Non-rhythmic communication is communication between the Parties during the uptime of the Services and not affecting the modification or termination of this Agreement.
Frequently Asked Questions
General
When creating your first project in the Government Cloud, follow the document that can be found on this page in the DOCUMENTS section, the document "CREATING YOUR FIRST PROJECT IN THE GOVERNMENT CLOUD".
Legislation, the nature and character of the information systems and data to be operated in the state cloud requires specific requirements for architecture, security, physical location, DR and guaranteed availability.
The target list of cloud services changes according to the current requirements of cloud customers and based on the cloud owner's decision. Even the state of IaaS services is not yet complete. DR IaaS services need to be completed and the cloud needs to be extended to the datacenter managed by the Ministry of Interior, which is the owner of the government cloud alongside the Ministry of Finance.
The cloud has a separate physical and logical topology. It was designed to scale in all directions. When there is a lack of server capacity, servers are added to the system, when there is a lack of disk capacity, disks are added to storage or the number of storage locations is expanded. When firewalls are saturated, more will be added. All this without the need to change the logical topology and with minimal to no impact on the operation of existing systems in the cloud.
All cloud services have a guaranteed SLA.
The government cloud has been designed and implemented in accordance with ISO 27000 standards.
No, government cloud services include license pricing. For example, when selecting a virtual server service with Windows operating system, the price of the service includes the Windows operating system as well as the virtualization platform on which the server is operated (VMware).
IaaS services that are published in the service catalogue are in operation. Government customers can request the Department of the Interior to create an infrastructure environment for their information system. As a rule, 4 environments are created: development, testing, integration and production. The environments are designed for the development, testing, deployment and operation of new IT systems and upgrades in an integrated government environment.
No, but the vast majority of new IT systems should be designed to be cloud ready.
The cloud customer has access to the service desk system, through which it is possible to report incidents, problems and request additional information on cloud services.
No, it is recommended not to migrate systems that have sufficient quality and secure ICT infrastructure and do not need new cloud services. In case of a major upgrade, need for new cloud services or infrastructure upgrade for various reasons, it is recommended to migrate systems to the cloud.
A Private Government Cloud is a government cloud computing platform that dynamically provisions and releases shared technical resources (servers, storage, databases, applications, etc.).
Critical communications are communications between the Parties at the time of a recorded service outage.
Yes, the government cloud is continuously updated against the latest security threats. The solution also includes a number of security tools such as SIEM, NBAD and DDOS ensuring enhanced protection of the systems in operation. Penetration tests have also been successfully conducted for the government cloud environment by CSIRT.
Services that are not currently provided by the Government Cloud solution are addressed in the feasibility study "Deploying Platform as a Service". If the service you require is not part of the feasibility study, please email your request to cloudinfo@minv.sk.
No, all environments are designed for government to support the development of services in an integrated government environment. Vendors for the purpose of debugging, testing, deploying and supporting their systems in a government environment can be given access to these environments.
The basic principle of cloud solutions is the sharing of ICT resources between IT services to achieve higher utilisation. In IaaS services, the network infrastructure and CPU of virtual servers are shared. RAM and HDD are fully allocated for the assigned virtual server. If performance issues are identified, the service can be upgraded to a service with higher performance parameters.
Cloud services are free. Any request to set up cloud services is subject to approval by the Cloud Service Provider. The Provider will evaluate requests in the context of available cloud capacity. Once the requirements are approved, the cloud services are created and made available to the Subscriber in an automated manner.
The services can be divided into three groups:
ICT infrastructure IaaS services such as: network and security infrastructure, internet connections and government networks, server platforms, data storage, backup infrastructure, etc. Platform PaaS services such as: web servers, application servers, integration components and platforms, databases, etc. Various SaaS software services such as: email and collaboration tools, DMS, ERP, CRM, etc.
A detailed list of currently provided services can be found in the service catalogue. The target status of the proposed services changes based on the actual requirements of the service customers at the discretion of the cloud owner.
Access to cloud services is possible independently of the location of the cloud services or the location of access to the cloud services and without personal contact with the cloud service provider. Once the cloud services have been commissioned, approved and deployed, the subscriber also has VPN access created in an automated manner to access the cloud services.
technical
We have two data centers DC Tajov and DC Kopčianska.
A detailed list of currently provided services can be found in the service catalogue. As an example of IaaS services we provide: virtualized x86 (Windows or Linux) and RISC (Unix) server platforms of different sizes (S, M, L, XL) in four security zones (DMZ, presentation, application and database) for four dedicated cloud IaaS environments (development, testing, pre-production and production). Each server can be assigned data stores of varying capacity, throughput, and response speed. For each environment, communication requirements and possible backup requirements need to be defined.
Red Hat Enterprice Linux 7.4 (64bit) Red Hat Enterprice Linux 6.6 (64bit) CentOS 7-1611 (64 bit) CentOS 6.7 (64Bit) Microsoft Windows Server 2012 R2 (64bit) AIX 7.1 TL3 (64Bit)
System security is at the communication infrastructure level. In the cloud, an isolated computing environment is created for your systems that you can only access using a VPN. You have full control over the systems you place in the cloud.
A system of isolated networks and computing environments is created for each project. A project is network isolated from other projects and can have isolated computing environments within the project (e.g.: production, test, development). This means that systems created within one computing environment do not see systems in another computing environment, even though they are in the same project.
There are two phases to the end of a project's life. The first phase is to lock the project. This state occurs immediately when the customer requests to cancel the project. The project is unavailable, its virtual servers are shut down, but it waits for deletion during a specified retention period. After the retention period expires, all virtual servers and their disks are deleted. This means that the original data is not addressable. A disk retention policy is applied to all recording media, where in the event of a failure the disk is retained in the possession of the operator.
Service performance is determined by the characteristics of the virtual server and the characteristics of the external virtual disk. The virtual server is determined by templates with triples of values (vCPU, vRAM, vHDD), the external virtual disk is determined by size (variable, upper bounded value) and access speed with Tier1, Tier2, Tier3 (descending). The virtual disks required by Tier1 are located on SSDs and their use is only allowed in a production computing environment. All virtual server templates and access speeds for each "Tier" level are described in the service catalog.
The OpenStack IaaS technology platform does not currently support multiple virtual servers accessing a single block device/virtual disk. Data sharing via NFS, CIFS, etc. can be used if needed.
The virtual server is installed on Tier2 disks. External virtual disks can be made Tier1, Tier2 or Tier3 (see the service catalog for quality descriptions) using the following rules:
- Tier1 - disks of this type are only allowed to be created in a production environment, using the access speed of SSDs
- Tier2 - common drives for standard applications
- Tier3 - slower disks typical for use with backup archiving applications
Cloud environments leverage multiple layers of security protection and analytics composed of products (e.g. Firewall, IPS, IDS, DDoS, SIEM, NBAD, etc.) from multiple reputable vendors. Systems hosted in the cloud must traverse the entire security perimeter based on project-defined rules.
The cloud provides the secure infrastructure needed to run information systems. The security of the information systems themselves is the responsibility of the organisations using cloud services.
No, there are well-defined standards and services provided in the cloud. The user of cloud services must choose from dedicated operating systems, server sizes and attached disk space.
No, there are well-defined standards and services provided in the cloud. The user of cloud services must choose from dedicated operating systems, server sizes and attached disk space.
It is possible to select the CentOS operating system from the catalogue of services for such purposes.
The platform for automating systems in the cloud is called the orchestration layer. In this cloud, the orchestration layer used is based on OpenStack technology with support for virtualization layers (hypervisors) Vmware and PowerVC. OpenStack is an initiative involving many reputed companies for creating orchestration environment. For more, visit http://www.openstack.org.
When creating a project, the government cloud allows for the creation of multiple layers and environments. The layers are labeled DMZ, V1, V2, V3. The hierarchy of the layers is as follows: DMZ/V1 - V2 - V3. Communication is allowed only between adjacent layers. Communication to external networks (e.g. GOVNET, Internet) is allowed only from the DMZ layer. The servers of a standard three-layer application (WEB/APP/DB) that is accessible from an external network need to be placed as follows:
- DMZ - WEB
- V2 - APP
- V3 – DB
In case one server provides multiple functions (e.g. WEB/APP), we place the servers as follows:
- DMZ - WEB/APP
- V2 - DB
In the case of connecting the government cloud to your organization's internal network by creating a site-to-site VPN tunnel, the WEB servers providing services to the internal network need to be placed in layer V1. The environments allow separation of production, test and other project instances. Communication between environments is not possible. The government cloud allows the creation of 4 environments. Within a layer, environments share a single IP range.
The government cloud provides the initial templates for selected operating systems and the infrastructure needed to update them. Microsoft updates are currently available in the following classifications: Critical Updates, Definition Updates, Drivers, Feature Packs, Security Updates, Service Packs, Tools, Update Rollups, Updates. They are provided for the following products: Windows Server 2012, Windows Server 2012r2, Office 2013 family, MS SQL Server 2012 (additional products can be specified) Language support English (possibility to specify others). The user of IaaS services is responsible for updating the running virtual servers.
In addition to providing updates, the government cloud provides, for example, time synchronization via NTP. Other services are gradually being introduced in the government cloud. A list of available services is provided in the current version of the service catalogue.
A cloud user can implement such support services in an existing IaaS cloud environment or make them available from an external environment.
Currently the government cloud is connected to external networks GovNet, Internet , MVNet - DC Tajov, DC Kopcianska - it also includes CTI connectivity. The government cloud environment is technologically ready for connection to other networks, while their connection depends on the requirements of specific systems and the possibilities on the part of the entities operating the external networks.
Yes.
Monitoring of IaaS services in the government cloud is implemented in the CSP customer interface in the form of the following operational parameters:
- virtual server status (the value will be represented by an icon, VM is running or not running)
- uptime (a time value defining the length of time the virtual server has been running since the last start)
- graphical representation of virtual server parameter utilization RAM, CPU, HDD The government cloud also has an enterprise monitoring system providing monitoring of the complete ICT infrastructure at the level of individual components.
Yes, currently the government cloud provides backup images (snapshots) of the virtual servers with all its disks stored on TIER III disks and then on tape media at regular intervals as part of the IaaS services. The recommendation for users of IaaS services is to use existing snapshots of virtual servers with a custom backup procedure for the file system or databases, etc. In the future, the establishment of a centralized SaaS-based backup service is being considered.