Unisys Limited

Unisys Cloud IaaS

The Unisys Cloud service is an Infrastructure as a Service (IaaS, PaaS or SaaS) offering designed to provide a private secure VMware or Hyper-V hosting capability for customer applications and services.

Features

• Automated provisioning of virtual computing and storage capacity
• The automatic approval of requests for standard images
• Request a new VM from a list of pre-defined templates
• Perimeter Security Services
• Change, Re-build/Delete/Decommission VMs
• 3-2-1 Backup strategy provided by CommVault and AWS Deep Archive
• DR and RTO/RPO SLAs delivered using RecoverPoint for VMs
• 24x7 Monitoring and Alerting services provided by Nagios and ServiceNow
• Network Load balancing service enabling highly available web services
• Console access to VMs

Benefits

• Scalable and flexible service
• Direct user access via Self-service portal
• Multiple Data Centres located in the UK
• Shared Resource pool
• Enterprise ready service delivering Tenant SLAs and RTO/RPO objectives
• aaS model with optional Ransomware protection
• Utility based pricing
• Private and secure Cloud
• Network access over IPSec VPN/s or secure resilient WAN link/s
• ISO 27001 certified service

£113.00 a virtual machine a month

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudstore@unisys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

798616782306254

Contact

Simon Arnold
+44(0)7808391153
cloudstore@unisys.com

Service scope

• Service constraints: Hosted out of two UK data centres.; ; InterDC connectivity included in per VM costs for data replication and protection.; ; Optional Tenant access via resilient IPSec VPN or WAN connectivity.; ; Additional Perimeter security, such as WAF, HSM, and DDoS optional services.; ; VM Standard sizes provide the optimal cost/benefits; ; Tenant specific Governance and legislative compliance including Penetration Testing is an optional service.
• System requirements:
  • An authorised desktop
  • Connectivity to the network; default: via IPSec over the Internet
  • A valid login to the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Restore service within: 4 hours for Severity 1 outage; 24 hours for Severity 2; and 72 hours for Severity 3
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Level 1 24x7 operations monitoring; Level 2 OS, storage & backup support with out of hours on-call support; Individual VM monitoring and alerting; Individual VM backup
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Work with new customers to build an on-boarding plan. ; ; This will include:; • Capturing the details of the administrators for initial account creation;; • Initial Network design. Look at how the customer will connect, and what VLANS (if any) are required, Load Balanced addresses, and firewall rules;; • How any existing machines will be migrated into the new environment;; • Key contacts and points of escalation;; • Billing information.; With this information, Unisys will deploy the Tenant Landing Zone ready for use, and produce a detailed plan for implementing any additional services required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At service commencement, Unisys will work with the Tenant to build an off-boarding plan. This will include: ; • Migration Plan detailing: ; - What Storage and/or VMs need to be moved and to where? ; - What technical and personal security measures will be followed to transition or transport the data. ; - Data Extraction: Tenants may simply decide to copy their data over a temporary secure VPN link or even dump to an encrypted removable media and securely relay via a secure courier or transport the device by themselves. ; What ever the chosen option, Unisys will work with the tenant with the agreed process to extract and securely transfer data at contract exit. ; • Return of any Tenant specific documentation and certification ; • Secure Information Destruction plan. Removal of Virtual Machine images and backups; Secure disposal of Tenant data ; • Termination and decommissioning of any VPN or dedicated network lines.
• End-of-contract process: When leaving the service, Unisys will work with the Tenant to review update and execute the off-boarding plan that was created at contract start. ; ; Unisys will appoint a Service Transition Lead (STL) who will be responsible for seamless and secure transition of service. ; ; Parallel work streams will be commenced, including:; ; Technical Migration Stream – covering seamless migration of tenant data, storage and server estate. this includes the creation of Operational ; Working agreement with the tenant's new supplier. ; ; Security & Audit Stream – this stream will document the agreed process for secure destruction of tenant environment as well as how removable media and current archived backups are to be managed and transitioned. ; ; Commercial and Contractual stream: Contract Termination and decommissioning of the service including secure removal of dedicated tenant networks and VPN links that may have been setup during contract term. Costs for STL is included in the contract; however, any tenant specific secure destruction and data and VM transition activity is subject to Change Control.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Tenant Architecture is delivered via a N+1 design whereby each tenant's environment is hosted on their VM resource pool - this strategy eliminates noisy neighbour situation while guaranteeing allocated resource availability to tenant VMs.; Independent optional Penetration Testing validates Tenant service Independence.; ; At the Storage layer LUNs provide the tenants storage needs on a tiered SAN that automatically repurposes workloads depending on I/O demand and utilization.; ; All of the Unisys UK Cloud offering is monitored by Nagios that integrates with Unisys global ITSM auto ticketing alerting on critical alerts, as well as raising alerts on the Ops monitors.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Users will be sent email notification at least a month prior to nearing the service limits. ; If available Tenants will be also get contacted by phone to notify them of the nearing service limits.; Nagios monitoring service will also provide early warning alerts when the pre-set resource utilisation thresholds have been reached.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • CommVault technology provides backups
  • The Virtual Server iDataAgent delivers protection/recovery
  • IDataAgent provides granular backup/restore options
  • Tenant manages Application or Database specific backups
  • Daily full or incremental backup is optional
  • Option to perform Ad hoc backups is available
  • Optional service to backup tertiary copy to AWS Deep Archive
  • Restores requested via a service request VM target instance
  • Tenant specific backups - copying files to target VM
  • Standard backup service is daily full backup of VMs
• Backup controls: Daily backups of the infrastructure elements are written to VTL disk and are replicated to a secondary site to provide additional protection. ; ; The following optional services are also available and managed by the Unisys support team:; - An architecture to deliver the required RTO & RPO that meets the Tenants DR/BCP obligations. ; - Tertiary copy sent to Secure AWS Deep Archive storage ; - Backup-as-a-service for additional protection of non-standard payloads. ; - A high availability option capable of running in Active/Active configuration.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: • To provide availability of 99.9%.; • Measure availability based on system/VM uptime; • Restore service within:; - 4 hours for a Severity 1 outage; - 24 hours for Severity 2 outage; - 72 hours for a Severity 3 outage; • Optional minimum SLAs: RPO 1 hour and RTO 4 hours
• Approach to resilience: Unisys UK Cloud Service (UKC) has been architected and deployed to run as active/active in both DCs and is designed to prevent any SPOFs within the system.; ; At the external network layer Unisys would request that tenants utilizes the resilient and diversely routed Internet links or deliver similar resilient dedicated links from the Tenant network into each of the primary and backup data centres providing UKC services. ; ; Two different vendor 10GB WAN links provide the Inter-DC connectivity between the datacentres.; ; Within the DCs all boundary Firewalls, perimeter switches, NLBs and monitoring tools are paired in active/passive mode. ; ; The remainder of the infrastructure also has redundancy and resiliency built into the design. ; ; Finally Nagios monitoring combined with 24x7 Operations Centre delivery service support wrapper to deliver the 99.9% availability SLA.; ; Detailed design can be made available on request.
• Outage reporting: 24x7 Nagios Monitoring and alerting tool set provide Service Management via dashboards that are operated by the DC Operations team for the Unisys UK Cloud environment and optionally for the tenant as requested.; ; Critical alerts and threshold warnings are displayed using RAG status as well as relayed to service desk as email alerts.; ; Tenants have the option of utilizing this setup or developing their own monitoring services for their PaaS and SaaS implementations.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Cloud Management Environment (CME) separation is achieved at Management, Network, Hypervisor and Storage Layers.; ; The CME does not have access to the tenant’s environment within the platform.; ; CME is responsible for monitoring and managing the cloud platform, but does not monitor guest OSs.; ; At network layer, data is separated by VLANs from virtual machines to the physical network switching infrastructure. ; ; Inter VLAN traffic flow is protected by a firewall. ; ; Management of Hypervisor Layer hosts and the VMs are separated; traffic to the hypervisor host is physically separated by using different network adaptors and switches to those serving tenant VM traffic.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/10/21
• What the ISO/IEC 27001 doesn’t cover: All controls identified in ISO 27001 annex A are implemented across Unisys domains covered by global certificate number IS 58442. This includes the UK entity for this framework, Unisys Limited. The Statement of Applicability covers Unisys Managed Security Services, Cloud and Infrastructure Services, Application Services, Unisys Facilities and Administration, and IT Operations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Police Assured Secure Facility
  • NPIRMT accreditation to OFFICIAL for the UK Home Office

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Unisys UK Cloud Information Security (IS) incorporates Unisys Corporate IS policy; adherence and compliance to both of these policies, for delegates engaged in providing Unisys UK Cloud services, is a mandatory requirement to joining the team.; ; All delegates are security vetted and are provided annual Security briefings. ; ; Compliance and joiners & leavers registers are reviewed, monitored and reported on quarterly bases. ; ; Ad-hoc unannounced spot checks are also carried out by the Security Authority who is responsible for managing and reporting on all Unisys UK Cloud related Information Security incidents.; ; Further, delegates are also presented with the Unisys UK Cloud SyOps as well as the individual tenants’ SyOps that details how the system meets and delivers the Cyber Security Principles.; ; Delegates roles and responsibilities are defined by the processes and procedures outlined in the accompanying SOPS documentation. ; ; Unisys UK Cloud Service Catalogue details the Security Risk Incident and Emergency Security Incident management procedures.; ; The Unisys UK Cloud Security Authority, maintains & manages the Risk Register and has a dotted line into the Unisys UK CIO as well as to the Corporate Security Governance board.; ; Unisys operates an anonymous incident and dispute reporting scheme.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Dedicated Cloud SDM role owns and manages the governance and ITIL based BAU Service Management function. ; ; The Change Management process governed by the Change Advisory Board (CAB), who convene once a week to review and authorise all changes and problems reported. ; ; The SDM also provides monthly report on all aspects of the service, including high priority faults, security incidents and changes implemented. ; ; They also develop and present the Capacity Management report that details growth and projection of any future (6 month view) capacity issues to the cloud as well as on any tenant systems.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All VMs are protected by perimeter security provided by a combination of Physical and Virtual Firewalls; ; ; Intrusion Detection System (IDS/IPS) from Checkpoint provides perimeter security.; ; Azure Sentinel provides the SIEM solution to UKC and is also available to Tenants as an optional service; ; Weekly Vulnerability Scans are performed on UKC and all hosted Tenant VMs. Unisys Security Authority manages the remediations and provides weekly progress reports.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: UKC utilises a network intrusion detection system to monitor network traffic and analyse for malicious activity. ; Protective Monitoring is performed by security information and event management software which collates and analyses the log files of all servers, machines and network equipment. ; These tools have been fully configured to analyse and alert on all 12 Protective Monitoring Controls described in the UK Governments Good Practice Guide 13 document.; ; UKC uses Nagios to deliver 24x7 monitoring and alerting functionality to all Tenants that is operated, monitored and managed by Unisys BAU Operations team.
• Incident management type: Supplier-defined controls
• Incident management approach: Unisys UK Cloud SDM owns and manages the Cloud Incident Management (IM) process.; ; During on-boarding stage, Tenants are introduced to Unisys IM process that details how incidents are logged with the Service Desk, how to allocate priority and how incident flow takes place from being received by the appropriate resolver-groups until its resolution.; ; The Incident severity levels are defined by the incident characteristics that are defined in the Cloud Service Manual, which also details the process flow between Incidents and Problem records and how Incident and Problem Management tracking and reporting is performed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Separation between tenants is achieved at all layers of CME; which does not have access to the Tenant’s environments or guest OSs. ; Data is separated by VLANs from virtual machines to the physical network switching infrastructure. ; Inter VLAN traffic flow is protected by firewalls. ; Traffic to the hypervisor host is physically separated using different network adaptors and switches. ; All storage is hosted on a fibre channel SAN, with each Tenant being allocated separate cluster shared volumes for their virtual machines and data. ; Encrypted Backups are performed at the platform level and do not have direct access to the Tenants’ environments.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our primary and secondary data centres adhere to the code. Both are modern datacentres with a very effective and efficient Power Use Effectiveness (PUE) of at least 1.2.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our plan over the contract duration includes: ; (1) Using resources in an environmentally responsible manner. We will continue to invest to minimise energy usage across our buildings, the largest contributor to our UK carbon footprint. Our flexible working policy reduces both our real estate footprint and associated corporate travel. We increasingly source energy from renewable sources, and this now accounts for 30% of purchased electricity ; (2) Working with sustainable partners in the supply chain. We assess key partners in our supply chain using several measures including independent sustainability ratings from EcoVadis. We seek to grow relationships with suppliers with formal ESG policies and those who are building out their ESG programs. ; (3) Fostering environmental responsibility among our employees ; (4) Reducing or eliminating the use of hazardous substances ; (5) Sustaining effective product recycling and reclamation programs, and ; (6) Continual improvement of our environmental performance. We set a 20-year target in 2006 to reduce our Scope 1 and Scope 2 Greenhouse Gas (GHG) emissions by 75%, and achieved that goal in 2021, 5 years ahead of schedule. Current objectives are to reach net zero GHG emissions for Scope 1 and Scope 2 sources by 2030 and to explore viable options to address residual, harder to abate Scope 1 and Scope 2 emissions. ; These include potential technological developments or tools such as renewable energy credits to address Scope 2 emissions and carbon credits to support climate mitigation activities beyond our value. ; The services enable workloads to be migrated from dedicated client-site IT infrastructure to more energy efficient cloud-based platforms, reducing carbon footprint by improving energy efficiency. ; Highly energy efficient hosting includes innovative direct air evaporative cooling which saves up to 50kW in energy consumption per rack per year.

  Covid-19 recovery

  Unisys is an equal opportunities employer, focused on building a diverse workforce that represents the communities we live in and serve. ; Our flexible working policy supports the COVID-19 recovery effort, enabling effective social distancing, and supporting remote working. We support and have equitable processes for retraining and career development. ; Our Employee Development Plan features annual goal and performance reviews, training, and career development to give employees opportunities to achieve personal and professional goals. All Unisys associates have access to the Unisys University, which has over 50,000 training artefacts covering technical and soft skills development. ; Technology courses include in-demand areas such as cloud-based technologies and cybersecurity. ; We also care about supporting the physical and emotional wellbeing of our employees and provide a highly flexible benefits package with a wide range of leisure, lifestyle and wellbeing benefits for employees and their families. ; Awareness of these benefits are promoted by assigned wellness officers, who encourage employees to use the resources available. The wellness team also set regular challenges to promote fitness and the benefit of connecting with the environment.

  Tackling economic inequality

  Our flexible working policy supports the creation of employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas. ; Our ability to offer home-based roles opens up job opportunities to suitable candidates in all locations, and not just those in commuting distance of a Unisys office. ; The cloud and security services in scope of this contract cover in demand and high growth technologies. ; Throughout the duration of this contract, Unisys associates will gain practical experience and highly desirable and transferable skills in the design and delivery of services these high-demand and high growth sectors. ; This will enhance their opportunity for career development and advancement within or outside Unisys. ; Career and skills development is supported by an Employee Development Plan features annual goal and performance reviews, training, and career development to give employees opportunities to achieve their personal and professional goals. ; All Unisys associates have access to the Unisys University, which has over 50,000 training artefacts covering technical and soft skills development. ; Technology courses include in-demand areas such as cloud-based technologies and cybersecurity. We also have alliances with (but not limited to) Google; Apple; Oracle; Cisco; Dell; EMC; Intel; Motorola; Micro Focus; Red Hat; Symantec and VMware and have access to alliance training and certification programs to further expand the range of career development opportunities for our staff.

  Equal opportunity

  Unisys views inclusion and diversity as not only the right thing to do, but a business imperative. ; We welcome associates of all abilities and are recognised as an employer of choice for people with disabilities, achieving a score of 100% on the Disability Equality Index for the third consecutive year in 2023. ; To measure and increase the representation of disabled people, we ask all associates to provide various statuses on a voluntary basis via our HR system. ; The data helps us understand the needs of our population and develop recommendations and action plans for improvement. ; As of April 2024, 9% of our workforce self-identifies as having a disability. ; Our Talent Acquisition team works with business leaders to help recruit and develop ways to increase this representation. ; An example is an initiative launched in 2020 to increase our neurodiverse population. ; The Neurodiversity at Work Programme gives neurodivergent people equal access to employment opportunities. ; In 2021 we joined the Valuable 500, a network of 500 global CEOs committed to diversity and transforming disability inclusion through business leadership and opportunity. Initiatives to support associates with disabilities include the Global Group for People with Diverse Abilities, an associate-led internal community group that provides a welcoming and inclusive space for individuals with different abilities and their allies. In terms of skills development, ; Unisys supports all associates in developing relevant new skills with personalised career development plans. ; This includes training courses offered via the Unisys University, many of which result in recognised qualifications. ; Technology courses include in-demand areas such as cloud-based technologies and cybersecurity. Our alliances with (but not limited to) Google; Apple; Oracle; Cisco; Dell; EMC; Intel; Motorola; Micro Focus; Red Hat; Symantec and VMware provide access to alliance training and certification programs to support career development.

  Wellbeing

  We care about supporting the physical and emotional wellbeing of our employees and provide a highly flexible benefits package with a wide range of leisure, lifestyle, protection and wellbeing benefits for employees and their families. ; Details of the benefits are published on the intranet. ; A helpdesk is also provided to answer any questions. ; The package of benefits is designed to support the physical, emotional and financial wellbeing of our associates. ; As everyone is different, the benefits options are flexible, to enable associates to choose the best options to help achieve the perfect work-life balance. ; Benefits cover: ; (1) Leisure: Annual Gym Membership ; (2) Lifestyle: with childcare vouchers, holiday trading and cycle to work protection ; (3) Financial: with Life Assurance, Critical Illness Insurance and Group Income Protection and ; (4) Wellbeing: with Travel Insurance, Dental Insurance, Healthcare Plan and annual Healthcare Screen. ; Awareness of these benefits are promoted by local wellness officers, who encourage employees to use the resources available. ; These wellness teams also set regular challenges to promote fitness and the benefit of connecting with the environment. ; Recent examples include the annual UK Charity Hike. ; The 2022 event, a 27km hike in the Chiltern Hills, raised over £5,000 for mental health charity Mind UK. The 2023 25km hike in the Peak District raised £2,700 for Cancer Research UK, Mental Health Foundation and the Alzheimer’s Society. To support mental wellbeing, the Mindfulness program has daily live and recorded meditation sessions to help reduce stress and increase productivity through meditation. ; In addition the online Unisys University contains a number of free training courses, available to all associates, including Working Well with Others; Optimising your Workplace Wellbeing; Making the Most of Organisational Change, Forging Relationships with External Stakeholders and Difficult People: Why They Act That Way and How to Deal with Them.

Pricing

• Price: £113.00 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudstore@unisys.com. Tell them what format you need. It will help if you say what assistive technology you use.