Q What is the service?

Compute as a Service from UKCloud is an Infrastructure as a Service (IaaS) offering which enables organisations to rapidly provision and scale secure virtual machines (VMs) in minutes, in a flexible and autonomous manner.

UKCloud provides this service across two security domains, Assured OFFICIAL (historically PGA IL2) and Elevated OFFICIAL (historically PGA IL3), and four service levels offering up to 99.99% availability. This allows customers to precisely match application and user needs to an appropriate security domain, service level and cost, instead of designing to the highest level which may not always be needed.

Q Can VMs have different Service Levels?

Yes, UKCloud offers four different service levels. T&D (also known as Essential), BASIC, STANDARD & ENHANCED.

Q Are VMs contended?

UKCloud provides a range of service levels to help customers choose a service which best matches their budget and requirement.

The T&D service is a contended service. VMs do contend for memory and processor resources.

The production service is available at three service levels: BASIC, STANDARD & ENHANCED.

UKCloud has implemented a combination of technical and process controls (e.g an ISO20000 certified Capacity Management process) to ensure that VMs at our production service levels do not contend for memory or processor resources.

Q Can VMs communicate to those on different Service Levels?

VMs can communicate between service levels. In some cases this may require customers to use the built in self-service IPSEC VPN functionality to create a virtual private network within the assured cloud platform.

Q Can VMs be moved between Service Levels?

Yes, VMs can be moved between Service Levels but requires the customer to first export the VMs and then import them back into virtual data centre that has been created at the target service level.

Q What hypervisor do you use?

UKCloud’s environment is built using VMware vSphere, the most ubiquitous and mature hypervisor available. Secure Multi Tenancy is achieved with VMware vCloud Director.

Q Do I get root access onto the local VM?

Yes, as a true IaaS cloud service, customers have complete control and autonomy over the VM and so have full ‘root’ or administrative access.

Q What size VMs are available?

UKCloud offers a variety of “T-shirt” sizes to meet our customers need.

The smallest configuration is 500MB and one vCPU.

The largest VM that can be built is 96GB memory with 8vCPU.

Dedicated Compute allows customers more flexibility to build custom sized virtual machines.

Check the Compute service description for more details on the currently available solutions.

Q Can I resize my VM?

Yes, changes to processor, memory and storage allocations can be made via the self-service UKCloud Portal and API.

Processors and memory can be added to or removed from VMs if the OS supports the “hot add” capability.

Increasing CPU/memory allocations may result in the VM being billed at a higher rate.

Additional VM storage may be allocated instantly and will be billed on a per GB basis.

Q What is the speed of each vCPU?

This is set at 2GHz for all VM’s except for Micro sized VM’s which can be restricted to run at 500MHz.

Q Does UKCloud offer encryption on the VM?

Not by default, this could be implemented by the customer if required using technology of your choice.

Q What is the Dedicated Compute solution?

The Dedicated Compute solution provides defined resources on dedicated physical hosts. As with our on-demand VMs, you build, configure and manage your environment yourself.

This model enables you to:

• License applications that require dedicated physical hardware, such as Oracle or Windows Desktop
• Deploy whatever VM size you want (up to the maximum allowed), using the resources available in the resource pool
• Choose the resource contention between VMs, which enables greater flexibility between VM capacity and performance

For more details, please see the G7 Compute Production service description, available via the Digital Marketplace.

Q How many IP addresses do I get?

Customer organisations are initially allocated five external IP addresses with a new compute service.

Additional external IP addresses can be requested via a Service Request.

There is no limit to the number of internal IP addresses (RFC1918) customers can allocate.

Q How many PSN IP addresses do I get?

Customer organisations are initially allocated one external PSN IP address.

Additional external PSN IP addresses can be requested via a Service Request should a valid business requirement arise.

There is no limit to the number of internal IP addresses (RFC1918) customers can allocate.

Q What Firewall services are available?

UKCloud controls and manages a perimeter firewall on the edge of our assured cloud platform which securely segregates traffic. Within the Compute environment UKCloud provides Customers with a self-managed virtual firewall solution which supports typical firewall functionality such as access control lists, network address translation, etc as well as basic load balancing and support for VPNs.

Customers can also use their preferred firewall and security appliances as long as they are compatible with the Vmware virtual infrastructure that is used to power the UKCloud assured cloud platform.

Q How do I create, and manage firewall rules?

As an integral part of the solution, UKCloud provides each customer with a dedicated virtual firewall.

This virtual firewall is managed exclusively by the customer. Firewall rules can be set and managed via the UKCloud Portal and API.

UKCloud provides On-boarding Guides and associated video tutorials to help customers configure and manage their firewall.

Q Do you offer dynamic or static IP addresses?

The external IP addresses are static. Internal IPs can be assigned statically from a pool, manually or dynamically via DHCP.

Q Are external Domain Name System (DNS) services available?

No, UKCloud does not currently offer this service. Customers can implement their own DNS servers within their solution or configure their virtual firewall to enable connectivity to an externally hosted DNS server (e.g. those hosted on Government Secure Networks such as PSN/N3 or those available on the Internet such as Google 8.8.8.8).

Q Are domain name registration services available?

No, UKCloud does not currently offer this service. Some Government Secure Networks (such as PSN/N3) offer name registration and DNS hosting as part of their service.

For internet facing services a 3rd party DNS provider will be required.

Q Is Network Time Protocol available for time synchronisation?

Yes this is available for Assured OFFICIAL and Elevated OFFICIAL, please see the Compute as a Service On-Boarding Guide for more details.

Q Can UKCloud provide SSL certificates or can existing SSL certificates be utilised?

UKCloud does not provide SSL certificates, however existing ones can be utilised.

Some Government Secure Networks (such as N3 and PSN) provide SSL certificates as part of their service.

Q Do you offer load balancing?

Yes. Load balancing can be configured within the service and is included within the price.

Supported protocols: HTTP, HTTPS, TCP.

Supported algorithms: Round Robin, IP Hash, URI, Least Connected.

Q Can I deploy my own load balancer?

Customers can deploy their own Load Balancing virtual appliance (e.g. F5, Stingray, Zeus, etc) if support for other algorithms are required.

Q How much storage do I get with a VM?

The default amount of storage with each VM is 60GB.

The only exception is Micro sized VM’s which have a fixed 10GB allocation which cannot be increased.

Q Can I reallocate storage across VM’s?

No, storage pooling isn’t possible. Each VM must have a minimum of 50GB (except Micro sized VM’s).

Additional storage can quickly and easily be allocated via the self-service UKCloud Portal or API and is charged on a per GB basis.

Q Is storage persistent?

Yes, unlike some other cloud platforms, storage is persistent.

This means that your data and VM configuration remains available to you even if the VM is switched off or restarted.

Q What is the Optimised Storage solution?

Optimised Storage is a new tier of compute storage designed for the following scenarios:

• Applications that require improved performance when accessing stored data such as high activity databases
• Applications that have irregular usage patterns that require a consistent performance such as data warehouses or batch process applications

Existing applications can take advantage of our Optimised Storage, but there is a migration process involved.

Please engage your Account Director or Cloud Architect to understand if the Optimised Storage solution will provide a benefit to your solution.

Q How do I access my systems?

You can access your VMs either by using the remote console through the UKCloud Portal or remote access protocols (RDP/SSH etc) over a VPN or secure network.

Q What reports can I get about the VM performance?

UKCloud does not currently provide VM performance reports however, users can monitor the performance by using standard tools within the operating system.

Q Does UKCloud patch the VMs?

No, customers are responsible for the patching of their services. UKCloud makes a patch repository available to customers for VMs on the Elevated OFFICIAL cloud platform that cannot connect to the internet for common Operating Systems that UKCloud provides.

Q How can I access support and patches for operating systems that UKCloud is licensing?

UKCloud provides a repository for patches of common operating systems that the customer can access and update from. Please refer to the onboarding guide or UKCloud Portal knowledge centre for more details.

For support, the customer will need to log a request through to UKCloud who will then log the ticket with the respective supplier. UKCloud will then inform the customer of all updates but UKCloud is not responsible for the actual resolution of non-IaaS issues.

Q Do you have a KMS server for activating Windows?

Yes, this is available. A step by step guide on how to configure and utilise this service is detailed within the On-Boarding Document, found in the UKCloud Portal Knowledge Centre.

Q How do I control the VM?

Users can control the VM via the UKCloud Portal or API. Controls include: stop, start, restart, load media, clone, snapshot etc.

Q Do you monitor the VM?

UKCloud monitors the underlying platform but does not monitor customer OS or applications. Customers can implement their own application performance monitoring solutions within the virtual data centre.

Q Do you offer auto scaling?

There is no standard product offering for autoscale however the platform API can be used to achieve this with a little developer effort.

UKCloud provides blueprints inside the Knowledge Center on the UKCloud Portal to provide guidance on how this can be achieved.

Q How quickly can I scale my service both up and down?

Horizontal scale can be achieved quickly by adding additional VMs (usually in just a few minutes). Vertical scaling can be achieved by “Hot Adding” CPU or RAM to a VM (where supported by the guest OS). This operation usually takes seconds.

Q What operating systems are available?

UKCloud Compute as a Service is powered by VMware technology and so is compatible with a wide range of x86/x64 operating systems.

VMware provides a compatibility matrix at vmware.com (http://partnerweb.vmware.com/comp_guide2/pdf/VMware_GOS_Compatibility_Guide.pdf)

Customers can either use the UKCloud catalogue of operating systems or opt to upload their own.

UKCloud offers Windows Server 2008 R2 Enterprise, Redhat Enterprise Linux 6.1 and CentOS 6.1.

We will also be introducing Windows Server 2012 and MS SQL templates.

UKCloud also provides access to common templates provided by the Bitnami service such as Drupal, Joomla, LAMP and WordPress

Q How can I licence the Operating System?

MICROSOFT: Microsoft terms and conditions preclude customers from using their own license agreements for Windows Server in the Cloud. Hence all licensing for the Windows Server operating systems must be provided by Skyscape.

Microsoft do offer a scheme called “License Mobility” which allows additional software such as Exchange, SQL, etc. to be provided by the customer where the customer has appropriate Microsoft licensing as per the licenses terms and conditions and usage rights.

RHEL: If the operating system is RHEL, then either UKCloud or the consumer can license it.

The consumer is responsible for ensuring correct licensing for any other operating system they chose to install.

Q What antivirus do you offer on this service?

Customers are advised to install their own AV software. UKCloud does not provide AV software.

Q What applications are available as part of the default service?

UKCloud does not offer any additional software other than those present on the UKCloud Portal catalogue. Any additional software, including the licencing of, is the responsibility of the consumer.

Q Is Open Virtualisation Format (OVF) for virtual machine images supported?

Yes, OVF images can be uploaded to the platform and VMs built in the platform can be downloaded as OVF.

Q What is Bring Your Own licencing for Red Hat?

BYO licencing for Red Hat allows customers to select Virtual Machines (VMs) running on the UKCloud assured cloud platform to be covered by their own commercial agreement with Red Hat.

In these cases, UKCloud will remove the cost of the Red Hat licence from the customer’s monthly bill for the selected VMs.

Initially, customers should raise a service request to advise UKCloud of which VM’s they will be covering with their own Red Hat licencing

Q How do I raise a support ticket?

A secure online UKCloud Portal provides the most common Service Management functionality. Alternatively, Support can be reached by telephone or email.

Q How do I manage my services?

This will depend on the security domain used to host the data. Services on the Assured OFFICIAL platform, can be managed over the internet (or other connectivity) by accessing the UKCloud Portal. The Elevated OFFICIAL, the security requirements are much stricter and require either a PSN approved connection, UKCloud’s Secure Remote Access or self-managed CPA approved VPN solutions (e.g. site-to-site VPN).

Q What are your service maintenance windows?

UKCloud will adhere to the following in terms of maintenance windows;
“Planned Maintenance” means any pre-planned maintenance of any infrastructure relating to the Services. UKCloud shall provide the Client with at least 14 days advance notice of any such planned maintenance: Planned maintenance of UKCloud’s infrastructure relating to the Services shall happen between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of 08:00 and 12:00 (UK local time) on a Saturday and/or Sunday.
No planned maintenance will take place on a Saturday unless agreed in advance by both parties;
Planned Maintenance shall be included in any availability calculation in regard to service credits and included in the monthly service reporting;
“Emergency Maintenance” means any emergency maintenance of any of the infrastructure relating to the Services. Whenever possible, UKCloud shall provide the Client with at least six (6) hours’ advance notice:
Whenever possible Emergency Maintenance of UKCloud’s infrastructure will happen between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday and/or between the hours of 08:00 and 12:00 (UK local time)on Saturday and/or Sunday unless there is an identified and demonstrable immediate risk to a Clients environment;
Emergency Maintenance shall be excluded from any availability calculation in regard to service credits but shall be included in the monthly service reporting.

Q How can I get started with the service?

Within 4 hours of acceptance of an order, UKCloud will create the Customers Primary Administrator account and send the consumer a Welcome Pack which includes the URL for the UKCloud Portal and associated authentication details.
The Customers Administrator is then able to create additional accounts for users within their project. Each user can then simply log on and begin using the service (security domain and connectivity dependent).
As UKCloud has two UK DC’s, a consumer can request to be deployed into a specific one at the time of the order if they require. Whilst unlikely to ever be rejected, this remains at UKCloud’s discretion.
Additionally, UKCloud offers a free 30 day trial of the service, enabling Customers to test the service risk free.

Q Can I create a Clone of my environment?

Yes, this is done through the UKCloud Portal, by right clicking on a VM and selecting “Clone”. This operation can also be performed programmatically via the API.

Q Does UKCloud backup my VM’s?

An Automated VM Backup facility is available for all VMs and for certain service levels is included in the price.

T&D, ESSENTIAL and BASIC do not include automated VM backup.

The STANDARD and ENHANCED service levels by default includes a 14 day automated VM backup within the price.

Q What SLA do you offer on backup success?

The Automated VM Backup service does not include a SLA. Customers should be aware that the backup may occasionally fail for a variety of reasons. The status of Automated VM Backups is monitored continuously and the UKCloud support team will investigate all failures.

It is not always possible to re-run the Automated VM Backup, so if customers require a guaranteed daily backup of their VM it is essential that they implement their own backup solution which would be entirely under their control. The UKCloud Storage platform could be an appropriate target for self-managed backups using software such as Commvault, NetWorker, etc.

Q How quickly can a machine be restored?

This is dependent on the size of VM, the location being restored from and the priority of the support ticket raised to request the restoration

Customers should expect recovery to require 2-3 days. if customers require a faster recovery time of their VM it is essential that they implement their own backup solution which would be entirely under their control. The UKCloud Storage platform could be an appropriate target for self-managed backups using software such as Commvault, NetWorker, etc.

Q How do my automated VM backups get restored?

Customers who have access to the support ticketing system are able request VMs to be restored.

UKCloud will restore the whole VM image to the customer’s Virtual Data Centre, for the customer to then manage the restoration of either individual files or the whole VM.

Q Do automated VM backups include my Virtual Data Centre (VDC) Configuration?

Configuration of VDC items such as virtual firewalls, load balancers, virtual networks, etc are backed up at a platform level and cannot be restored on a customer by customer basis.

Customers can create an individual backup of these items via the vCloud API.

Q Is the Automated VM Backup solution suitable for all data?

Yes, the Automated VM Backup solution is available on both the Assured OFFICIAL and Elevated OFFICIAL platforms.

Q Is the automated VM backup full or incremental?

UKCloud will take a full backup every day.

Q What is the automated VM backup frequency?

Once every 24 hours.

Q Can I set my own schedules?

Custom schedules are not currently supported. Customers can install their own backup service and leverage the UKCloud Storage platform if more flexibility is required.

Q Can I backup a VM on demand?

Not with the UKCloud Automated VM Backup service.

As an alternative, customers can take a snapshot of their VMs on demand, or install their own backup service and leverage the UKCloud Storage platform.

Q Is Automated VM Backup snapshot-based or conventional file-based?

The Automated VM Backup service creates a crash consistent snapshot of the virtual machine which is then copied to our dedicated purpose built backup system.

It is not possible to restrict the Automated VM Backup to specific files or directories. Customers can install their own backup service and leverage the UKCloud Storage platform if more flexibility is required.

Q Can I recover individual files using the UKCloud Automated VM Backup?

To restore individual files, users will need to extract those files from the whole VM image which UKCloud can restore to a new VM. Users can access this new VM, find and then transfer the required data to the original VM. Standard charges will be incurred for the temporary VM.

Q Can I use my own backup software?

Yes, this is done by simply installing appropriate backup software within the VM and specifying the backup location.

A typical scenario would be to use a commercial backup solution (such as Symantec NetBackup, CommVault, EMC NetWorker,etc.) that points to a cloud storage service such as UKCloud’s Cloud Storage.

Q Where is the data backed up to?

By default, the backup data resides in a different (remote) data centre to the original VM.

With the ENHANCED service, there are backups available in both the local and remote data centres.

Q Can I specify my own backup location?

Not as part of the UKCloud Automated VM Backup service. Customers are able to install and configure their own backup solution to achieve this.

Q How do I use the automated backup service?

At STANDARD & ENHANCED backup is started automatically at the next backup window.

Q Can I set a global policy for all VMs within the organisation?

No, the policy is based on the Service Level that is assigned to the VM.

Q Does any software need to be installed on my VM’s?

The Automated VM Backup works directly with the cloud platform to capture the entire VM, hence there is no requirement to install any software within the VM.

For customers that prefer an application consistent backup rather than a crash consistent backup, UKCloud recommend the installation of VMtools and the configurations of appropriate pre-backup and post-backup scripts.

Customers can install their own backup software and leverage the UKCloud Storage platform if more flexibility is required.

Q How is the Automated VM Backup service charged?

The Automated VM Backup service is included in the STANDARD and ENHANCED service and available a per VM add on for BASIC and T&D solutions.

Q Does UKCloud provide a Disaster Recovery option?

An automated replication and failover service is included for VMs at the ENHANCED service level.

This provides synchronous data replication enabling a near zero recovery point objective (RPO).

The recovery time objective (RTO) for the ENHANCED service level is dependent on the nature of the disaster or failure scenario. Whilst VMs at the ENHANCED service level will be automatically restarted at the other data centre in some scenarios, there are other scenarios where manual intervention by UKCloud will be required and where the recovery time might be extended to hours rather than minutes.

For customers that require more control and assurance around how data is replicated, how the DR service is tested, how the solution handles failover and failback, UKCloud recommends that customers create their own DR solution by leveraging independent sets of VMs at the BASIC or STANDARD service levels.

Q How does UKCloud enable customers to create their own disaster recovery solutions?

UKCloud has designed the cloud platform to mitigate the impact of component failure by limiting the size of failure domains. A failure domain is the extent of the system which a significant failure (or disaster) can affect. This is sometimes referred to as an availability zone. At a macro level, UKCloud Compute-as-a-Service has three availability zones:

• Availability zone 1: The independent cloud platform at the Corsham site
• Availability zone 2: The independent cloud platform at the Farnborough site
• Availability zone 3: The stretched cloud platform that spans both sites

The vast majority of failure scenarios will only affect the availability of the cloud platform within an availability zone. For those scenarios, deploying across multiple availability zones will provide effective mitigation. However, some rare failure scenarios (such as DDoS or Split Brain) could affect the availability of the cloud platform at both sites. These scenarios can be mitigated by deploying across multiple cloud providers. Clearly, customers need to balance the low probability of these failure scenarios occurring with the cost and complexity involved in mitigating the impact of these unlikely failures.

UKCloud exposes these availability zones to our customers via service levels:

• Each virtual machine at our Test & Development (T&D)/ESSENTIAL, BASIC or STANDARD service levels can either exist within either availability zone 1 or availability zone 2
• Each virtual machine at our ENHANCED service level exists within availability zone 3

This design enables customers to deploy services at the BASIC/STANDARD service level across two availability zones so that the impact of a significant failure does not affect the availability of their application. It also enables solutions which are not able to replicate and failover within the application layer to benefit from a degree of disaster recovery by leveraging automated replication and failover at the infrastructure layer via the ENHANCED service level. The downside of this approach is that the ENHANCED service level is effectively a single failure domain, so certain failures can impact application workloads running exclusively at the ENHANCED service level.

Q What is the smallest unit of time that I will be billed for?

The minimum unit of time for use is 1 hour. Part hours will be rounded up.

Dedicated Compute has a minimum commit of 3 months.

Q What are the charges to transfer data between virtual machines within the same data centre?

None. Data transfer between VM’s within this scenario is free.

Q How can I view billing information?

Billing information is available through our online portal.

Q How can I pay for the services?

Billing for the service is:

• Via purchase order
• At point of order for upfront fees
• Annually in advance for pre-payment fees
• Monthly in arrears for monthly fees

Payment can be made by direct bank transfer (BACS/CHAPS).

Q What are the termination fees?

There are no termination costs for most services.
UKCloud may make an additional charge for transferring data out of the service.

Q What data is suitable for the UKCloud assured cloud platform?

Optimised for OFFICIAL — hosted in the UK and operated by SC-cleared staff, the service benefits from extensive independent validation (including CESG PGA) that it is properly aligned with CESG Cloud Security Principles, making it the ideal service for all data classified at OFFICIAL (including OFFICIAL-SENSITIVE) and legacy IL0–IL4 solutions

Q Can systems on different UKCloud platforms communicate with one and another?

UKCloud has a cross domain secure zone that allows customers to use the UKCloud defined and managed Cross Domain Guard, or the customer designed and managed Cross Domain Solution to enable communication between platforms.

For more information see the Cross Domain Security Zone for further information.

Q Is there a protective monitoring service?

Protective Monitoring is included for our IaaS platform and follows GPG13.