Fujitsu Services Limited

Fujitsu VMware Private Cloud Service

Fujitsu VMware Private Cloud is part of Fujitsu’s portfolio of multi-Cloud services that enables customers to easily transition from a “traditional” infrastructure to Private Cloud Platform. Fujitsu provides platform variants customised to the appropriate security classification up to TOP SECRET.

Features

  • A VMware based digital business platform with flexible charging
  • Highly secure with variants from OFFICIAL to SECRET and above
  • An end-to-end, evergreen managed service aligned to public sector needs
  • Standardised service and architecture, customisable to support your business needs
  • Enable digital transformation and application migration to your private cloud
  • Private cloud deliverable from Fujitsu, partner and customer datacentres
  • Rich self-service and automation capabilities via portal and API
  • Scalable from 120 to 10,000 Virtual Machines
  • Deployable globally

Benefits

  • Commercial flexibility, with a single, transparent, pay-as-you-use monthly OPEX charge
  • 20-years trusted VMware partnership, enabling maximum value from your investment
  • Gain 20-30% operational efficiency & retain control of your data
  • A Fujitsu managed service providing a single point of contact
  • Built using industry standard hardware and software to ease assurance
  • Increased compliance with public sector policy and legislation
  • Delivery flexibility using onshore, nearshore or offshore experienced support teams
  • DevOps support with self-service access through portals and APIs
  • Infrastructure converged, hyperconverged or both infrastructure models to deliver capacity
  • Flexible and customisable design to suit customer requirements

Pricing

£42.52 a virtual machine a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

7 5 5 4 3 6 3 3 5 7 6 0 1 5 5

Contact

Fujitsu Services Limited Sam Skinner
Telephone: 07867829234
Email: government.frameworks@fujitsu.com

Service scope

Service constraints
The service requires a minimum 2 year commit term for service. Capacity expansion is constrained by hardware lead times. All customers bring their own Operating System and Application licenses.
System requirements
  • Service requires customer to provide 1st line support.
  • 1st line service desk service is available at extra cost.
  • Access to a Active directory service to authenticate customer users.
  • Access to Network Services such as Time, DNS & PKI.
  • Selection of Remote Support location, On-Shore, EEA & India.
  • Provision of physical access for Fujitsu support teams for maintenance.
  • Network access for Fujitsu Support teams to the environment.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Incident Management Service levels:
Priority 1: 4 hours
Priority 2: 8 hours
Priority 3: 16 hours
Priority 4: 3 days
Priority 5: 5 days
Please review the Service Definition for further information on service levels.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
Incident Management Service levels:
Priority 1: 4 hours
Priority 2: 8 hours
Priority 3: 16 hours
Priority 4: 3 days
Priority 5: 5 days
Please review the Service Definition for further information on service levels.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Provide documentation and optional platform specific training sessions (at additional cost) as well as relevant Vmware training courses (at additional cost)
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
MS Word
End-of-contract data extraction
By migration of virtual machines via network or storage device, backup and restore using customer chosen backup tool. Fujitsu will support these activities at additional cost if required.
End-of-contract process
As part of the standard service, no specific off-boarding activities have been included. The customer should ensure all services have been migrated off the cloud service prior to the end of the contract. Fujitsu is able to provide additional services to support the customer with these migration activities and should confirm the price for these services prior to termination. Whilst capacity is being paid for on the platform it will continue to exist, the customer can then migrate at their leisure supported if necessary by Fujitsu teams, the customer bill will reduce as capacity rolls off. When the customer requests cessation of service a final bill will be raised continuing any current spend or committed charges.

Using the service

Web browser interface
Yes
Using the web interface
As standard API supports create delete change and power on/off of virtual machines via standard templates as well as console access . Custom extensions for network, security and multi machine blueprints can be added.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
N/A
Web interface accessibility testing
N/A
API
Yes
What users can and can't do using the API
As standard API supports create delete change and power on/off of virtual machines via standard templates as well as console access . Custom extensions for network, security and multi machine blueprints can be added.
API automation tools
  • Ansible
  • Terraform
  • Other
Other API automation tools
REST API calls. Vmware Cloud Assembly
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Dedicated Private Cloud Service for a single customer user with agreed levels of contention during service design.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Encryption of data at rest either at a VM level or a storage device level is dependent on a Vmware supported customer provided PKI environment to manage keys.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks
The private cloud service logically sits as a device on a external network either on customer premise or in a Fujitsu or 3rd party DC. As such network connectivity can be designed to suit protection requirements. Details can be provided on request.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
The private cloud service has two logical network domains. The service places no restrictions on any customer software network protections (encryption etc.) installed in hosted virtual machines. The network service is either available as a pure layer2 service allowing a customer to implement their own network security functions or as a layer3 SDN based solution (VMware NSX). Vendor supported custom integrations between NSX and network security devices can be built into the specific customer implementation as required.

Availability and resilience

Guaranteed availability
Upto 99.99% excluding disaster for single or dual DC implementations.
Approach to resilience
Resilience, with no single point of failure, is designed into the service. Dual power supplies to network connections over dual NICS to dual switches and customer uplinks from a 4 or 8 port channel spread over at least 2 switches in one or more racks. Service capacity is always sized excluding "spare" nodes, which are added at a ratio of between 1:8 and 1:12 to ensure capacity even after node failure. Details can be provided on request including options for Fujitsu UK datacentres/customer/Crown Premises.
Outage reporting
Outages are reported to the Fujitsu Service management team that then inform the customer of any service impacting outages.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
As Fujitsu Private Cloud Service sits within the customer environment inside it's protective boundaries, all access to the system is via customer provided and defined controls. The cloud portal trusts the customer Active directory for end user authentication using credentials.
Access restrictions in management interfaces and support channels
Management and support channels must first pass the customer boundaries and authenticate into the customer environment. The management platform has a dedicated Active directory with users granted access to servers based on roles and permissions within that directory.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Management and support channels must first pass the customer boundaries and authenticate into the customer environment. The management platform has a dedicated Active directory with user/password or optional 2FA authentication.
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Bureau Veritas
ISO/IEC 27001 accreditation date
01/06/2022
What the ISO/IEC 27001 doesn’t cover
All Reference control objectives and controls of the standard are in scope, and all aspects of the offerings.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
N/A
Information security policies and processes
ISO27001-certified governance regime for company. Fujitsu delivers the Services using a secure ISO27001:2013 compliant support environment. This element of the service comprises - Definition, maintenance and implementation of the Fujitsu standard Information Security Management System (ISMS); Physical protection of the defined infrastructure within Fujitsu’s ISO27001:2013 accredited Data Centres; Undertaking appropriate audits and assessments to ensure ongoing compliance; Implementation and enforcement of Fujitsu’s security policies and supporting processes and procedures; Prevention of unauthorized physical or logical access to the Services; Identification of threats to relevant assets and implementation of proactive controls to diminish risk probability and/or impacts; Visibility and involvement in the maintenance of the Fujitsu standard ISMS at all levels of Fujitsu management.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ISO27001-certified configuration and change management regime for company
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
IISO27001-certified vulnerability management process for company. Fujitsu shall monitor the service for potential threats and vulnerabilities. When new security patches are made available from a vendor, these shall be applied following the vendor described deployment approach. Patches are deployed based on the threat level and existing mitigation approaches that are in place. All appropriate security patches will be applied within 30 days of release from the vendor.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Underlying platform is instrumented with audit logs being collected in the platform and forwarded to an external customer defined SIEM service (potentially delivered and managed by Fujitsu).
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ISO27001-certified incident management process for company.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Vmware
How shared infrastructure is kept separate
Private Cloud - dedicated infrastructure per Organisation.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
The Strategic Fujitsu Datacentres are registered “participants” in the EU Code of Conduct for datacentres, complying with their energy efficiency guidelines conforming to ISO50001 Energy Management. The Supplier’s infrastructure planners have used optimal layouts, as determined by the EU Code of Conduct to build the service within these datacentres.

Social Value

Fighting climate change

Fighting climate change

Fujitsu operates a Dual Delivery approach to Social Value (SV).

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.
To align with the theme of Fighting Climate Change with a policy outcome, we co-ordinate our efforts via an environmental action plan, a green procurement policy and a responsible procurement charter. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.

The G-Cloud Service initiatives may include:

Developing Environmental Action Plans focusing on societal challenges of climate change, resource circulation and living in harmony with nature.

Supporting local School’s Programmes i.e. the UK Trees to supporting biodiversity, environmental education & clean air.

Ensuring all projects utilise our secure logistics facility so that all IT assets are re-purposed before recycling or disposal through secure /accredited routes.

Continuing the installation of Solar Panels across our or customer sites, enabling self-generating renewable energy.

Fujitsu as a member of RE100, promotes global corporate initiatives driving towards 100% renewable energy.

Supporting customer efforts to collect information on measures to promote the resource-saving design of products.
Covid-19 recovery

Covid-19 recovery

Fujitsu operates a Dual Delivery approach to Social Value (SV).

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.
To align with the theme of supporting Covid 19 recovery with a policy outcome, we focus on helping our customers, local communities and supporting our staff with the social and economic impacts. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.

The G-Cloud Service initiatives may include:

Helping our customers move to a more home-based/mobile service.

Support to local communities and helping schools to ensure disadvantaged children are not left behind in terms of access and skills to learn remotely by supplying equipment and training.

Our volunteering refocussed on the transfer of digital skills to support schools and the unemployed.

Acceleration of our apprentice schemes to support employment initiatives, including tackling skills gaps.

Support to enable SMEs/VCSEs to develop in disadvantaged areas through gifting of our apprentice levy.

Initiatives such as DASH, Karma Nirvana, Manchester Women’s Aid to support the Home Office Domestic Abuse Charity, provided laptops and technical support.
Tackling economic inequality

Tackling economic inequality

Fujitsu operates a Dual Delivery approach to Social Value (SV).

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.
To align with the theme of Tackling Economic Inequality with a policy outcome, we focus on creating employment and removing any barriers to employment, developing new skills, supporting our supply chain including SMEs and VCSEs. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.

Tackling economic inequality:

The G-Cloud Service initiatives may include:

Providing employment opportunities for those facing barriers to employment, particularly those located in deprived areas.

Working with educational institutions and community groups to provide CV Skills/Mock Interview Workshops and STEM Schools career visits.

Creating apprenticeship/graduate opportunities within Fujitsu.

Training opportunities, for industries with skills shortages or high growth sectors i.e. Digital skills programmes.

Assisting Rock2Recovery helping Armed Forces Veterans and an increasing number of Blue Light staff and their families by providing coaching and support e.g. business advice and their fund-raising activities.

Supporting local SMEs/VCSEs with access to learning pathways to develop and learn new skills to enhance their offerings.
Equal opportunity

Equal opportunity

Fujitsu operates a Dual Delivery approach to Social Value (SV).

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.
To align with the theme of Equal Opportunity with a policy outcome, we focus on reducing the disability employment gap, tackling workforce inequality and providing demonstrable value to society. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.

The G-Cloud Service initiatives may include:

Our Work Your Way Programme, providing flexible working arrangements to all employees from day one.

Comprehensive digital skills training for disadvantaged people e.g. NEETs, minority, gender and ethnic groups, disabled, rehabilitating young offenders, or elderly people.

Employee Passport detailing all adjustments to fully supporting employees throughout their career.

Mandated accessibility standards are actively considered in Framework contracts throughout the solution/product/service lifecycle.

Opening up our supply chain to SMEs to share an ecosystem of alliances, expert partners and academic institutions and charities.

We build accessibility into Framework contracts via policies, processes and working environments to comply with legislation.
Wellbeing

Wellbeing

Fujitsu operates a Dual Delivery approach to Social Value (SV).

Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake local initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.
To align with the theme of Wellbeing with a policy outcome, we focus on the Health and Wellbeing of all our workforce including our supply chain. Our initiatives are based on the National TOMs Framework. The 47 metrics of the Fujitsu TOMs have been developed in consultation with the Social Value Portal (SVP). We will use this to manage, monitor, measure, evidence and report on implemented initiatives within G-Cloud 13. At the end of each year, we will provide an independently audited Social Value Report, outlining completed activities, quantifiable SV generated and how each initiative aligns to the SVM policy outcomes.
The G-Cloud Service initiatives may include:

We provide access to Wellbeing Programmes supporting mental and physical health, including:
Employee Assistance Programme
“My Healthy Advantage” app providing content and 121 Live-Chat support
 Mental Health First Aiders

Mental Health campaigns for all staff including subcontractors, to create community of acceptance around mental health.

Fujitsu and supplier volunteering to support local wellbeing projects initiatives to support older, disabled and vulnerable people to build a stronger community network.

Providing specialist skills to support “Creating Better Environments” project – creating a digital platform helping autistic people better navigate environments.

The BuddyConnect™ application created by Fujitsu to support neurodiversity and inclusion in the workplace.

Pricing

Price
£42.52 a virtual machine a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.