Rfa 1655/2017: Accreditation of Suppliers to Provide Private Cloud Hosting Service Capability

RFA 1655/2017: ACCREDITATION OF SUPPLIERS TO PROVIDE PRIVATE CLOUD HOSTING SERVICE CAPABILITY OVER A PERIOD OF 60 MONTHS

Section 2.1 (e) Integration with SITA cloud service brokerage platform;

What integration mechanisms must be supported? Integration needs to be provided via API

Must integration be provided via an API? If so, are there any base requirements regarding the API that must be supported? Once the Cloud Suite has been awarded will there a better understanding of base requirements. At the moment the API would be at rest based on the conceptual design.

2. Section 2.1 (f) Integration with SITA Network Operation Centre (NOC)

What integration mechanisms must be supported?

Must integration be provided via an API? If so, are there any base requirements regarding the API that must be supported?

The following products is utilised by the NOC will need to abide to the integration methodologies utilised by the products.

· CA eHealth

· HP Network Node Manager

· Cisco Prime Infrastructure

· IBM Netcool

· Net scout

3. Section 3.1 (d) The proposed private cloud platform must be dedicated or have logical isolation for SITA and cannot share resources or platforms with other tenants or clients of the bidder

Do you accept VLAN separation across networking infrastructure as sufficient separation, or is dedicated equipment required? VLANs with additional security controls will suffice.

Do you accept dedicated LUN’s on storage arrays as sufficient separation, or is dedicated storage arrays required? This is acceptable as an industry requirement, just need to ensure encryption then is added if the same array is being used.

Do you accept Virtual Domains (VDOM) separation across firewall infrastructure as sufficient separation, or is dedicated equipment required? This is accepted from an industry best practice, but need to confirm with Oasis requirements

4. Section 7.2 4 (i) Services, virtual machines and storage can be terminated at any time and a full cloud service asset lifecycle management is available

Please clarify what is meant by or required for “a full cloud service asset lifecycle management”

A full cloud service asset lifecycle management is the provisioning or deprovisioning of the service provisioned to support the business application. This includes the provisioning and deprovisioning of the service from the service catalogue, operational supporting services, management services, billing, etc.

5. Section 7.2 4 (m) Snapshotting tools to allow for imaging the server for migration purposes is available

Is this to provide tools to create images of existing servers outside of the environment for migration into the environment, or for creating images of machines provisioned within the private environment? Priority is to create images within the private environment. Creation of existing servers outside the environment is a nice to have but not immediately required.

If within the private environment, are snapshotting tools specifically required, or simple the ability to seamlessly create an image? Snapshotting will be used to take a point in time snapshot for testing purposes of application or when applying a fix. Also used to create an image

Are additional features such is image import / export required? Yes it would be a requirement if importing servers.

6. Section 7.2 4 (q) The private cloud hosting platform will be allowing replication at the selected disaster recovery facility to allow for the data or services in the primary facility to be replicated asynchronously/ synchronously to the disaster recovery facility. This ensures that all data is available in the event of a disaster in the primary cloud platform

Please confirm that the “selected disaster recovery facility” refers to a DR facility provided within the private cloud hosting platform solution, and not a facility outside the scope of the private cloud hosting platform. This will demand on the Clients DR policy

7. Section 7.2 4 (r) (ii) Incorporate encryption of the backup

Is encryption required for data inflight as well as at rest? Both

8. Section 7.2 4 (r) (iii) For legislative purposes, a backup retention function must be available to ensure conformance

What backup retention periods must be supported?

a. Daily incremental backup = data retention of seven (7) days

b. Weekly full backup = four (4) weeks

c. Monthly full backup = twelve (12) months

9. Section 7.2 5 (c) Provisioned servers are backed up on a daily, weekly, monthly and annual basis

Is the service expected to automatically include and backup any deployed server, or will servers be specifically added into the backup system as required?

Will be determined by the client and workload.