CSI Limited

IBM Cloud for RedHat OpenShift

Red Hat OpenShift on IBM Cloud is a managed offering to run your own cluster and deliver highly-available and secure containerized apps on a public cloud. Combining an intuitive user experience with built-in security and isolation, you can manage and monitor your workloads with intelligent-scheduling, self-healing, horizontal-scaling, load-balancing and configuration-management.

Features

• Container security and isolation choice
• Integrated Vulnerability advisor
• Encryption in secret and private registry
• Tuneable capacity with isolation choices for worker nodes
• Secure service binding to IBM Cloud services (Watson, IoT, etc)
• CLI/API ensuring portability, consistency & integrating with CI/CD Tooling
• Integrated operational tools for monitoring and logging
• Intelligent scheduling, self-healing, horizontal scaling, service discovery
• Managed add-ons for Istio and Knative

Benefits

• Choice of container platform provider
• Create customised infrastructure that meets your organisational requirements
• Increase high availability with OpenShift multi-zone clusters
• Reduce cluster downtime with highly available OpenShift masters
• Image security compliance with vulnerability advisor
• Use the cluster dashboard to continuously monitor cluster health
• Secure expose of apps to the public
• Integrate IBM Cloud services to benefit from added capabilities
• Automatic load balancing across apps with the multizone load balance
• Decrease your costs by using OpenShift multi-zone clusters

£0.36 an instance an hour

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

781312127130939

Contact

Jennifer Billett
08001088301
jennifer.billett@csiltd.co.uk

Service scope

• Service constraints: The platform is a 24x7 available service. Any planned maintenance will not impact availability. Access to the service is via RESTful API or the IBM Cloud Portal.
• System requirements: Internet access to reach IBM Cloud portal

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 Urgent - Response in 30 minutes, restoration in 4 hours; P2 - Significant - Response in 60 minutes, restoration in 8 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CSI provide advanced monitoring, reporting and alerting, access to a first, second and third line service desk, through to a fully managed solutions. Most accounts will be allocated a Technical Account Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide comprehensive online documentation (available through the IBM Cloud Dashboard), tutorials, free online training course and hundreds of tutorials and articles available on our developerWorks portal.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: IBM is a data processor and will not access or own client data. Client can use standard technology to extract their data. If required, IBM Cloud Data Transfer Service allows customers to send a USB 3.0 compatible device and/or CDs and DVDs to an IBM Cloud IaaS data center to be connected directly to their network to remotely control the data transfer. The device is housed in a dedicated rack located in the customers data center and will be mounted as an iSCSI target. Our Data Transfer Service is ideal when you need to transfer large amounts of data without using our Private Network and is a service offered free-of-charge to all IBM Cloud customers. When a customer cancels any physical or virtual server, all data is erased using Department of Defense (DoD) 5220.22-m standards.
• End-of-contract process: Services in IBM Cloud infrastructure are generally billed on an hourly on monthly basis. When services are de-provisioned access to the service is removed from the account. When a customer cancels any physical or virtual server, all data is erased using Department of Defense (DoD) 5220.22-m standards.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can create new applications & services, manage those services, configure services and instances, manage role-based access and teams, they can view alerts and status, they can access documentation all through the IBM Cloud Dashboard. ; .
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Interface doesn't comply with EN 301 549 9 as this specifies how much users can zoom, how colour is used, and the contrast of web pages.
• Web interface accessibility testing: Interface doesn't comply with EN 301 549 9 as this specifies how much users can zoom, how colour is used, and the contrast of web pages.
• API: Yes
• What users can and can't do using the API: We have more than 3,000 documented methods across 180 discrete services. Our internal management system and our customer portal was built specifically to use it. All customers have full, free access to our entire automated portfolio of services—from management and monitoring to information retrieval from IBM Cloud accounting, inventory, and DNS systems. Control every aspect and action on your IBM Cloud infrastructure via API. we support SOAP, XML-RPC, or REST protocols, C#, PERL, PHP, Python, Ruby, and VB.net API clients. IBM Cloud Development Network Developer Community and Knowledgebase for the IBM Cloud IaaS API Search for specific API services and methods, read development-focused blogs, and connect with other developers to share tips, ideas, and best practices at the IBM Cloud Development Network (SLDN). Message Queue and Object Storage Control Service-specific Optimization Additional APIs built specifically for IBM Cloud message queue and object storage services provide extended features and functionality.
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: IBM Cloud CLI provides a unified way for you to interact with your applications, virtual servers, containers, and other components in IBM Cloud through a command line interface. It also leverages command line tools from Cloud Foundry, Docker, and the OpenStack community when you interact with specific compute types. IBM Cloud CLI helps you handle the environment settings when these community tools are used. The commands in IBM Cloud CLI are organized by name spaces, to provide a structural overview. If you are using Bash or Zsh, the autocomplete feature in IBM Cloud CLI provides suggestions and allows you to complete commands and their arguments. These features make it easier for you to find and use the right commands. The IBM Cloud CLI command line interface is not supported by Cygwin. Use the IBM Cloud CLI in a command line window other than the Cygwin command line window.

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: The architecture of IBM cloud services maintains logical separation of client data. Internal rules and measures separate data processing, such as inserting, modifying, deleting, and transferring data, according to the contracted purposes.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Host ping and IPMI statistics
  • Automated reboot for monitoring failure
  • 25x7x365 NOC monitoring
  • LDAP response monitoring
  • DHCP response
  • Performance monitoring
  • DNS Response
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: IBM

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machine images
  • Files and databases
• Backup controls: Users schedule backups through a web interface
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: CSI provide an SLA of greater than 98% backup success rate, with a 5% service credit if we are unable to meet this SLA.
• Approach to resilience: CSI have ensured their service delivery is resilient in terms of site loss and component failure.
• Outage reporting: Email Alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Each user can have policy-driven profiles applied to govern their level of access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 27/03/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group Security Services Ltd
• PCI DSS accreditation date: 01/04/2024
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CSI subscribe to and actively embrace ISO 27001. Our internal auditing process and the annual external audits ensure that the policies are being followed. Any breach of our information security policy is logged and escalated to the information security officer for a full and thorough review

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As a service provider,CSI have a mature change-management process, which includes risk analysis, roll-back plans, and approval and verification steps.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CSI subscribe to multiple threat-alert channels through our security partners and vendors. Critical patching will be completed within 3 days. Routine patching is completed on either a monthly or quarterly cycle.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: CSI use regular vulnerability scans and penetration testing to identify potential compromises which will be addressed as soon as commercially reasonable.
• Incident management type: Undisclosed
• Incident management approach: Our incident management process is based on ITIL and has been refined over the many years of CSI being a service provider. Individual incidents are addressed and closed. Multiple incidents can trigger a problem management process. Major incidents will generate a incident report.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CSI provide a TCO Tool which provides the output on cooling requirements to make sure that the energy requirements are optimised.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Along with our customers and carefully selected partners, environmental responsibility is extremely important to CSI when making our own decisions on platform choices and system purchases – IT sustainability is also being factored into our choice of sustainable infrastructure for our clients to deliver to their own ESG ambitions. ; ; Data centre consumption of energy, greenhouse gas emissions and managing e-waste are all considerations. The CSI Power10 environment shows considerable reductions in energy consumption to over 50% from our old IBM Power8 estate. The IBM Power10 system have been designed to deliver high performance with a reduced environmental impact. Over 97% of IBM Power server components are reused or recycled at the end of life. ; ; CSI are ISO 14001 accredited. CSI are committed to a programme of management, continuous improvement and reporting of our direct/ indirect impacts, which mark our contribution to improving the world in which we live. ; ; We recognise that our business activities have direct and indirect impacts on the societies in which we operate. We endeavor to manage these in a responsible manner, believing that sound and demonstrable performance in relation to corporate social responsibility policies and practices is a fundamental part of business success. ; ; Examples of our activity in this area are: ; • Webcasts to deliver All Employee meetings to avoid excess travel ; • Turn off all lights and PC monitors at night ; • Corporate functions at venues that support sustainable environments ; • Double sided printing set as default ; • New marketing material produced on material sourced from sustainable sources ; • Support of remote/flexible working – enabled reduction in office space

  Covid-19 recovery

  We are also committed to making a sustainable positive impact on the communities in which we operate. We aim to make a distinctive contribution to inequality and social development through the establishment of effective partnerships and programmes that make the best use of the energies and skills of our employees.; We support our employees in fundraising for charities and voluntary work, recognising both the benefit to the community and to the employees themselves

  Equal opportunity

  CSI aim to provide equal opportunities and avoid discrimination in all aspects of employment and to ensure that the talent and skills of all individuals are maximised. Our approach applies to recruitment, terms and conditions of employment (including pay), appraisals, promotion, disciplinary and grievance procedures and training.; ; The policy applies to employees, officers, agency workers, casual workers, consultants and self-employed contractors.; ; Part-time and fixed-term staff shall be treated the same as comparable full-time or permanent staff and enjoy no less favourable terms and conditions (pro rata where appropriate), unless different treatment is justified.

  Wellbeing

  The Company proactively supports Remote workers who are affected by time management and social isolation issues by:; a) regular one-to-one meetings between remote workers and their line managers; b) regular meetings between remote workers and their co-workers; networking, training, etc.; c) regular visits to their designated office; d) providing access to secure Company resources, e.g. CRM, SharePoint, Concur and BambooHR; e) providing access to Company communication tools such as Microsoft Teams, Microsoft Outlook and Yammer ; f) providing access to helplines for support with software problems and equipment failures; g) providing online meetings or virtual discussion forums; h) including remote workers in social activities, along with company newsletters and updates

Pricing

• Price: £0.36 an instance an hour
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.