OVH - Hosted Private Cloud with VMware

Service scope

Service constraints: OVHcloud are in control of the management layer. This means there are some limitations for the customer when it comes to Orchestration Management and virtualised network controllers/manager. Some service features embedded within the control plane cannot be deployed. However, this is a small minority.
System requirements: OVHcloud vShpere Clusters operate based on VMware limits.

User support

Email or online ticketing support: Email or online ticketing
Support response times: STANDARD (Included) Standard support is the support that is provided for every customer when they buy from OVHcloud. Online content provided in the form of Guides, FAQ's and ticketed portal, provided during business hours. Initial response time: <8 hours. BUSINESS (+10% of monthly bill) For companies that have their own commitments, provided is 24/7 access to OVHcloud team of experts. Initial response time: 30 minutes. ENTERPRISE ( +20% of monthly bill) For companies that have their own commitments, provided is 24/7 access to OVHcloud team of experts. Initial response time: 15 minutes. Also included a nominated Technical Account Manager.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: STANDARD (Included) Standard support is the support that is provided for every customer when they buy from OVHcloud. Online content provided in the form of Guides, FAQ's and ticketed portal, provided during business hours. Initial response time: <8 hours. BUSINESS (+10% of monthly bill) For companies that have their own commitments, provided is 24/7 access to OVHcloud team of experts. Initial response time: 30 minutes. ENTERPRISE ( +20% of monthly bill) For companies that have their own commitments, provided is 24/7 access to OVHcloud team of experts. Initial response time: 15 minutes. Also included a nominated Technical Account Manager.
Support available to third parties: No

Onboarding and offboarding

Getting started: OVHcloud provide online guides, FAQ and OVH community. Regular OVHcloud academies.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: There is no set method. VMDK file extension is agnostic and not constrained to OVHcloud. Users may use their own preferred extraction methods.
End-of-contract process: Services cease and hardware is wiped and reprovisioned for usage. There are no costs or hidden activities.

Using the service

Web browser interface: Yes
Using the web interface: Users may manage their infrastructure through vSphere as a service (VSaaS) interface, which is provided via SSL gateway. Users may use the ovhcloud website in order to activate and provision Private cloud SDDC, additional hosts, datastores and IP addresses.
Web interface accessibility standard: None or don’t know
How the web interface is accessible: Through the private cloud SSL gateway, users are able to manage their private cloud SDDC infrastructure. OVHcloud have built a plug-in for the vSphere client which allows on demand ordering of hosts and datastores. Within this plug-in it is also possible to see available public IP address ranges and which of these have been assigned. Users may access the ovhmanager via the ovhcloud website in order to manage users with some control over granuality.
Web interface accessibility testing: None
API: Yes
What users can and can't do using the API: OVHcloud provides access to the Application Programming Interface (API), which includes all possible actions from the client space (Manager OVH). Based on a RESTful standardized architecture, these interfaces enable: Consult all the services you have subscribed (Private Cloud, vRack, etc.), Interact directly with these services (status, add options, vRack association, etc.), Order new services (calculation resources, public IP, etc.), View its billing information or payment status. These interfaces can be used through a web interface (https://api.ovh.com) or directly through a web call within the scripts of our clients. The OVHcloud API is available at https://api.ovh.com OVHcloud APIs are used securely for the web interface via OVHcloud client identifiers and for use in third-party applications/scripts using 3 elements: Application Key, Secret Application, Consumer Key The Consumer Key determines the application/script permissions. Each call to APIs is signed and timestamped. To allow the integration of OVHcloud APIs into software, OVHcloud provides code elements to consume APIs in different programming languages: Java, Swift, Golang, Python, JSnode, PHP, C#, Crystal. With OVHcloud's Private Cloud solution, access to the VMware API is provided. This is the vSphere API provided by VMware with the following characteristics: XML/SOAP/WSDL Documentation on this API is available here: https://www.vmware.com/support/developer/vc-sdk/
API automation tools: Ansible

Chef

Terraform

Puppet

Other
Other API automation tools: Private cloud is running VMware API
API documentation: Yes
API documentation formats: HTML
Command line interface: Yes
Command line interface compatibility: Other
Using the command line interface: Using VMware PowerCLI it is possible to connect to the vSphere HTTPS. There is no set limit on user connectivty, but there will be some limitation on certain commands because the management layer is handled by OVHcloud, the list of commands is too extensive to list but administration of the platform can be peformed by those connecting assuming the correct permissions are in place.

Scaling

Scaling available: Yes
Scaling type: Manual
Independence of resources: OVHcloud VMware Software Defined Data Centre is based upon dedicated physical hosts, meaning there is no resource contention with other users on the OVHcloud platform.
Usage notifications: No

Analytics

Infrastructure or application metrics: Yes
Metrics types: CPU

Disk

Memory

Network
Reporting types: API access

Real-time dashboards

Resellers

Supplier type: Reseller (no extras)
Organisation whose services are being resold: OVH Cloud

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed

Hardware containing data is completely destroyed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery: Yes
What’s backed up: Virtual Machines
Backup controls: Using a single pane manager, it is possible to enable Backup for Virtual Machines. There are three backup options per SDDC, STANDARD, ADVANCED & PREMIUM. Price is per Virtual Machine based on its disk provisioned size. STANDARD provides 14 resport points (2 of which are full backups). ADVANCED and PREMIUM offer 35 restore points (of which 5 are full backups). Premium offer also provides long term retention. Behind the scenes, data is replicated to two OVHcloud datacentres.
Datacentre setup: Multiple datacentres with disaster recovery

Multiple datacentres

Single datacentre with multiple copies

Single datacentre
Scheduling backups: Users schedule backups through a web interface
Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network
Data protection within supplier network: Other
Other protection within supplier network: Inside private cloud, there is a software defined network which emulates the network between virtual machines. Customer can activate vRack between its private cloud and others OVHcloud products to have a private connectivity. Vrack is equivalent to VLANs. Customer have the responsibility to encrypt any sensitive data sent into the network.

Availability and resilience

Guaranteed availability: Service Component Availability Commitment: SLA of 99.9% applied to SDDC HCI for the following: Host Server, Storage, Network : Public & Private network connectivity (excludes vRack) & Connectivity 99,99% : Replacement of defective Host Server within 43 minutes. If it cannot be replaced within 43 minutes, XX% of the price paid by the Customer for the Host Server will be reimbursed.
Approach to resilience: OVHcloud has implemented redundancy mechanisms to ensure compliance with regulatory, statutory and contractual obligations. OVHcloud maintains a framework that is consistent with industry best practices for the Business Continuity and Disaster Recovery Program at all levels. OVHcloud provides customers multiple datacenters for Geo redundancy, system functionality allows customers to capture and restore virtual machine images at any time to support their resiliency needs. ESXi hosts have RAID configured for disk redunancy, ESXi host Network cards are configured in pairs for redundancy. vCenter backups are taken daily. Datacentres are stocked with replacement parts and have a repair workshop. Systematic dual power supply: Every datacentre is supplied by two separate power sources. In the event of failure, generators are on standby to take over. Datacentres have a minimum of 2 incoming network feeds; inside, 2 twin network rooms which can take over from one another.
Outage reporting: OVHcloud provide different levels of services with specific means of communication to customers. At a basic level, Communication with OVHcloud is through Customer Advocate, who is the unique point of contact with customers. -Customers open tickets to get assistance. -Incident or Event communication : Website http://travaux.ovh.com is communication canal used for our customers In case of the subscription to the Professional Services support, communication with OVHcloud is through Technical Account Manager (direct call /mail).

Identity and authentication

User authentication: Username or password
Access restrictions in management interfaces and support channels: OVH access control policy based on the principles of least privilege and segregation of duties. Customer solutions reside on their own dedicated VLAN. Implement role-based access controls and require authorized users privileges via group membership. Administration access is managed through Bastions Servers with limited access to the specific IP address ranges. A regular review of access is carried out as part of the monitoring and review activities implemented by OVH.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Dedicated link (for example VPN)

Username or password
Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: KPMG Audit plc
ISO/IEC 27001 accreditation date: 08/11/2019
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: Yes
CSA STAR accreditation date: 05/06/2018
CSA STAR certification level: Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover: N/A
PCI certification: Yes
Who accredited the PCI DSS certification: XMCO
PCI DSS accreditation date: 1/12/2023
What the PCI DSS doesn’t cover: N/A
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: ISO 27017

SOC 1 (SSAE18/ISAE 3402)

SOC 2

CISPE code of conduct

HDS (Healthcare Data Hosting in France)

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: OVHcloud management put in place an (ISMS) Information Security Management System according to ISO 27001: 2013. Policies and processes are documented and available via intranet to the employees. The scope of the Information Security Management System covers providing and operating OVHcloud's Private cloud computing infrastructure. The Information Security Management System includes all the following processes: host and datastore management, maintenance, customer virtual machine environment, core business scripts, availability indicators, sales offers and virtual machine backup. On an annual basis OVHcloud is audited by third-party auditors, to obtain an independent attestation of compliance with our policies and procedures for ISO 27001:2013 & ISO27017, SOC1 & SOC2 Type II, and Healthcare Data Hosting (french norm from ANS).

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Changes in the hardwares, including applications are managed with the Technical analysis method and in dedicated environments. Security is an integral part of this method from the start and throughout the project life cycle. We create a technical analysis when: - the network architecture changes permanently ; - the flow diagrams changes permanently ; - we add / remove a feature (server, network equipment); - we modify, create a new organizational process.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: OVH has set up a monitoring process for managing vulnerabilities, analyzing, evaluating exposure to these vulnerabilities, documented and take appropriate measures to cover the associated risks. It complies with ISO 27002 and ISO 27005. Vulnerability scans are performed periodically by an approved entity. We are in constant contact with our suppliers and the community (CERT) to identify new threats. Our teams are able to decide to deploy a patch in 24 hours, and to ensure that the patch is deployed in one hour on a large scale (in case of a patch that is qualified as "critical").
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: The OVH SOC (Security Operations center) team monitors 24/7 the security issues (suspicious and unusual activities) and triggers the protection procedures. Several monitoring mechanisms are in place depending on service level and segment. Customer is notified depending on the nature of the problem. Without user action or response, we can block infrastructure connectivity to prevent the spread of the attack. Response time depends on support level : we can garantee 30 minutes response delay on "business" or "enterprise" support.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: An incident escalation process is implemented, to facilitate a response to security events which includes identification, analysis (scope and impact ), solutions, and lessons learned in alignment With ISO 27001 standard. Formal procedures are implemented for feedback and reporting of events related to information security. Users can report incident by ticketing system or by phone. We recommend ticketing system (delays for SLA are linked to ticket submission). We provide formal incident reports by mail to customers of our higher support level.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Supplier
Virtualisation technologies used: Other
Other virtualisation technology used: VXLAN / Q in Q
How shared infrastructure is kept separate: The network layer is shared between our customers. A segmentation of customer infrastructures is realized through our "vRack" solution enabling our customers to interconnect Level 2 machines across our backbone in a secure manner. Private cloud as a product is provided using VMware virtualisation technology but this is completely dedicated and not shared.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: OVHcloud is a responsible global hyperscale cloud provider, which is highly committed to energy efficiency as part of environmentally sustainable digital services. With a vertically-integrated value chain, OVHcloud manufactures its servers, and designs its own datacentres. This enables maximum efficiencies and inclusion of ongoing innovations, able to achieve a leading Power Usage Effectiveness (PUE) ratio of 1.09. OVHcloud has pioneered water cooling systems for greener technology since 2003, and since 2013 our energy procurement policy has focussed only on green power and 100% renewable energy sources. Water Usage Effectiveness is extremely low (~0.29) because the cooling technology is based on closed loops using very little water. And carbon footprint is 50g CO2/MWh. Continuity planning is considered in the design, monitoring and management of datacentres using added isolation and backup energy systems. Through designing our data centres to run without air conditioning and recycling our components for secondary markets to prolong their life cycles we maintain an environmentally friendly approach in all our design, manufacturing and operational processes. In recognition of this Francois Sterin, OVHcloud Chief Insdustrial Officer, was named in The Data Economy Climate 50, a list of the world’s most influential climate sustainability leaders in data centres and cloud.

Social Value

Fighting climate change
Equal opportunity

Fighting climate change

From OVHcloud earliest days, we have been committed to sustainability - reducing IT components waste, optimizing data center energy consumption, innovating for more efficient cooling systems. We know this not only benefits the environment but business, too. By striving to be frugal in our design and innovative in IT, we help our ecosystem become increasingly sustainable and strong - minimizing environmental impact and driving up performance. For us, the two go hand in hand. This approach is reinforced across European, with the recently published Climate Neutral Datacenter Pact, initialized through CISPE (of which we are a founding member) and we want to go further, leading the way at the European level - empowering our ecosystem, clients, partners and employees to keep pushing on to increase cloud sustainability.

Equal opportunity

OVHcloud strongly advocates equal opportunity and regularly holds internal meetings on such matters. We also publish a corporate code of ethnics that includes : Communicate in a people centred environment, where respect and diversity flourish. Select and support our employees by considering only their skills. Make sure that our vendors, partners and customers are aware of our policy regarding diversity, and also commit to this approach. Further more OVHcloud refuses to advocate or practices any form of discrimination or harassment related to a person’s gender, disability, family situation, political involvement, religious faith, sexual preferences, union activities or ethnic origins.

Pricing

Price: £1,699.48 a unit a month
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: 1 Month SDDC Private cloud PREMIER 48 comprising 2x hosts each with 48Gb RAM and 12 cores. 2 x 3TB datastores. 10Gbps Internet. Anti-DDoS. Private Network vRack with 4000 vLAN. VMware Enterprise Plus SDDC vCenter vSphere 7.x. Software Defined Network NSX. vRealize Operations

OVH - Hosted Private Cloud with VMware

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

OVH - Hosted Private Cloud with VMware

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents