Rackspace Government Cloud on VMware (2022)

Service scope

Service constraints
There is a minimum infrastructure requirement of the following:
• 2* Cisco Firewalls
• 2* Load Balancers
• 4* Basic Rackspace Private Cloud Hypervisors
• High Availability 10Gb Switch Set
• 10Gb service net switch

System requirements
Each environment is designed to customers specifications

User support

Email or online ticketing support
Email or online ticketing

Support response times
Priority One incidents are responded to within 15 minutes of the incident being logged, 24 hours a day, 7 days a week. Incidents are logged either by phone, email or the automated monitoring of infrastructure and applications. Full details of the service response targets for incidents, changes and requests can be found in the terms and conditions.

User can manage status and priority of support tickets
Yes

Online ticketing support accessibility
None or don’t know

Phone support
Yes

Phone support availability
24 hours, 7 days a week

Web chat support
No

Onsite support
Yes, at extra cost
Support levels
Rackspace offers three different level of support and management, depending on the individual needs for core provisioning and management of your technology stack.

Intensive Service Level provides a consultative, proactive service approach, where Rackspace is responsible for deep multi-layer monitoring, patching, management and planning for the environment. This is backed by a dedicated account team, consisting of a Service Delivery Manager, Lead Engineer and a Business Development Consultant.

Managed Service Level consists of infrastructure 24x7 monitoring, patching, maintenance and ‘on-demand’ support for the operating system level.

Core Infrastructure Level is a hosting solution specially designed for customers wishing to retain control and flexibility to manage and administer their environment, but do not want the burden of managing infrastructure. Rackspace is responsible for all aspects of the physical data centre, network infrastructure and hardware supply chain, whilst the customer remains responsible for managing the day-to-day administration of their environment, including the operating system, networking devices, monitoring and storage.

Support available to third parties
Yes

Onboarding and offboarding

Getting started
Rackspace provides all new customers a ‘101’ introduction to the service, which includes an overview of the service level, including the support team functions, the monthly account review (Intensive service level), service delivery team engagement, change and escalation processes and the MyRackspace portal walk-through.

For the Intensive Service, your Rackspace Service Delivery Team will deliver informal training for your technicians on particular topics they would like more information on.

Rackspace provides all new customers a ‘101’ introduction to the service, which includes an overview of the service level, including the support team functions, the monthly account review (Intensive service level), service delivery team engagement, change and escalation processes For the Intensive Service, your Rackspace Service Delivery Team will deliver informal training for your technicians on particular topics they would like more information on.

There is also a customer handbook which describes the product and how it can be used.

Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF

End-of-contract data extraction
Customers can transfer their data using VMware native tools.
Apart from backup under the Managed Backup service Rackspace, does not transfer customer hosted data to portable media under normal operating conditions. Upon request, Rackspace can attach a portable device to customer’s servers. Customers are responsible for transferring data to the portal device and for ensuring personal data, sensitive personal data, and other types of sensitive data are appropriately protected (encryption).
End-of-contract process
At the end of the contract, it will automatically roll over to a monthly cycle contract unless customer gives 30 days notice to terminate or renew their contract. Rackspace will inform the customer of the roll over taking effect and work with the customer to identify options to extend formally extend the contract or to initiate a termination as per the call-off contract agreement.

In case a customer wishes to terminate their contract, Rackspace agrees to plan, cooperate and provide exit assistance in good time to achieve a smooth transition of services with minimal disruption customer’s operation and to continue to provide the services until transfer is complete.

Using the service

Web browser interface
Yes

Using the web interface
Customers will have direct access to VMware web portals and APIs to manage the environment. Full suite of portals are included in the products such as vSphere, vCloud, vRA, vROPS, NSX.

Web interface accessibility standard
None or don’t know

How the web interface is accessible
No specific web interface technology testing has been undertaken with assistive technology users, however good practice development methods have been used to optimise the end user experience.

Web interface accessibility testing
No testing has been completed with users of assistive technology.

API
Yes

What users can and can't do using the API
Full user functionality is provided through APIs. Such as Create, edit and delete vApps and VMs, Power off/on, suspend/resume VMs, Uploading OVA or ISO as vApp, Creating or deleting a customer catalog, Snapshot a VM or vApp, Accessing VM console.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet

API documentation
Yes
API documentation formats
  • HTML
  • PDF

Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS

Using the command line interface
Full user functionality is provided through APIs, such as create, edit and delete vApps and VMs, power off/on, suspend/resume VMs, uploading OVA or ISO as vApp, creating or deleting a customer catalog, snapshot a VM or vApp, accessing VM console.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual

Independence of resources
There are no shared infrastructure components among various customers and therefore will not impact with other users demands.

Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
  • API access
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance

Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations

User control over data storage and processing locations
Yes

Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)

Penetration testing frequency
At least once a year

Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider

Protecting data at rest
Other

Other data at rest protection approach
Data Encryption is implemented as per the customers requirements.

Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed

Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Full image backup of VM
  • Other options available

Backup controls
The backup process is structured to meet customer’s business needs and requests. Rackspace will work with customer to help define a solution that will meet your specific business needs / demands. Rackspace will be responsible for data restoration should the need arise.

Datacentre setup
Multiple datacentres with disaster recovery

Scheduling backups
Users contact the support team to schedule backups

Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Dedicated customer Virtual networks (VLAN / VxLAN) are used to logically segment customers' networks. Using the VMware tool suite to manage this functionality is fast and self service.

Firewalls protecting the customer from the Rackspace public network and from the Internet are implemented, configured and managed by experienced Internet security specialists according to the customer’s explicit requirements. Firewalls are configured with Access Command Lists (ACL) which prevent access to private internal IPs and deny access to all non-Administrative ports.

For higher levels of assurance, Rackspace can offersupport using a PSN-accredited, secure management platform; this is an additional cost option.

Availability and resilience

Guaranteed availability
Below are the availability SLAs: -Power: A/C power to the outbound port on your serving PDU will be available 100% of the time. -Network: The data centre network will be available 100% of the time in a given month. -1 Hour Hardware Replacement: Rackspace will repair or replace failed hardware components that we provide at no additional cost, and within an hour of identifying the problem. -Support Request Response Times : As part of intensive service level, Rackspace provides 15 minutes response time SLA for emergency upto 4 hours for standard priority tickets. Should there be a failure to meet any SLA objectives, the Service Delivery Manager will calculate the appropriate performance credit as per the contractual agreement, and complete the necessary internal approval process. Once approved, the credit is issued to the customer account and can be offset against pending or future invoice. A relevant ticket is also created and the credit note stored on the customer portal for long-term record keeping.
Approach to resilience
Disaster Recovery (DR) is typically provided via the OS/application level. Data can be replicated between environments running in different DC via the OS, application tools.

Rackspace can provide multiple data centres per region in a majority of cases, utilising Rackspace sites, and/or cloud platforms such as AWS or Azure. Rackspace will work with customers to understand their disaster recovery/resilience requirements, and will architect a solution designed to meet the defined recovery time / point objectives.

Outage reporting
Following a major incident, a customer may request an Incident Report from the Rackspace Service Delivery Manager. This report will be delivered via email and contains a summary of the events that occurred, along with a root cause analysis and preventative actions.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Access restrictions in management interfaces and support channels
Customers do not have direct access to hypervisors . Rackspace access control policies based on the principles of ‘least privilege’ and ‘segregation of duties.’ Customer solutions reside on their own dedicated VLAN. Rackspace administrative access to dedicated customer solutions is performed via the Bastion Servers, which act as segregation points between the Rackspace corporate network and the customer environment. Access via the Rackspace Secure Management Environment is subject to stringent logging and auditing controls.

Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
You control when users can access audit information

How long user audit data is stored for
User-defined

Access to supplier activity audit information
You control when users can access audit information

How long supplier audit data is stored for
User-defined

How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes

Who accredited the ISO/IEC 27001
British Standards Institute (BSI) Certificate reference: IS 636168

ISO/IEC 27001 accreditation date
19/05/2018

What the ISO/IEC 27001 doesn’t cover
Software development controls are excluded and some international office space is not in scope.

ISO 28000:2007 certification
No

CSA STAR certification
No

PCI certification
No

Other security certifications
Yes
Any other security certifications
  • ISAE 3402 Type II / SOC
  • Cyber Essentials Plus
  • ISO 9001

Security governance

Named board-level person responsible for service security
Yes

Security governance certified
Yes

Security governance standards
ISO/IEC 27001
Information security policies and processes
Rackspace’s Leadership Team has assigned lead responsibility for information security to the Chief Security Officer. The Chief Security Officer has reviewed and approved the information security management system (ISMS), which demonstrates the commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS. The Chief Security Officer collaborates with Rackspace Legal to monitor compliance with all local, state, and federal laws and regulations that apply to Rackspace.

Rackspace has documented policies which meet the recommendations of the ISO27001 standard (including an Information Security Policy).The Rackspace Information Security Policy is reviewed at least annually or as a significant change occurs to ensure its continuing suitability, adequacy, and effectiveness.

Supporting policies include:
-Global Rackspace Corporate Information Security Policy
-Global Organization of Corporate Information Security Policy
-Management of Information Security Incidents Policy
-Global Information Technology Risk and Compliance Policy
-Global Business Continuity Policy
-Global Supplier Relationship Management Policy
-Global Communication Security Policy
-Global Operations Security Policy
-Global Physical Security Policy
-Global Access Control Policy
-Global Asset Management Policy
-Global Vulnerability Management
-Global System Acquisition Development and Maintenance Policy
-Global Cryptography Policy

Policies and processes are audited internally and externally by an independent assessor.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
CORE is Rackspace proprietary hosting automation platform, to facilitate change control with the provisioning, changing, and scaling of customer’s hosting environment. CORE centralises all information about customer and their hosting configuration and manages all change related tasks and communication.
CORE seamlessly assigns work across Rackspace resources for issues that require multiple teams to troubleshoot, and by carefully controlling changes, we are able to achieve guaranteed uptime and minimise any impact on customer business operations

Rackspace utilises a Technical Change Management to control changes to the shared infrastructure. Proposed technical changes are subject to Change Board approval according to defined thresholds.

Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Rackspace maintains an ISO27001 certified internal vulnerability management programme that includes regular vulnerability assessments of the corporate network intended to identify, assess and remediate technical vulnerabilities. In addition, the PCI Merchant program requires quarterly scans of the internal network for vulnerabilities; remediation follows PCI standard guidelines.

Customers can specify the desired frequency to apply patches, however by default:
1) Linux updates are pushed into the Intensive channels once a month.
2) Windows monthly patches are released across three separate weeks.

Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Rackspace data centers and Network Operations Center (NOC) are manned 24/7/365.

Rackspace will implement our “RackWatch” programme, which is our network monitoring service. Numerous monitoring levels are available depending on service level and segment. Our experienced technicians will automatically take action in your best interest within agreed support procedures.

Please note that the level of alerting and monitoring depends on the service selected.

Rackspace will respond via agreed communication channels approved by the customer

Rackspace will respond as soon as possible to incidents, at a minimum within agreed SLAs.

Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Rackspace maintains formal incident response processes concerning both corporate network incidents and incidents affecting customer solutions. Incidents that affect more than one customer or Rackspace operations (Enterprise Impacting) are managed from a centralised tool that provides alerting and escalation paths and procedures, communication procedures and command, control and communication across all Rackspace facilities.

Rackspace will work with you to institute a formal incident response plan for your environment. Rackspace can optionally provide a dedicated Intrusion Detection Service device with Managed Services for this purpose.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes

Who implements virtualisation
Supplier

Virtualisation technologies used
VMware

How shared infrastructure is kept separate
There are no shared infrastructure components for compute and networking. Our managed back up utilises an independent private network for backups running on network equipment to minimise network security concerns. Rackspace will create a new zone configuration for every host which is connected to the shared SAN environment. This zoning includes the unique World Wide Name (WWN) for the Host Bus Adapter (HBA) which is physically installed in each server and the WWN of the particular storage array that contains their disk assignment. This association blocks access to any storage array for which a server is not explicitly provided access.

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£10,699.26 an instance a month

Discount for educational organisations
No

Free trial available
No

Service documents

  • Pricing document

    PDF

  • Skills Framework for the Information Age rate card

    PDF

  • Service definition document

    PDF

  • Terms and conditions

    PDF

  • Modern Slavery statement

    PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsector@rackspace.com. Tell them what format you need. It will help if you say what assistive technology you use.

Top Articles

Latest Posts

Article information

Author: Virgilio Hermann JD

Last Updated: 10/28/2022

Views: 6128

Rating: 4 / 5 (41 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Virgilio Hermann JD

Birthday: 1997-12-21

Address: 6946 Schoen Cove, Sipesshire, MO 55944

Phone: +3763365785260

Job: Accounting Engineer

Hobby: Web surfing, Rafting, Dowsing, Stand-up comedy, Ghost hunting, Swimming, Amateur radio

Introduction: My name is Virgilio Hermann JD, I am a fine, gifted, beautiful, encouraging, kind, talented, zealous person who loves writing and wants to share my knowledge and understanding with you.