Cloud Native Infrastructure

We recognise that the cloud has become a proven destination for traditional enterprise workloads, however customers have evolved the way they develop and deploy their solutions. They now look to a true digital cloud platform designed specifically to deliver their cloud native applications. Our Cloud Native Infrastructure platform offers native OpenStack® Compute, Network and Storage technologies to deliver these modern workloads.

G-Cloud Service ID number: 6713 0358 6663 496 (Assured) 5231 9000 6883 416 (Elevated) 


Powered by OpenStack®, UKCloud’s Cloud Native Infrastructure provides a full suite of modern, highly scalable and flexible IaaS services that address the needs of DevOps and WebOps communities.
Cloud Native Infrastructure is engineered specifically for organisations embracing digital transformation and delivering true cloud-native applications; facilitating the creation of elastic infrastructure as code which can be built once and run anywhere at any time, taking full advantage of the benefits of cloud.

For further information around OpenStack, please click here:


Feature Benefit
Powered by OpenStack, the open source software data centre The most widely adopted and understood open source cloud platform
Globally backed familiar cloud platform Active open source community of 6,000 individuals and 1,000 organisations.
Truly open, vendor neutral Supports the UK Public Sector desire to avoid vendor lock-in
Access to a vast catalogue of free open source tools Accelerate cloud development and reduce cost through sharing code
Compatible with AWS CloudFormation via HEAT templates Leverage your existing investment in AWS technologies
 Span your infrastructure across on-premises, private cloud and Crown Hosting Support your hybrid and multi-cloud cloud strategies whilst reducing risk
Assured; UK hosted by SC and NPPV cleared personnel Have confidence in who has access to your data
Platform spans two UK data centres separated by over 100km. Architect solutions with confidence that applications and services remain available
Connect over the internet, PSN, N3/HSCN or Janet Choose the right network to connect your solution to
24/7 service desk included as standard with SLA response times Feel supported to get the best from your application


Our Cloud Native Infrastructure Service is underpinned by a range of features that make it easy to use and control. Using the secure UKCloud Portal, Horizon dashboard or feature-rich native OpenStack API, you can:

  • Programmatically control and gain platform visibility through the familiar OpenStack API, from controlling your instances through to networks and routing
  • Deploy and manage virtual load balancers to support resilience at the application level
  • Reconfigure virtual hardware on demand – changing memory, processors, network and storage programmatically to react in near real time to demands on your applications
  • Interact programmatically with the instance operating system (OS) at deployment or when scaling/contracting your solution, helping to reduce the time to value on any changes to your environment
  • Use the global ecosystem of OpenStack tools and applications
  • Upload custom instance images, applications and data, or select from UKCloud’s catalogue of template-based standard OS configurations
  • Set and control access, user profiles and capabilities


  • Based upon Mitaka, the 13th release of OpenStack
  • The following OpenStack projects/services are available –
    • Nova Compute
    • Glance Image Service
    • Cinder Block Storage
    • Keystone authentication
    • Neutron Networking Services
  • Interact with OpenStack programmatically using its native API, or drive it via the Horizon dashboard
  • Free ephemeral storage provided with each instance
  • Persistent and resilient block storage capabilities delivered using Ceph
  • Compatible with AWS compute services via OpenStack’s EC2 API and HEAT templates


Our Cloud Native Infrastructure has been designed around the requirements of cloud-native applications, in which an instance should be both disposable and stateless. The SLA is not, therefore, based on the availability of individual instances. Instead we offer an SLA based on the ability to scale your environment or re-instantiate an instance, either manually or programmatically via the OpenStack API.
The table below outlines the SLA and Service Credit details. For more information, see the terms and conditions.

Service level agreement
Infrastructure platform per region 99.95% Control plane (OpenStack API and Horizon GUI) 99.95%
Customers should increase the availability of their solutions by engineering them across multiple regions.
Availability calculation Availability is calculated based on the number of hours in the billing month (for example, 744 hours for months with 31 days), excluding any planned and emergency maintenance.
SLA event Infrastructure platform – inability to deploy/re-instantiate a instance via the API at the same time as an existing instance failing.
Control plane – inability to receive a response to any valid requests submitted to the appropriate OpenStack API endpoint after seven retries in any consecutive 10-minute period.
Key exclusions The following are examples of what is not covered by the SLA:

  • Faults within your control, such as client applications and custom configurations (for example customer defined networks)
  • Faults within external connectivity providers (for example internet, PSN, Janet or N3/HSCN) and components co-located at UKCloud.
Service Credit
Infrastructure platform
Per region
2% of monthly spend
10% of monthly spend
Control plane
1% of monthly spend per 1% below service level target or part thereof



Q     What is the service?

Cloud Native Infrastructure from UKCloud is an OpenStack powered Infrastructure as a Service (IaaS) offering which enables organisations to rapidly provision and scale secure instances in seconds, in a flexible and autonomous manner.

UKCloud provides this service across two security domains, Assured OFFICIAL (formerly PGA IL2) and Elevated OFFICIAL (formerly PGA IL3), and with a range of service levels offering up to 99.95% availability. This choice allows customers to precisely match application and user needs to an appropriate security domain, service level and cost, instead of designing to the highest level which may not always be needed.

Q     Do UKCloud offer dedicated, bare metal host capabilities (openStack Ironic) within CNI?

UKCloud currently does not offer dedicated, bare metal host capabilities with its CNI product. UKCloud offers its ‘Private Cloud – Compute’ product which provides dedicated compute capabilities for use with OpenStack; please visit the Digital Marketplace or contact your Account Director for further details.

Q     Which Disk formats does Cloud Native Infrastructure support?

The disk format of a virtual machine image is the format of the underlying disk image. Virtual appliance vendors have different formats for laying out the

information contained in a virtual machine disk image.

Set the disk format for your image to one of the following values:

Aki – An Amazon kernel image

Ami – An Amazon machine image

Ari – An Amazon ramdisk image

Iso – An archive format for the data contents of an optical disc, such as CD-ROM

qcow2 – Supported by the QEMU emulator that can expand dynamically and supports Copy on Write

Raw – An unstructured disk image format; if you have a file without an extension it is possibly a raw format

Vdi – Supported by VirtualBox virtual machine monitor and the QEMU emulator

Vhd – The VHD disk format, a common disk format used by virtual machine monitors from VMware, Xen, Microsoft, VirtualBox, and others

Vmdk – Common disk format supported by many common virtual machine monitors

Q     What hypervisor do you use?

UKCloud’s Cloud Native Infrastructure is built using Red Hats KVM hypervisor technology, a trusted solution for implementing virtualized environments.


Q     Can instances have different service levels?

Cloud Native Infrastructure is a cloud platform built specifically for cloud native applications which have been engineered to use stateless, disposable instances. Due to the disposable design constructs of customer solutions, only a single service level is required.

Q     Are instances contended?

Instances are contended using the default OpenStack ratios against the following resources:

  • CPU – 16:1
  • Memory – 1.5:1

Q     Do I get root access onto the instances I deploy?

Yes, as this is a true IaaS cloud service, you have complete control and autonomy over each instance you deploy, and so have full ‘root’ or administrative access.

Q     What instance sizes are available?

UKCloud offers a variety of flavours to meet customers’ needs. The smallest configuration is 512MiB and 1 vCPU. The largest is 64GiB memory with 8 vCPU.

Check the service definition for more details on the currently available sizes.

Q     Does Cloud Native Infrastructure offer GPU optimised instances?

Currently UKCloud does not offer GPU optimised OpenStack instances

Can I resize an Instance?

Yes, you can change processor, memory and storage allocations via the self-service Portal and API.

Processors and memory can be added to or removed from instances if the OS supports the ‘hot add’ capability.

Increasing CPU or memory allocations may result in the instance being billed at a higher rate.

Additional instance storage can be allocated instantly and will be billed on a per GiB basis.

Q     What is the speed of each vCPU?

This is set at 2.4 GHz across instances.

Q     Does UKCloud offer encryption on instances?

Not by default but, if it’s required, you can implement it using a technology of your choice.

Q     Is UKCloud’s encryption service available for Cloud Native Infrastructure?

Not currently, but we are looking into options for G‑Cloud 9.


Q     How many IP addresses do I get?

You’re initially allocated three external IP addresses with each OpenStack project.

You can ask for more external IP addresses via a Service Request in the UKCloud Portal.

Q     How many network routers do I get?

You’re initially allocated two network routers with each OpenStack project.

You can ask for more external IP addresses via a Service Request in the UKCloud Portal.

Q     How many PSN IP addresses do I get?

Customer organisations are initially allocated one external PSN IP address.

Additional external PSN IP addresses can be requested via a Service Request should a valid business requirement arise.

Q     What firewall services are available?

UKCloud controls and manages a perimeter firewall on the edge of our Assured cloud platform which securely segregates traffic.

You can also use your preferred software firewall and security appliances deployed within your project.

Q     How does UKCloud provide urgent maintenance notifications and incident reports?

You can view these on the notifications page on the UKCloud Portal. In addition, Service Status reports are published on the Portal.

Q     Do you offer dynamic or static IP addresses?

The external IP addresses are static. Internal IPs can be assigned statically from a pool, manually or dynamically via DHCP.

Q     Are external Domain Name System (DNS) services available?

No, we don’t currently offer this service. You can implement your own DNS servers within your solution, or configure your virtual firewall to enable connectivity to an externally hosted DNS server — for example, one hosted on a government secure network such as PSN or N3/HSCN; or one available on the Internet such as Google

Q     Are domain name registration services available?

No, we don’t currently offer this service. Some government secure networks (such as PSN and N3/HSCN) offer domain name registration and DNS hosting as part of their service.

For internet-facing services a third-party DNS provider will be required.

Q     Is Network Time Protocol available for time synchronisation?

Network Time Protocol services will initially only be available via public NTP servers.

Q     Can UKCloud provide SSL certificates or can existing SSL certificates be used?

UKCloud doesn’t provide SSL certificates, but you can use your existing ones.

Some government secure networks (such as PSN and N3/HSCN) provide SSL certificates as part of their service.

Q     Do you offer load balancing?

Yes. Load balancing can be configured within the service with one free cloud load balancer being provided per project

  • Supported algorithms: Round Robin, Source IP, Least Connected

Arriving Q4 2016

Q     Can I deploy my own load balancer?

Yes, you can deploy your own load-balancing virtual appliance (for example, F5, Stingray, Zeus) if support for other algorithms is required.

Q     Do you have an IPSEC VPN connection for uploading sensitive data?

We currently do not offer any VPN/Tunnelling as a Service from within the CNI product. Customers can create their own VPN endpoints by deploying a software appliance such as pfSense on an instance within their project.


Q     How much storage do I get with an instance?

The default amount of storage which comes with each instance is 60GiB of ephemeral storage, the exception being our t1.nano flavour which comes with 10GiB ephemeral storage.

All ephemeral storage is fixed and cannot be increased.

Q     How do I scale beyond the default allocation of ephemeral storage?

Cloud Native Infrastructure is available with persistent block storage options. Persistent block storage is resilient, distributed block storage that can be moved between instances and retain data in the event of an instance becoming destroyed or unavailable.

You can quickly and easily allocate additional persistent block storage via the self-service dashboard or API, which will be charged on a per-GiB basis.

Q     Can I reallocate storage across instances?

No, storage pooling isn’t possible. Each instance must have a minimum of 60GiB (except t1.nano).

You can quickly and easily allocate additional persistent block storage via the self-service dashboard or API, which will be charged on a per-GiB basis.

Q     Is instance storage persistent?

No, the ephemeral storage provided with each instance is non-persistent and any data stored on it will be deleted at the point an instance is terminated.

Q     Is Object Storage (OpenStack Swift) available?

Unfortunately, the OpenStack Object Storage service (Swift) is not currently available on CNI. However, UKCloud offers Cloud Storage, a separate S3 compatible Object Storage service which can be used in conjunction with OpenStack; please visit the Digital Market place or contact your Account Director for further details.

Q     What is the fastest way of importing large amounts of data onto the UKCloud platform?

The speed of data transfer to the UKCloud platform isn’t guaranteed. However, during tests of the upload and download speeds, an average of 8 Mbit/s was achieved for image import/export and 40 Mbit/s for data transferred over FTPS.

For a transfer time calculator, go to:

If you use FTPS to upload data to or download it from your environment, you can transfer up to 1TiB of data in a day.


Q     How do I access my solutions?

You can access your instances using:

  • The remote console via the OpenStack dashboard
  • Remote access protocols (such as RDP/SSH) over a VPN or secure network

Q     What reports can I get about instances performance?

UKCloud does not currently provide instance performance reports, but you can monitor their performance using standard tools within the operating system.

Q     Does UKCloud patch instances?

No, you are responsible for the patching of your services. We make a patch repository available to you for instances on the Elevated OFFICIAL cloud platform (which doesn’t cannot connect to the internet) for common operating systems that we provide.

Q     How do I find the latest patches to the UKCloud infrastructure?

UKCloud maintains a Knowledge Centre article advising the current patch level of the UKCloud infrastructure. See:

Q     How do I access support and patches for operating systems that UKCloud licenses?

UKCloud provides a repository of patches for common operating systems for customers to access and update from. Please refer to the onboarding guide or the UKCloud Portal’s Knowledge Centre for details.

For support, you’ll need to log a request with UKCloud, who will log the ticket with the relevant supplier. UKCloud will then inform you about any updates. However, UKCloud isn’t responsible for the actual resolution of non-IaaS issues.

Q     Do you have a Key Management System (KMS) for activating Windows?

Yes. A step-by-step guide on configuring and using this service is included in the onboarding guide, available from the UKCloud Portal’s Knowledge Centre.

KMS will be available once we are able to offer Windows licences within the CNI platform

Q     How do I control an instance?

You control an instance via the OpenStack dashboard or API. Controls include stop, start, restart, load media, clone, snapshot, and so on.

Q     Do you monitor instances?

UKCloud monitors the underlying platform but doesn’t monitor your OSs or applications. You can implement your own application performance monitoring solutions within your projects.

Q     Do you offer auto scaling?

OpenStack offers built in autoscaling capabilities using the features of HEAT templates and Ceilometer event monitoring.

Blueprints will be made available in the UKCloud Knowledge Centre to assist with creating autoscaling policies.

Q     How quickly can I scale my service up or down?

Horizontal scale can be achieved quickly by adding additional instances (usually in seconds). Vertical scaling is not recommended for cloud native applications, but can be achieved by resizing an instance to an alternative flavour type (where supported by the guest OS).


Q     What operating systems are available?

UKCloud’s Cloud Native Infrastructure is powered by OpenStack, so is compatible with a wide range of x86/x64 operating systems.

You can use the UKCloud catalogue of operating systems or upload your own.

We offer Windows Server 2008 R2 Enterprise, Redhat Enterprise Linux 6.1 and CentOS 6.1.

Q     How can I licence an operating system?


Microsoft terms and conditions preclude customers from using their own licence agreements for Windows Server in the Cloud. That means all licensing for Windows Server operating systems must be provided by UKCloud.

Microsoft offers License Mobility, a scheme that allows a customer to provide additional software such as Exchange, SQL and so on, as long as the customer has appropriate Microsoft licensing as per the licence terms and conditions and usage rights.

Currently UKCloud are unable to provide Microsoft licences for Cloud Native Infrastructure


RHEL operating systems can be licensed by the customer directly with Red Hat. UKCloud are Currently unable to provide RHEL licences for Cloud Native Infrastructure

The customer is responsible for ensuring correct licensing for any other operating system they chose to install.

Q     How up to date are the operating system images and mirrors?

All CentOS, Ubuntu, Red Hat and Debian distributions are automatically updated to contain the latest patches and releases. For a list of supported operating systems, and instructions on how to access these repositories, see the Knowledge Centre on the UKCloud Portal.

Q     What anti-virus do you offer on this service?

Customers are advised to install their own anti-virus (AV) software, as UKCloud doesn’t provide any.

Q     What applications are available as part of the default service?

UKCloud does not offer any additional software other than what’s included in the UKCloud Portal catalogue. Any additional software, including its licensing, is your responsibility.

Q     What is Bring Your Own (BYO) licensing for Red Hat?

BYO licensing for Red Hat allows customers to select instances running on the UKCloud Assured cloud platform for covering by their own commercial agreement with Red Hat.

UKCloud will remove the cost of the Red Hat licence from your monthly bill for the selected instances. You need to raise a Service Request to let us know which VMs you will cover with your own Red Hat licence.


Q     How do I raise a support ticket?

The secure online UKCloud Portal provides most common service management functionality. Alternatively, you can contact support by phone or email.

Q     How do I manage my services?

Services on the Assured OFFICIAL platform can be managed over the internet (or other connectivity) via the UKCloud Portal.

For the Elevated OFFICIAL platform, security requirements are stricter and require either a PSN-approved connection, UKCloud Secure Remote Access or a self-managed CPA-approved VPN solution (for example site-to-site VPN).

Q     What are your service maintenance windows?

As far as possible, planned maintenance of UKCloud’s infrastructure takes place between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday, or between the hours of 08:00 and 12:00 (UK local time) on a Saturday or Sunday. We provide customers with at least 14 days’ advance notice of planned maintenance.

As far as possible, emergency maintenance of UKCloud’s infrastructure takes place between the hours of 00:00 and 06:00 (UK local time) Monday to Sunday, or between the hours of 08:00 and 12:00 (UK local time) on Saturday or Sunday, unless there is an identified and demonstrable immediate risk to a customer’s environment. Whenever possible, we provide customers with at least six hours’ advance notice of emergency maintenance.

Q     Can I configure email alerts from the Portal?

Yes, you can have Portal notifications sent to you at the email address associated with your Portal login. Notifications provide information about updates to UKCloud services, in addition to maintenance and incident notifications. This feature is currently not available in the Elevated Portal.


Q     Are there any restrictions on the number of instances I can create or manipulate in a single request?

Although designed to be a large scale cloud platform, we strongly advise that when performing operations/requests against CNI you perform these actions in batches of no more than 30 (e.g. only creating batches of up to 30 new instances in a single request). Additional requests can then be made to the platform for subsequent batches.

Q     How can I create additional OpenStack Projects?

Unfortunately, we are currently unable to offer customers of CNI the ability to create their own additional OpenStack Projects. Additional projects are allowed, however these need to be created by UKCloud via a Service Request from within the UKCloud Portal.

Q    How can I create additional OpenStack users?

Unfortunately, we are currently unable to offer customers of CNI the ability to create their own additional OpenStack users. Additional users are allowed, however these need to be created by UKCloud via a Service Request from within the UKCloud Portal.


Q     How can I get started with the service?

Within four hours of accepting your order, we’ll create your primary administrator account, and send you a Welcome Pack, which includes the URL for the UKCloud Portal and associated authentication details.

Your administrator can then create additional accounts for users within the project. Each user can then log on and begin using the service (depending on the security domain and connectivity).

At the time of order, you can specify which of our two UK data centres you’d like to be deployed into. Meeting your request is at UKCloud’s discretion.

Q     Is there a free trial?

We offer a 30-day free trial so that you can test and evaluate our service without commitment. Your trial provides you with a live environment on the UKCloud platform to test our services and check whether they’re suited to your needs.

Before your trial, a Cloud Architect will engage with you to identify the goals you’re working towards, to help ensure that your trial meets those goals.

Throughout the trial period, a Customer Success Manager (CSM) will provide support for any issues you may encounter or questions you may have.

At the end of your free trial, you can seamlessly move to a billed service, leveraging any of the work you’ve already completed in the live trial environment.


Q     Does UKCloud back up my projects or instances?

Cloud Native Infrastructure is a cloud platform built specifically for cloud native applications which have been engineered to use stateless, disposable instances.

UKCloud does not provided automated backups of projects or instances, however it does allow consumers to create snapshots of their instances via the OpenStack dashboard or programmatically via the API. These snapshots when used in conjunction with deployment orchestration tools or infrastructure as code templates such as HEAT allow for environments to be rapidly replicate, redeploy or scale environments.

Q     Can I create scheduled snapshots?

Snapshots cannot currently be scheduled directly through OpenStack, however custom scripts can be created and are available on the internet to enable snapshots to be programmatically set.

Q     How quickly can a snapshot be restored?

Snapshots recovery is full self-service and can be invoked by customers at any time via the OpenStack dashboard or API.

Q     Where are snapshots stored?

By default, all snapshots are stored to our persistent block storage to provide data resilience.

Persistent block storage will be charged by the GiB.

Q     Can I use my own backup software?

Yes, you simply install appropriate backup software within your project and specify the backup location.

A typical scenario would involve using a commercial backup solution (such as Symantec NetBackup, CommVault or EMC NetWorker) that points to a cloud storage service such as our Cloud Storage.


Q     What is the smallest unit of time I will be billed for?

The minimum unit of time for use is one hour. Part hours will be rounded up.

Q     Will I be charged for instances in a ‘Shut Off’ state?

UKCloud will continue to charge for any resources that exist within your OpenStack project regardless of the state they’re in. In order to stop any charges an instance must be fully ‘Terminated’.

Q     What are the charges to transfer data between projects within the same data centre?

None. Data transfer between projects in this scenario is free.

Q     How can I view billing information?

Billing information is available via the UKCloud Portal.

Q     How can I pay for the services?

Billing for the service is:

  • Via Purchase Order
  • At point of order for up-front fees
  • Annually in advance for pre-payment fees
  • Monthly in arrears for monthly fees

Payment can be made by direct bank transfer (BACS/CHAPS).

Q     What are the termination fees?

There are no termination costs for this service. Customers are responsible for extracting their own data from the Cloud Native Infrastructure service if required.

UKCloud may make an additional charge for transferring data out of the service.


Q     What data is suitable for the UKCloud assured cloud platform?

The service is hosted in the UK and operated by security-cleared staff. It has extensive independent validation (including CESG) that it is fully aligned with the 14 CESG Cloud Security Principles, and is therefore ideal for all data classified at OFFICIAL (including OFFICIAL SENSITIVE).

Q     Can systems on different UKCloud platforms communicate with one and another?

UKCloud’s Cross Domain Security Zone allows customers to use the UKCloud-defined and managed UKCloud Guard, or a customer-designed and managed Walled Garden to enable communication between platforms.

For more information, see the Cross Domain Security Zone documentation.

Q     Is there a protective monitoring service?

Protective monitoring is included for our IaaS platform and follows GPG 13.