Additionally, FUJITSU Cloud Service S5 originating VMs (system disk only) can be exported to VMDK for import into another FUJITSU Cloud Service S5 island instance, but the hosting of a FUJITSU Cloud Service S5 VM outside of FUJITSU Cloud Service S5 is not supported/permitted. 2.2.3 Backup and Restore Service Using the System Manager from the service portal, it is possible to perform backup and restoration of system disks and additional disks of VMs. Multiple generations of persistent backups (there is no limit on the number) can be collected and managed as a list. When performing backup and restoration of system disks, it is necessary to stop the VMs on which they are mounted. It is necessary either to stop the VMs that additional disks which are the target of backup/restore are attached to, or to detach additional disks from their VM. Once backup is started the VM and any attached additional disk can be started with the backup taking place in the background. The backup will not reflect changes after starting the VM. Additional Disk Backups may be replicated to other vsys or Contracts. A separate Snapshot facility is also available for both System Disk and Additional Disks. Additional Disk snapshots may be initiated while system is booted or running. Snapshots are full-disk copies, allowing reversion to the disk configuration saved at that time and are deleted on restoration. Multiple snapshots may be taken and held as a list, for reversion to any one at a later date. It is important to note backups within the platform are held within the same secure and highly resilient storage infrastructure. Should you require an off-site full backup solution Fujitsu are able to offer this as an additional service via the Backup as a Service offering http://www.fujitsu.com/global/services/infrastructure/iaas/storage/baas/. Date: 20/07/201 Page 9 of 18

2.3 Operating System Software SOFTWARE Product Windows Server 2008 Standard Edition R2 64bit Windows Server 2008 Enterprise Edition R2 64bit Windows Server 2012 Standard Edition 64bit Windows Server 2012 R2 Standard Edition 64bit CentOS 5.x/6.x (32bit) CentOS 5.x/6.x (64bit) Ubuntu 14.x (64bit) RHEL 5.x/6.x 64bit Minimum / Full Support Licensor Microsoft Microsoft Microsoft Microsoft Red Hat 2.4 Middleware The table below sets out the Middleware that are available. MIDDLEWARE Product SQL Server 2008 R2 Standard Edition SQL Server 2012 Standard Edition SQL Server 2012 R2 Standard Edition SQL Server 2014 Standard Edition PHP / PostgreSQL PHP / MySQL Tomcat / PostgreSQL Tomcat / MySQL Ruby / PostgreSQL Ruby / MySQL Development Support Tools [SVN, Jenkins, &c.] Licensor Microsoft Microsoft Microsoft Microsoft 2.5 Firewall Every vsys will always have a single firewall deployed, with optional Redundant Active/Standby facility, to secure the vsys. Authorised users can control how the vsys communicates with the Internet as well as between internal segments. The Firewall Service includes the following functionality: Normal (default), or Turbo firewall mode option Redundant Firewall (Active/Standby) option, with duplicate configuration, auto-failover & manual switchover facility, for both firewall modes. Additional charges apply. Configure up to 800 maximum access control rules per vsys. NAT (Network Address Translation) static 1-to-1 Public to Private IP duplex mapping, or dynamic NAT (D- NAT/SNAP-T) facility. Users can set IP address translation settings for communication with the Internet. Log files and export facility that correspond with firewall rules activity are provided. Ability to both save Firewall rules for offline editing or backup and to upload firewall rules for consistent implementation or duplication, via CSV file format Backup/Restore firewall configurations Performance monitoring of Firewall operation IDS/IPS offering 9 different configurable attack patterns Date: 20/07/201 Page 10 of 18

2.6 Load Balancing Customer VMs require regular system maintenance which will sometimes require VMs to be restarted. A Server Load Balancer (SLB) VM can be used to reduce the impact of maintenance or physical hardware failure. It can also be used to distribute incoming load requests on ports across multiple web servers or VMs using standard load-balancing algorithms. Normal and Turbo SLB chargeable options are available providing from 10-30 (Normal) or 750 to 2000 (Turbo) transactions per second capability, depending on SSL encryption key length. Maximum supported HTTPS concurrent connections is 1000. Packet capture and log export are available, plus Performance Monitoring of SLB operations. A Redundant SLB facility option is available, for both SLB mode options, providing an auto-synced configuration of Active/Standby SLB auto-failover and manual switchover facility, should the SLB primary device fail. Additional charges apply. The Load Balancing Service balances accesses to a single IP address within a virtual system across multiple Virtual Machines that have been registered as a load balancing group. By using SLB for multiple VMs it is possible to keep services operating when failover occurs on a specific VM or to load-balance high-volume access requests across multiple servers. When multiple VMs are operated together using load balancing there is no need to stop the entire service during maintenance. Each VM in a group for which load balancing is being performed can be switched to maintenance mode (excluded from the group) and released from maintenance (included in the group). 2.7 Global IP Address Service The Global IP Address Service provides up to 10 global IP addresses per vsys that are required to perform Internet communications from the Virtual System. It is the responsibility of the Customer to amend DNS routing that may have been applied if the Global IP address is deleted and returned to the shared pool. Failure to do this may mean that DNS resolution may direct to another customer s vsys when the Global IP address is reissued from the shared pool. 2.8 Internet Connection Service The Internet Connection Service provides an environment for connecting to the Internet using global IP addresses for which the Customer has created. At least one global IP address is required to use the Internet Connection Service. The Charges for this aspect of the Service are based on the number of Global IP addresses utilised and on the amount of data transmitted. 2.9 IPsec VPN Gateway Connection Service The IPsec VPN gateway connection service provides a facility for establishing a secure network connection between a pair of IPsec gateways, either between two FUJITSU Cloud Service S5 Contracts/Regions or FUJITSU Cloud Service S5 Contract/Region and external Customer network or supported client (with suitable compatible network devices). This services uses standardised ISAKMP (Internet Security Association and Key Management Protocol) and IPsec tunnelling protocols. The Charges for this aspect of the Service are based on the hours of operation of the Gateway(s) on FUJITSU Cloud Service S5. 2.10 System Template Service The System Template Service provides templates that allow Virtual Systems to be created with a single operation. Basic templates are provided on the Service Website for no charge. From time to time, Fujitsu may provide complex system templates, at additional cost which will be shown in the Service Website. 2.11 Management Fujitsu performs hardware monitoring and live monitoring of VMs (CPU/memory); the hypervisor ensures the performance of each VM. Customers can monitor (health check) their own virtual systems, the running status of the VMs and the running status of VMs in a load balance group through the portal and/or API, or with third party management tools. Date: 20/07/201 Page 11 of 18

2.12 Indicative Timings for Provisioning / De-Provisioning When the User deploys or withdraws virtual system resources, dynamic resource management will automatically execute the necessary processing in accordance with that virtual system description. Provisioning and deleting resources is performed within 30 minutes depending on the complexity of the system to be deployed or deleted. The platform is based on an entirely virtualized and fully Internet protocol (IP) based platform to provide virtual private datacentre functionality. The platform allows for the creation of separate logical networks within the IaaS platform in order to separate the infrastructure of different Customers. The platform also supports the secure linking of these networks to a Customer s own internal infrastructures via private connections through SSL VPN using HTTP and HTTPS services. 2.13 Open Source Software Used The platform is based upon the Open Source software Xen Hypervisor and CentOS/Ubuntu Linux operating system software within the service. The service uses Fujitsu s own extended hypervisor and management technology based on Xen. All physical servers in the service are equipped with Xen-based hypervisor virtualization technology above which guest VMs operate. The control of virtual resources is integrated with virtualization software on the physical servers, performing also network and storage virtualization and uniformly managing them all. For example, the storage virtualization is accomplished by loading a volume manager on top of the Xen management OS, and network migration is achieved by linking with server migration. Fujitsu works with and contributes to XCP (Xen Cloud Platform) to promote the open source platform. 2.14 Password Management The usage and restrictions of the passwords etc. used for login are shown in the following Table. Password Management Purpose Type Restrictions Password Secret Key PIN Login before certificates are issued Import of certificates to PCs Login using certificates Number of Characters 16-64 16-31 None Password Complexity None None None Number of Mistakes Before Locking 6 times No limits No limits Validity Period 90 days 3 years 3 years Date: 20/07/201 Page 12 of 18

3. FURTHER INFORMATION 3.1 Signup and Credit Checking The Customer orders either Service via the appropriate Service home page e.g. http://globalcloud2.uk.fujitsu.com or http://globalcloud.uk.fujitsu.com. Customers requiring services from both UK instances of the platform, will need to sign up in the same way on both portals. The Customer enters their email address where a unique link to the Customer s on-line application page and a temporary password is sent from the Service Platform. The customer is then presented with an on-line form for the collection of the customer s company and billing details. Once the Customer has completed the on-line application and agreed to the FUJITSU Cloud Service Agreement the Customer Account is created and limited access to the Service Website is given to the Customer. The customer will then be contacted via email by Fujitsu Central Financial Services to either confirm that all information has satisfied Fujitsu s financial approval process or a request for clarification on the company information. On completion of this stage, Central Financial Services will confirm via email the full activation of the customer s account. Approval gained to one service, will fast track approval for an application made on the secondary service at a later date. In the circumstances that the financial approval is not successful, Fujitsu will have no obligation to continue to provide the Customer with access to the Service and will be entitled to terminate the Service and the FUJITSU Cloud Service Agreement immediately. In the circumstances where the request comes from an internal Fujitsu applicant (i.e. an email address with a @uk.fujitsu.com suffix), the applicant is directed to an alternative internal on-line form. The completed form will also be reviewed by Central Financial Services and a confirmation will be issued. 3.2 Cancellation To cancel the Customer account, all virtual resources must first be stopped and then returned to the Service by clicking Return All within the System Manager Console. Once this has been completed the FUJITSU Cloud Service Agreement Owner clicks on Cancel within the User Management Console to complete the cancellation process. The Cancel link is only visible to the FUJITSU Cloud Service Agreement Owner. Customers with more than one account, or accounts in both services will need to cancel each contract separately. 3.3 Invoicing and Charges Charging is based on the actual usage of the resources of the platform and charges are incurred from the point that usage of the resource starts. The charging basis varies for different types of resources, as set out in the table below: CHARGING TYPES Type Charging System Description Service TYPE-I Rate-based (1-hour Charges are based on the Virtual Machines units) period of utilisation. Global IP Address Service TYPE-II Rate-based (Monthly) Charges are incurred for the full month, even if the utilisation period is short. (Independent of number of VM CPU) TYPE- III TYPE- IV Rate-based (Monthly and Number of CPUs) Rate-based (Time and Capacity) Charges are incurred for the full month, even if the utilisation period is short. (Dependent on number of VM CPU) Charges are based on guaranteed capacity per hour. Server Load-Balancing Service Redundant FW/SLB services Turbo FW service IPsec VPN gateway service Operating System Licences such as Microsoft Windows Server, Red Hat Server VM Middleware Options [Microsoft SQL Server] System Disk Service Additional Disk Service Date: 20/07/201 Page 13 of 18

TYPE-V Usage amount Charges are based on the amount of data transmitted. TYPE- Usage counts Charges are incurred on a onetime VI basis for the use of a system template, at the time that the system is first created. Disk Service for System Backup Disk Service for Additional Disk Backup Template/Image Backup Service Snapshot service for System & Additional Disk Internet connection service System Template Service (Unit price varies by template type) Operating time is rounded up to the next hour. e.g. Operating time : 1H 45M -> 2H Network traffic is rounded down to the previous GB. e.g. Network traffic : 31.7GB -> 31GB Where several Virtual Systems exist within one contract, per-system charge totals are calculated, and then included in a single bill. For charge types I and IV usage periods within a month are summed, and the total period of usage is then rounded up to the next hour. 3.4 Service Levels 3.4.1 Service Levels and Service Credits The target service level of the platform virtual resources is 99.95%. The Service Levels and Service Credits for the Service are set out in the Service Specification. 3.4.2 Service Management Fujitsu is an ITIL aligned and ISO/IEC20000-1 conformant supplier, and deploys, manages and continually improves service management processes that are underpinned by standard technologies. The service management process that Fujitsu will deploy for managing the infrastructure has the key processes and functions listed below: Incident Management Change Management Availability Management Service Desk. Date: 20/07/201 Page 14 of 18

3.5 Support Service The Support Service is set out in the Service Specification. 3.6 Accreditations The UK instances are hosted in one of two Fujitsu owned and managed data centres which meet the Tier 3 criteria of the Uptime Institute. In additional the London North Data Centre is certified Gold in terms of both its Build and its Operational Sustainability by the Uptime Institute. Both data centres are secure and ensure the availability of their technical infrastructure, such as air conditioning, power supply and network connection. This data centres have numerous security certificates, qualifications and awards including the following: Accreditations: Management Standards: BS EN ISO 9001:2000 the international standard for Quality Management Systems ITIL (IT Infrastructure Library) the best practise framework for Service Delivery Management Accreditations: Security Standards: ISO 27001 (BS7799) the British Standard for Information Security Management ISO 17799 the International Standard for Information Security Management The UK FUJITSU Cloud Service S5 platforms are asserted by Fujitsu as suitable for usage by the Public Sector for OFFICIAL & OFFICIAL-SENSITIVE, dependent on any necessary associated controls required within the application running on the FUJITSU Cloud Service S5 platform Certifications: 3.7 Security Tier III Design certification from The Uptime Institute Tier III Build certification from The Uptime Institute The Uptime Institute Operational Sustainability GOLD standard (London North Data Centre Only). Log collection - In order to analyse the root cause of problems that may occur, Fujitsu collects logs of illegal accesses from outside, logs of operations by the Customer, and logs of work performed by Fujitsu. These logs are then stored for seven years from when they are collected. Fujitsu will not monitor the log collection for any other purpose than analysing the root cause of problems, for example when a call is raised to the Support Service helpdesk. 3.8 Access to and Use of the Service The Customer may access and use the Service as provided in the Service Specification. 3.9 Self Help Training The platform portal comes with a set of training materials and How-To guides which will enable Users to get up and running quickly. It is possible to configure and deploy test environments in a short period of time estimated at less than an hour from the beginning of the system design through to live production. The following training guides can be found on either Web Portal.: FAQ How to Guides Webinar Process to raise questions via the service desk Optional Cloud Consulting Services. Date: 20/07/201 Page 15 of 18

4. DEFINITIONS Term/ Abbreviation Core Service Service Portal System Manager Console Virtual IT Virtual System Virtual System Set Global IP Address Service Internet Connection Service Load Balancing Service System Template Service Virtual Private Networks FW SLB IDS IPS Definition The minimum service that can be contracted for. The website available only to Fujitsu Customers receiving the Service and which enables the Customer to use the Service. Web Portal graphical User interface for administrating, configuring and initiating remote connections to the Virtual IT. Virtual Information Technology Infrastructure. Means a collection of Virtual resources. Means the collection of all of the virtual systems used by the Customer in accordance with the FUJITSU Cloud Service Agreement. Provides global IP addresses that are required to perform Internet communications from the Virtual System The Internet Connection Service provides an environment for connecting to the Internet using global IP addresses for which the Customer has created and corresponds with private IP addresses The Load Balancing Service balances accesses to a single representative private IP address within a virtual system among multiple Virtual Machines that have been registered as a load balancing group The System Template Service provides templates that allow Virtual Systems to be created with a single operation (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual Users with secure access to their organization's network. Firewall Server Load Balancer Intrusion Detection System Intrusion Prevention System Date: 20/07/201 Page 16 of 18

5. ADDITIONAL DOCUMENTATION A comprehensive library of technical information and use cases is available for both Fujitsu personnel and Customers via either Web Portal and is the subject to continual development. Date: 20/07/201 Page 17 of 18

6. CHANGE CONTROL Version Date Author Reason for change 1.0 21 st May 2012 2.0 22 nd Nov 2012 3.0 11 th March 2012 4.0 30 th July 2013 5.0 10 th December 2013 6.0 8 th July 2014 7.0 18 th Nov 2014 Simon Hallett Adam Jackson Andy Chafer Ian Purvis Simon Hallett Jeff Melman Jeff Melman Ian Purvis FGCP Service Overview issued. Moved to new template. New Double High Performance vsys added. Updated for Win 2012 templates, SQL 2012, CentOS Middleware, 200 vsys s per contract, password expiry period & registration process FUJITSU Cloud IaaS FUJITSU Cloud Service S5 name change. Service Release 9 (02Nov13) functionality updates: Double high 15 VM, 10TB disk size, 300 max FW rules, IPsec VPN gateway service, Backup in background. Service Release 11 (29Jun14) functionality updates: Redundant FW/SLB, Turbo FW, Additional disk snapshots, 800 max FW rules, FW/SLB Performance Monitoring, FW/SLB Log file import/save SR12 and Quad High Performance Types 8.0 29 th Dec 2014 Ian Purvis Updated as a result of withdrawal of Windows 2003 9.0 31 st Jan 2015 10.0 13 th April 2015 11.0 14 th Sept 2015 12.0 18 th Dec 2015 13.0 20 th July 2016 Ian Purvis Ian Purvis Ian Purvis Ian Purvis Jeff Melman Change for 2 nd island and SR13 updates OFFICIAL and OFFICAL SENSTIVE added Swapped around order of Portal URLs Added IDS/IPS, extended performance bandings and VM export capability following release of SR14 FUJITSU Cloud Service S5 name change Date: 20/07/201 Page 18 of 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback