CDW Limited

CDW VMware (Broadcom) Cloud (VMC) on AWS

VMware Cloud on AWS is an Infrastructure as a
Service (IaaS) offering, leveraging VMware
Cloud Foundation (vSphere, NSX and vSAN) to
deliver software-defined data centres (SDDCs)
as a cloud service on Amazon Web Services
(AWS).

Features

• VMware SDDC delivered as a cloud service on AWS
• On-demand capacity & flexible hourly consumption available globally
• Run on dedicated, elastic, bare-metal AWS infrastructure
• Operates in multiple Availability Zones within the UK and international
• Single user interface and API for on-prem and cloud
• vMotion between on-premises and the cloud
• Automated cluster scaling and host remediation
• Direct Connect and L2VPN connectivity and offline data transfer options
• Access AWS services (EBS, RDS, Lambda, etc..) without network charges
• Delivered as native, fully managed AWS service, operated by VMware

Benefits

• Jointly engineered to deliver the best of VMware and AWS
• Unparalleled security of combined VMware and AWS technologies and operations
• Industry leading portability enables migration to and from the Cloud
• Full operational consistency with on-premise VMware technologies
• Scalable infrastructure available when and where you need it
• Common virtual infrastructure makes hybrid deployments truly possible
• Disaster Recover economics are transformed by the cloud
• Support existing and next-generation applications and containers in one platform
• Enterprise grade cloud management and K8s orchestrated container service

£3.60 a server an hour

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

380927542783642

Contact

Andy Wood
0161 837 7744
tenders@uk.cdw.com

Service scope

• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Below are the response times: Critical (SaaS; Severity 1) 30 minutes or less: 24x7 Major (SaaS; Severity 2) 4 business hours Minor (SaaS; Severity 3) 8 business hours Cosmetic (SaaS; Severity 4) 12 business hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: VMware Cloud on AWS provides 24/7 Severity; 1(production down) support as part of the service; at no additional cost. Non-production down; support is 9 to 5 local working hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: VMware provides a range of resources to help to; start using the VMware Cloud on AWS service.; These include comprehensive documentation (in; multiple formats), introductory videos, hands-on; labs, online and in-person training, access to a; large ecosystem of partners and support from the; public sector account team.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Migration of data to and from VMware Cloud on; AWS is fully managed by the customer.; Documentation exists along with additional tools; and services to facilitate the migration of data.; VMware Cloud on AWS natively runs VMware; vSphere which stores customer data in an industry accepted virtual machine format and; VMware vSphere natively supports the Open; Virtualization Format (OVF), making it simple to; download, clone, migrate, copy, port or transfer; workloads between environments.
• End-of-contract process: If you are using the Service Offering on an ondemand basis, you can cancel at any time by; deleting your SDDC, using the VMware Cloud on; AWS Console. You will be charged for all usage; up to the point of termination. Unless you; purchase a new subscription, upon expiration of; the Subscription Term all services will continue to; operate on an on-demand basis and you will be; billed at the then current on-demand rate for; those services until you cancel your on-demand; use.

Using the service

• Web browser interface: Yes
• Using the web interface: The VMware Cloud on AWS Console enables; customers to provision Software Defined Data; Centers, Configure Networking, Add/Remove; Hosts, Connect to the Virtual Center interface; and get support. The Virtual Center Interface; enables customers to manage their entire; Software Defined Data Center.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: The Virtual Center interface has undergone; accessibility testing. Results of all VMware; accessibility tests can be found at:; https://www.vmware.com/in/help/accessibility.html
• API: Yes
• What users can and can't do using the API: What users can and can't do using the API; After the initial creation of the organisation's; account, the service can be configured and; operated via the API interface. VMware Cloud on; AWS Service APIs, vSphere APIs and NSX API; interfaces are all supported.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Customers have access to all published and; documented APIs through a command prompt.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Customer environments are logically and; physically segregated to prevent users and; customers from accessing resources not; assigned to them. Each customer SDDC runs on; dedicated hardware which eliminates the; potential for other customers to affect their; workloads. VMware and AWS both continuously; monitor service usage to project infrastructure; needs to support availability; commitments/requirements.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • VSphere provide comprehensive infrastructure logs
  • Performance logs
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: VMware (Broadcom)

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Account configuration information
  • SDDC Configuration information
• Backup controls: Customers retain control and ownership of their; virtual machines and have the ability to use their; own backup and recovery solution. VMware; Cloud on AWS enables virtual machine images to; be replicated to another Availability Zone or to a; datacenter of the customer's choosing, which; ensures that workloads would always exist in; more than one physical location. There are many; companies that offer backup and recovery; solutions that are compatible with VMware Cloud; on AWS service.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: VMware will use commercially reasonable efforts; to ensure that each component of the Service; Offering ("service component") is “Available”; during a given billing month (as defined in the; Service Description) equal to the “Availability; Commitment” specified below: Service; Component Availability Commitment SDDC; Infrastructure 99.9% SDDC Management 99.9%; VMware Site Recovery - Management 99.9%; More information about the SLA can be found at:; https://www.vmware.com/content/dam/digitalmar; keting/vmware/en/pdf/docs/vmware-vmc-awsservice-level-agreement-april-2023.pdf
• Approach to resilience: VMware has implemented backup or redundancy; mechanisms to ensure compliance with; regulatory, statutory and contractual obligations.; VMware has a defined Information Security; Program that includes Business Continuity (BC); and Disaster Recovery (DR) strategies for data; and hardware redundancy, network configuration; redundancy and backups and regular testing; exercises. VMware Cloud on AWS uses Amazon; Web Services (AWS) geographically resilient; data hosting options. Data centers are built in; clusters in various global regions. VMware; provides customers the flexibility to place; instances and store data within multiple; geographic regions as well as across multiple; Availability Zones within each regions to support; their resiliency needs.
• Outage reporting: The real-time status of the VMware Cloud on; AWS services along with past incidents is; publicly available on; https://status.broadcom.com/

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces implement role-based; access controls and require members to; authenticate against the corporate identity; provider. Access is managed through the; management gateway which restricts access; based on originating IP address and SSL usage.; Additional security and authentication; mechanisms including the use of time-based; credentials are used to secure and monitor; access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: KPMG
• ISO/IEC 27001 accreditation date: 31/12/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 03/04/2024
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: Crowe LLP
• PCI DSS accreditation date: 23/01/2024
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001
  • ISO 27017
  • ISO 27018
  • SOC 2
  • HIPAA
  • PCI-DSS
  • IRAP
  • OSPAR
  • C5
  • ISMAP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: PCI-DSS SOC2 ISO 9001 ISO 27018 IRAP; ISMAP C5 OSPAR Cyber Essentials Plus
• Information security policies and processes: Security policies are documented and available; to employees on an internal web site. Policies; and procedures are reviewed annually, updated; as needed. VMware utilizes a standard operating; procedure repository to store an extensive set of; documented procedures. Detailed procedures; are defined for the following categories of; functions: information security, physical security,; network availability, HR, communications,; risk/issues and service level customer service.; On an annual basis, VMware Cloud on AWS is; audited by third-party auditors for ISO; 27001/17/18, SOC2, PCI-DSS and HIPAA. Policy; adherence is included as a part of these thirdparty audits.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The VMware Cloud on AWS team has a; comprehensive development lifecycle and and; change management system in place.; Continuous reviews and testing occur on the; software development pipelines for individual; products and components. VMware generates; builds from approved components and runs; these through BITs (Basic Integration Tests),; PVTs (Product Validation Tests), FSLite (Feature; Stress Lite Tests) and continuous Loop tests for; Deployment, Upgrade and Cluster expansion/; reduction. Additionally, we run performance tests,; feature stress tests, security scans, vulnerability; tests and System Tests at scale for every cycle.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: VMware has comprehensive vulnerability; management program in place which includes; continuous internal and regular third-party; vulnerability scanning and penetration testing.; VMware patches or upgrades platform systems; and applications after analyzing the severity and; impact of potential vulnerabilities. VMware has; subscriptions to pertinent vendor security and; bug-tracking notification services. Remediation efforts are prioritized and applied against critical; and high-risk issues based on recognized; industry standards. Patch testing and rollback; procedures are completed by the QA department; to ensure compatibility with and minimal impact; to the production environment.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The Security Operations Center monitor VMC on; AWS infrastructure 24x7 and alerted on security; anomalies in the VMware Cloud on AWS; environment. VMware Cloud on AWS has several; intrusion detection/prevention mechanisms in; place and the service continuously collects and; monitors the environment logs which are; correlated with both public and private threat; feeds to spot suspicious and unusual activities.; The customer is responsible for the security of; the environment over which they have; administrative level control.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The process complies with industry standards for; legally admissible chain-of-custody and forensicdata-collection management processes and; controls. Response standards, procedures,; methods are implemented based on the severity; level. If VMware determines that unauthorized; access to/use/disclosure of customer content,; VMware will use commercially reasonable efforts; to notify customers, taking into account any; applicable law, regulations, governmental; request. VMware will also notify customers of a; suspected breach of the infrastructure if that; breach occurred on a segment of the platform; consumed by a customer, or in the event of; Denial of Service attacks. VMware does not; monitor guest workloads for such breaches.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each VMware Cloud on AWS Software Defined; Datacenter (SDDC) is provisioned on dedicated; bare-metal hardware within an AWS VPC; dedicated to the customer. vSphere is installed; on this dedicated hardware and customers are; given access to their individual instance of Virtual; Center to manage their virtual environment.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: VMware Cloud on AWS utilizes AWS datacenters; and information about AWS & Sustainability can; be found here: https://aws.amazon.com/aboutaws/sustainability/

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Sustainable growth for VMware’s business; requires decoupling our company growth from; carbon emissions. To this end, we’ve accelerated; our focus on decarbonization and received thirdparty validation from the Science Based Target; Initiative (SBTi) on our science-based targets.; Since 2018, we have maintained our certified; CarbonNeutral® company status, in accordance; with The CarbonNeutral Protocol. Since 2019, we; have sourced 100 percent of our power in our; global facilities from renewable sources, in; accordance with RE100 Reporting Guidance. •; VMware’s net zero emissions goal builds on; approved science-based targets and expands; the scope of our climate commitments. For us, a; net zero goal means reducing emissions for our; entire carbon footprint. We are focused on; prioritizing energy efficiency within our operations; through our commitment to green buildings,; working with our suppliers to reduce their; emissions, and supporting distributed workforces; through our Future of Work initiative. Through; carbon financing, we support low carbon; sustainable development projects that enable; carbon avoidance to offset our remaining; emissions. In line with the leading net zero; guidance, we are developing our strategy to; include carbon removal projects to address; residual emissions. In FY22, we furthered climate; transition planning at VMware, guided by; Taskforce on Climate-related Financial; Disclosures(TCFD) recommendations. As; VMware continues to learn more about climate; risks, we can build longer time horizon risks into; our strategy to become even more sustainable; and resilient.

Pricing

• Price: £3.60 a server an hour
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.