1 and Collaboration as a Service Version: 2.0, Issue Date: 05/02/2014 Classification: Open
2 Classification: Open ii MDS Technologies Ltd Other than for the sole purpose of evaluating this Response, no part of this material may be reproduced or transmitted in any form, or by any means, electronic, mechanical, photocopied, recorded or otherwise or stored in any retrieval system of any nature without the written permission of MDS Technologies Ltd. MDS Technologies Ltd, Spring Park, Westwells Road, Corsham, Wiltshire SN13 9GB Telephone: , Fax: Contents Why MDS?... 1 Summary of service benefits... 1 Product Overview... 1 Example Use Cases... 2 Trial Service... 2 Information Assurance... 2 Product Features... 2 Technical Features... 3 Service Options... 4 Backup/Recovery and Disaster Recovery... 4 Service Levels... 5 Pricing Model... 6 Appendix... 7 Related Services... 9
3 Classification: Open 1 Why MDS? A tailored cloud solution that fits your business needs Full range of cloud hosting options from pure public cloud to hybrid cloud and physical enablement solutions A support team is based on the same highly secure campus as our cloud platform A cloud platform is Pan Government Accredited up to IL3 A fully managed platform, supported up to Operating System Over 12 years experience of providing infrastructure services SC cleared operational support staff 24/7 support through our ITIL-aligned Service Desk Additional professional services such as project delivery and technical consultancy ISO 27001, ISO 9001, ISO14001 accredited Over 12 years experience in supporting Public Sector customers A privately owned, UK sovereign company We are an SME - agile with minimal bureaucracy PROFESSIONAL, PERSONALISED SOLUTIONS Summary of service benefits Pan Government Accredited - Suitable for IL0, IL1, IL2 and IL3 data. Exceptional value lowest cost IL3 mailboxes (from 3.25 per user per month at scale) Immediately available at all impact levels zero delay to your project. No frills focussed on core messaging and collaboration features All data centres are highly resilient, Tier3 and UK sovereign with >50 miles separation. Connectivity via the Internet or a government secure networks (e.g. PSN, GSI, N3 etc.) or your own dedicated circuits such as X-Kryptors, CPA, Leased Lines, MPLS, etc. Product Overview and Collaboration as a Service helps organisations and end users work in a secure, efficient and effective manner by providing a range of productivity tools including , calendaring and tasks. A Briefcase provides organisations with a secure solution to manage and share documents and information with colleagues. The Skyscape and Collaboration as a Service reduces the cost of deploying and managing enterprise systems, delivering improved availability, productivity and reduced total cost of ownership, and is accessible through a range of popular applications and mobile devices. Skyscape have achieved Pan Government Accreditation for both IL2 and IL3 data for this service, meaning that a significant proportion of assurance has already been completed thus allowing Public Sector Organisations to gain the benefits of secure, purpose built, on-demand compute resources that meet their stringent requirements, all on a true utility (pay for what you use) consumption model. Using a web browser, an client or mobile device, individuals can access their own personal and group mail boxes simply and easily with either little or no set up needed. Skyscape manages the underlying infrastructure and application ensuring the integrity of the solution and mailbox availability. Mail hygiene is provided via Cisco Ironport, providing enterprise protection against spam and malware.
4 Classification: Open 2 The Client organisation is responsible for customisation and configuration of the mail solution specific to the Customers organisations need, support and administration of their end-users and devices / client applications. The Service is offered as a secure multi-tenanted solution. Skyscape s service has been designed specifically for the UK public sector and is available only to the UK public sector. The service supports and complies with all relevant areas of the Government ICT Strategy and Information Principles for the UK Public Sector. Skyscape s data centres are some of the most energy efficient in the world and as such support the Green Government ICT Strategy in full. MDS is a reseller, at cost, of this Skyscape service. Example Use Cases Organisations wanting to reduce costs both in terms of licensing and management without compromising on features or customisations associated with other multi-tenanted solutions. Organisations requiring centralised data that is accessible in a secure manner by a range of individuals across a number of devices. End users requiring greater functionality and collaborative tools to improve their working productivity. Trial Service Skyscape offer a 30 day free trial for up to 500 people within a single organisation, available upon request. Free trials are subject to additional terms and conditions which are available on the Cloud Store. Information Assurance This service has achieved Pan Government Accreditation (PGA) for data at Impact Level 2 and Impact Level 3. Suitable for IL0, IL1, IL2 and IL3 data. In addition of PGA for IL2 and IL3, Skyscape also hold independent ISO9000, ISO20000 and ISO27001 accreditations which underpin our business operations and Cloud Platform. All data centres are highly resilient Tier3, UK sovereign and separated by >50 miles for geographical diversity. Skyscape and MDS staff are Security Cleared and based in the UK Product Features and Collaboration as a Service offers the following features: & Calendaring An and calendaring service that delivers a range of capabilities, accessible via the Internet or government secure network, from mobile devices or through a number of client based applications (Microsoft Outlook etc.). Contacts and addresses a centralised repository delivering rich functionality. Archive stored based on company or individual user requirements (optional). Briefcase document storage and sharing gives the ability for organisations to store and access content in one centralised location. Fully configurable, it allows users to create folders, access rights, document check in / out and version control. Access Anywhere access the service (Impact Level dependant) via web, mobile devices or through a number of client based applications.
5 Classification: Open 3 Social supports integration with a wide range of social networking and collaboration tools, if desired. Assured Security the platform is hosted in highly resilient Tier3, UK sovereign data centres and can benefit from QinetiQ s Protective Monitoring solution. Compute as a Service provides an accredited, secure and highly scalable compute platform which offers the following benefits: Already Pan Government Accredited to IL2 and IL3 Organisations gain significant advantages in terms of costs, time and effort compared with how systems and platforms were built in the past. Expedites your project no need to wait for infrastructure and deployment teams new mailboxes are provisioned quickly via an easy-to-use self-service portal. Assured Security the platform is Pan Government Accredited at both IL2 & IL3, hosted in highly resilient Tier3, UK sovereign data centres and benefits from QinetiQ s Protective Monitoring solution at IL3. Green the Skyscape service is based in UK data centres which offer market leading efficiency around power and cooling. A Skyscape solution will generate less Carbon than many other solutions. The service is billed on the basis of the resources used or reserved during a period of time (1 month minimum) based on metrics including number of mailboxes, mailbox size (mailbox and archive) and bandwidth. Mail hygiene is provided via Cisco Ironport, providing enterprise protection against spam, viruses and malware Technical Features and Collaboration as a Service has the following technical features all available as standard: including calendaring and tasks Fully featured , calendar, address book, tasks and file collaboration. 1GB mailboxes (optional unlimited Archive available).supports Secure POP3, IMAP4, MAPI and SMTP access using TLS/SSL encryption. Access: available using either client based software (VMware Zimbra Desktop, Microsoft Outlook) or through common web browsers. Support for a variety of mobile devices (Apple iphone, Android and Windows Mobile via ActiveSync / Direct Push). Global address lists and third party application extension capabilities. Message size limits (max attachment size): 25MB. Security Encrypted client connectivity using FIPS S/MIME for digital signatures and encryption. Configurable administration rights. Admin activity audit trail. Access controls for application and data sharing. Single sign-on support. Integrated spam and virus protection via Cisco Ironport. Mobility Security Supports corporate security policies on supported devices that mobile devices must accept to receive and store company data / communications such as;
6 Classification: Open 4 Force PIN security on device. Require alpha-numeric password for device. Automatic device wipe. Auto device lock. Briefcase - Document Storing / Sharing A central repository to store and manage documents and files. Set access roles and responsibilities per user or group on either folders or documents. Create document versioning and approval workflows to improve data integrity and collaboration. Archiving The service can include integrated archiving and discovery as a chargeable option. This can be enabled for all or selected users and copies every message (sent and received) into an archive mailbox. Cross mailbox search (discovery) of items is supported in the web admin client. The following web browsers and mail clients are currently supported. Please check for the latest guidance: Advanced web client (Ajax): Microsoft Internet Explorer 7+, Firefox 3.0+, Safari 4+, Google Chrome 2.1+ Standard web client (HTML): Microsoft Internet Explorer 6+, Firefox 3+, Safari 3+ (4+ MacOS), Google Chrome 2.1+ Desktop clients: Zimbra Desktop, Microsoft Outlook (2003, 2007, 2010), Apple isync Any POP or IMAP supported client Mobility: Any compatible smartphone (Android, Symbian, Windows Mobile) Apple iphone / ipad Service Options Service Level Agreement 99.99% Antivirus, Malware & Spam protection Multi-site Resilience Backup Archiving Relays available as standard QinetiQ Protective Monitoring Web Level AV included IL3 Content Inspection available Yes Daily Optional Cost per GB GSI, Internet Included for IL3 IaaS Backup/Recovery and Disaster Recovery The service is deployed across multiple sites to provide a degree of service continuity in the event of a disaster. The service is also backed up on a daily basis.
7 Classification: Open 5 As standard, the service offers a 'Dumpster' folder, which retains items (messages, appointments etc) which have been deleted by a user from their mailbox and the Trash folder for 30 days. If the deletion turns out to be accidental, the user can recover the message(s) themselves. Service Levels Skyscape provide both an Availability SLA and Response Time SLA for the Compute as a Service for Test & Development service as per the following table. Availability (monthly*) 99.99% Incident response Incident update Service credits P1 within 15 minutes P2 within 4 hours P3 within 24 hours P4 within 72 hours P1 hourly P2 every 2 hours P3 every 24 hours P4 every 24 hours 10% of monthly spend ENHANCED 1 Support s can also be sent to a mailbox hosted outside of the Skyscape platform * Availability indication based on an average 730 hours per month. Excludes planned & emergency maintenance. Unavailability applies to existing mailboxes where the mailbox becomes unresponsive due to a fault recognised at the SaaS layer or below: i.e. fault is not within the Consumers control (OS, Applications, user networks) fault is within Skyscape controlled components such as the messaging infrastructure, storage, power and physical firewalls & routers etc. External connectivity providers (e.g. internet, PSN, GSi) and components collocated at Skyscape are also not included in the availability calculation. In addition, Skyscape also provide an Availability Service Level Target on the Skyscape Portal i.e. the ability to log into the portal to create support tickets and use other functions. Client Portal Availability (monthly) 99.90% Target Availability (monthly*)
8 Classification: Open 6 Pricing Model IL0 IL2 IL3 G5: <499 Mailboxes G5: Mailboxes G5: Mailboxes G5: Mailboxes G5: Mailboxes G5: Mailboxes Additional Mailbox storage (per GB per Month) Archive Storage (per GB per Month) The pricing in the above table is based on GBP ( ) per mailbox per month (part month charged as a whole month). The pricing for the following items can be found in the Skyscape Pricing Guide. Data ingestion and extraction Connectivity options Commitment Discount Customers can gain a discount off the standard rates by making a commitment for minimum monthly amounts during a 12 month period. The commitment relates to spend during the period (rather than VM s or GB s) as follows: PO Value < 250K 0% 250K- 499K 9% 500K- 749K 13% 750K- 1,499k 16% 1,500K + 19% Discount Level Customers will be required to raise a non-conditional purchase order for the required net amount (after discount) which will entitle them to receive services up to the value of the gross (pre-discount) amount. Customers will be required to break-down the commitment with monthly spend amounts any amount not consumed within an individual month will not be rolled forward to a subsequent month. Discounts are per purchase order only. Worked Example If you know that you will spend at least 300,000 per year with Skyscape, you can make that commitment and receive an effective 9% discount. We would require a PO of 273,000 ( 300,000 less 9%) which will be payable even if you don t consume that level of Skyscape services within 12 months. Any consumption in excess of 300,000 will be billable at the standard Skyscape rates unless a new commitment is made.
9 Classification: Open 7 Appendix On-boarding and off-boarding On-boarding Within 10 days of acceptance of an order, Skyscape will create the Consumers Primary Administrator account and send the consumer a Welcome Pack which includes the URL for the Skyscape Customer Portal, mailbox services and associated authentication details. The Consumers Administrator is then able to create additional user accounts and allocate roles and privileges for users within their project. Each user can then simply log on and begin using the service. The Administrator is also able to set policies, create user accounts and allocate roles and privileges for users within their organisation. Skyscape provide tools to assist Administrators migrate data from popular existing environments. Set up of Client based software or mobile devices may be required dependant on the chosen access methods. Off-boarding Prior to terminating the contract, the Consumer is able to transfer all their data out of the solution (e.g. using the Skyscape API to retrieve data). When the organisation terminates their agreement with Skyscape, Skyscape ensures all of the organisation s data is deleted. Service management As a true Cloud service aligned to the NIST definition of IaaS, the service is designed to be self managed via the secure online Skyscape API and the Skyscape Portal which provides common Service Management functionality and addresses standard requirements. On rare occasions, Skyscape may decide to assign an experienced, qualified ITIL Service Delivery Manager to some Consumers. In these cases, the SDM will provide additional assistance with reporting, incident escalation and continual service improvement, at all times following Skyscape s ISO20000 certified ITIL-based process framework. For Organisations that require more of a managed service, Skyscape work with MDS to provide a Managed Service wrapper around the Skyscape IaaS. Service constraints Message send limits: users can only send 30 s in any one minute period. Minimum of 25 mailboxes per organisation required to initiate the service. Skyscape will adhere to the following in terms of maintenance windows; Planned Maintenance means any pre-planned maintenance of any infrastructure relating to the Services. Skyscape shall provide the Client with at least twenty four (24) hours advance notice of any such planned maintenance: Planned maintenance of Skyscape s infrastructure relating to the Services shall happen between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of 08:00 and 12:00 (UK local time) on a Saturday and/or Sunday. No planned maintenance will take place on a Saturday unless agreed in advance by both parties; Planned Maintenance shall be excluded from any availability calculation in regard to service credits but shall be included in the monthly service reporting; Emergency Maintenance means any emergency maintenance of any of the infrastructure relating to the Services. Whenever possible, Skyscape shall provide the Client with at least six (6) hours advance notice: Whenever possible Emergency Maintenance of Skyscape s infrastructure will happen between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of 08:00 and 12:00 (UK local time)on Saturday and/or Sunday unless there is an identified and demonstrable immediate risk to a Clients environment; Emergency Maintenance shall be excluded from any availability calculation in regard to service credits but shall be included in the monthly service reporting. Training Skyscape have created a number of videos, help guides, manuals and FAQs to help train and instruct users so that are up and running quickly and easily. MDS are able to deliver additional services such as training, support and managed services.
10 Classification: Open 8 Ordering and invoicing Billing for the service is monthly in arrears. Payment can be via Purchase Order and Direct Debit. Skyscape are preparing to be able to accept Debit/Credit Card payments (e.g. Government Procurement Card) please enquire at time of order to check whether this is available. Service lead time Setting up a new organisation will typically be completed within 10 days from acceptance of order. Shorter deployment times are typically achieved and can be prioritised upon request. Once set up Organisations have instant access to additional compute and storage resources with no notice period required as they manage this themselves. Termination Terms At the point of termination, all consumer data, accounts and access will be permanently deleted, and will not be able to be subsequently recovered or restored. Costs There are no termination costs for this Service. Consumers are responsible for extracting their own data from the platform if required. Skyscape may make an additional charge for transferring data out of the service. Data restoration / service migration In many circumstances, Skyscape can help facilitate a bulk migration to the platform using local data import. This is priced on a time and materials basis form the Skyscape SFIA rate card. Consumer responsibilities The control and management of access and responsibilities for end users including appropriate connectivity, security and accreditation if required. Where access is required over N3, GSI or PSN, the consumer is responsible for adhering to the Code of Connection. Management configuration and administration of layers above the SaaS (e.g. applications, mobile devices, mail transport rules etc). As a core benefit of the Cloud Platform, consumers are expected to self-manage the environment including provisioning mailboxes, user administration, AV, patching, etc. Consumers must be aware of the variable nature of the billing based on usage. The consumer is also responsible for ensuring only appropriate data (e.g. IL0-IL2 or IL3) is stored and processed by applications on this environment and that they comply with the Skyscape Security Operating Procedures (SyOps) and other information assurance requirements as specified in Skyscape System Interconnect and Security Policy (SISP) and associated accreditation documentation sets. Financial recompense model If the service level falls below the stated availability percentage (excluding Planned and Emergency maintenance periods), consumers will be eligible for service credits on affected mailboxes. Service credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the failure occurred (to be applied at the end of the billing cycle). Service Credit Cap Service Credits 10% of monthly spend per 5% below service level target or part thereof Up to 10% of monthly spend Technical requirements Consumers will require appropriate network connectivity such as internet access (IL0-IL2) or accredited connectivity such as a government secure network (IL3) to the Skyscape Cloud Platforms. Connectivity via the internet, a government secure network (PSN, GSI) or private leased line is available but may incur additional charges if the hosting of CPE routers is required - see the pricing section for more details. Where required, Consumers are responsible for procuring
11 Classification: Open 9 and managing appropriate devices or software to meet the requirement for data security over the various forms of connectivity. Consumers have a number of options to choose from with Skyscape to access their environment dependant on their requirement. The below are guides to demonstrate what is possible but may require further engagement to explain further: IL0 2 Standard Internet connectivity over common protocols (HTTP, HTTPS, SSH, etc) Non-standard ports considered via Service Request PSN Leased Line (CAS(T) compliant) or non-cas(t) using CPA/PEPAS overlay encryption IL3 Preferred connectivity is over a Government Secure Network such as GSI or PSN PSN or CAS(T) Leased Line (IL3 over IL2) N3 Connection CPA/PEPAS approved solution providing overlay encryption (e.g. Cisco ISR/ASR) IL0 (e.g. Internet or non CAS(T) circuit) to IL3 VPN Site-to-Site VPN using CAPS approved solutions (e.g. Ultra AEP X-Kryptor) CPA assured solution where Foundation Grade assurance is appropriate (e.g. Cisco ISR/ASR) IL3 Leased Line (assured network connection) Consumers are responsible for the related assurance plan for accreditation if required. Related Services This service may be bought in conjunction with the following other G-Cloud services: Connecting to the Cloud (5.G )