Cloud Panel – Draft Statement of Requirement

August 2014

Statement of Requirement

This draft Statement of Requirement (SOR) has been created to provide Commonwealth Agencies, industry members and interested parties with information on the requirements for the whole of government Cloud Panel. Finance has defined the Service Models and Categories for this Panel and requires Agencies, potential tenderers and interested parties to comment on the Services listed for this Panel.

Structure

The Service Models, with the exception of the Specialist Cloud Services (SCS), are defined as per the National Institute of Standards and Technology (NIST) definitions (see Definition of Cloud Computing). The SCS[1] is defined as:

Support services associated with the different service models. These may include services to transfer data/configuration between service providers, management and support of applications (workloads) operating on cloud Panel services, multi supplier service integration services and cloud strategy and implementation services.

The following diagram illustrates the structure of the Cloud Panel and the relationships between Service Models, Categories and Services.

Figure 1: Proposed Structure of the Cloud Panel

The Cloud Panel procurement intends to start with a small number of categories for each service model. The categories that have been included are based on feedback from the Data Centre as a Service Multi Use List (DCaaS MUL) as being categories that are in demand by Agencies. The number of categories will gradually increase over time to respond to Agency demand and changes in the market. Resource permitting, new categories to each service model could be added every 12 – 18 months if there is a need to do so.

The initial proposed categories are as follows:

SaaS

/

PaaS

/

IaaS

/

SCS

CRM / Application Deployment / Compute / Cloud Specialists
ERP / Web Hosting / Storage
IT Service Management
Productivity Solutions

Scope of Service

The services that are within scope of the Panel must demonstrate the Essential Characteristics of Cloud Services as defined by National Institute of Standards and Technology (NIST):

  • On-demand self-service:A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
  • Broad network access:Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
  • Resource pooling: The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data centre). Examples of resources include storage, processing, memory, and network bandwidth.
  • Rapid elasticity:Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
  • Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

The services that are out of scope of the Panel are:

  • Any services or products provided for under existing whole of government coordinated procurement initiatives listed on Finance’s website.

Specifications

All services offered by a tenderer that fall under the IaaS, PaaS and SaaS Service Models must satisfy the mandatory requirements, the Service Model specific requirements and the category specific requirements. Tenderers must provide specifications for each service as a set of descriptors.

Mandatory requirements are as follows:

  • On-demand self-service;
  • Broad network access;
  • Resource pooling;
  • Rapid elasticity; and
  • Measured service.

Finance provides a Service Specification template that tenderers are required to complete for each service they offer. The template contains two parts:

  1. The first part of the template contains Service Model and category specific requirements a service must meet in order to be considered as a service offered under a particular category of a Service Model.
  2. The second part of the template contains a set of descriptors for which the tenderers are invited to provide information. The information of each descriptor is designed to provide valuable information to government Agencies for the service being offered.

Tenderers are required to complete one form per service, where the services are covered by the requested categories. Within a service, tenderers are encouraged to provide multiple offerings which may be differentiated by variations on the descriptors (eg. bronze, silver and gold).

The example values after each descriptor within the specification templates are provided as a suggestion only, they are not designed to be an exhaustive list and they are not designed to restrict how tenderers offer or provide their services.

Specifications for individual categories

SaaS – Productivity Solutions

SaaS - Specific Requirements
Provision of software applications that are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface.
Productivity Solutions - Category specific requirements
Provision of cloud-based productivity software services, which includes applications for:
  • email and productivity;
  • communication and collaboration;
  • word processing, desktop publishing and document conversion;
  • spreadsheets;
  • presentations;
  • graphics suite;and/or
  • data collection.

Service Specific Conditions and Service Level Information to be provided by the Tenderer
Name of service:
Description of service:
Specification of standard offering:
Description / Offer 1 / Offer 2 / Offer 3
Offer name / eg. Bronze / eg. Silver / eg. Gold
Location: Country & State
Deployment Models
(Private Cloud, Community Cloud, Public Cloud or Hybrid Cloud)
IRAP assessed/Agency accredited at security classification (eg. None, Unclassified DLM systems, Protected)
Standards and accreditations that the service has obtained (eg. ISO Standards, security accreditation)
Protocol supported (eg. SSL, SMP)
Solution access interface (eg. web browser, program interface)
Supported web browsers (eg. Mozilla Firefox – IE10+, Safari 7/8, Chrome 5.1.5+)
Included components (eg. email and productivity, communication and collaboration, word processing, desktop publishing and document conversion, spreadsheets, presentations, graphics suite, data collection etc.)
Implementation procedures in place (eg. none, standard procedures used for all customers, standard procedures customised to each customer, procedures developed with each customer as required)
User type (eg. Basic, Essential, Professional)
User type description (i.e. What can this type of user do?)
Supported client devices (eg. desktop, mobile device)
System integration (eg. Email, Active Directory, Social Media)
Billing unit/interval (eg. per server per month)
Maximum price per billing unit/interval (eg. $X per server per month)
Minimum entry unit/interval (eg. None, 1 server for one month)
Free Trial Option (eg. None, 1 month, 3 months)
Service Hours (eg. 24 hours Business Days only, 24 x 7 x 365)
Service Availability per month (eg. >95%, >= 99%, >= 99.9%)
Schedule Outage hours per month (eg. <30, <15)
Service Monitoring (eg. Website availability, CPU utilisation, Memory utilisation)
Backup and Restore (eg. full backup once per week and incremental backups on other week days)
Archiving (eg. none, one year, seven years)
Help Desk Support Hours (eg. Not applicable, 24 x 7 x 365)
Method of lodging Help Desk Requests (eg. Email, Self-service portal)
Method of tracking Help Desk Requests (eg. Email, Self-service portal)
Service Report Delivery (eg. Email, Self-service portal)
Service Reporting Options (eg. Real time usage, customised)
Provisioning Lead Times (eg. one day, one week)
Decommissioning Timeframe (eg. one day, one week)
Additional features included in the service at no additional cost
Optional:
Anti-Spam
Group inbox/distribution list
Provisioning or link to instant messaging
Other (please specify)
Other (please specify)
Other (please specify)

SaaS - Customer Relationship Management (CRM)

SaaS - Specific Requirements
Provision of software applications that are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface.
Customer Relationship Management(CRM) - Category specific requirements
Provision of a cloud-based CRM solution which offers at least one of the following customer relationship management functions:
Account managements
Contact management
Customer service (e.g. help desk, satisfaction survey)
Sales Planning (e.g. sales goals setting, forecasting)
Sales quotations (e.g. quote generation)
Task and activity management (e.g. to-do-list, follow-up activities)
Service Specific Conditions and Service Level Information to be provided by the Tenderer
Name of service:
Description of service:
Specification of standard offering:
Description / Offer 1 / Offer 2 / Offer 3
Offer name / eg. Bronze / eg. Silver / eg. Gold
Location: Country & State
Deployment Models
(Private Cloud, Community Cloud, Public Cloud or Hybrid Cloud)
IRAP assessed/Agency accredited at security classification (eg. None, Unclassified DLM systems, Protected)
Standards and accreditations that the service has obtained (eg. ISO Standards, security accreditation)
Protocol supported (eg. SSL, SMP)
User type (eg. Basic, Essential, Professional)
User type description (i.e. What can this type of user do?)
Supported client devices (eg. desktop, mobile device)
System integration (eg. Email)
Billing unit/interval (eg. per server per month)
Maximum price per billing unit/interval (eg. $X per server per month)
Minimum entry unit/interval (eg. None, 1 server for one month)
Free Trial Option (eg. None, 1 month, 3 months)
Service Hours (eg. 24 hours Business Days only, 24 x 7 x 365)
Service Availability per month (eg. >95%, >= 99%, >= 99.9%)
Schedule Outage hours per month (eg. <30, <15)
Service Monitoring (eg. Website availability, CPU utilisation, Memory utilisation)
Backup and Restore (eg. full backup once per week and incremental backups on other week days)
Archiving (eg. none, one year, seven years)
Help Desk Support Hours (eg. Not applicable, 24 x 7 x 365)
Method of lodging Help Desk Requests (eg. Email, Self-service portal)
Method of tracking Help Desk Requests (eg. Email, Self-service portal)
Service Report Delivery (eg. Email, Self-service portal)
Service Reporting Options (eg. Real time usage, customised)
Provisioning Lead Times (eg. one day, one week)
Decommissioning Timeframe (eg. one day, one week)
Additional features included in the service at no additional cost
Optional:
Other (please specify)
Other (please specify)
Other (please specify)

SaaS - Enterprise Resource Planning (ERP)

SaaS - Specific Requirements
Provision of software applications that are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface.
Enterprise Resource Planning (ERP) - Category specific requirements
Provision of a cloud-based ERP solution which includes one or more of the following functions:
  • Accounting
  • Human resources management
  • Procurement processing
  • Supply chain management
  • Project management
  • Inventory management
  • Contract management

Service Specific Conditions and Service Level Information to be provided by the Tenderer
Name of service:
Description of service:
Specification of standard offering:
Description / Offer 1 / Offer 2 / Offer 3
Offer name / eg. Bronze / eg. Silver / eg. Gold
Location: Country & State
Deployment Models
(Private Cloud, Community Cloud, Public Cloud or Hybrid Cloud)
IRAP assessed/Agency accredited at security classification (eg. None, Unclassified DLM systems, Protected)
Standards and accreditations that the service has obtained (eg. ISO Standards, security accreditation)
Protocol supported (eg. SSL, SMP)
Solution access interface (eg. web browser, program interface)
Supported web browsers (eg. Mozilla Firefox – IE10+, Safari 7/8, Chrome 5.1.5+)
Specific functional area (eg. accounting, HR, procurement, contract management)
Included components (eg. workflow management, social media, customisable reporting and dashboard, transactional database management)
Implementation procedures in place (eg. none, standard procedures used for all customers, standard procedures customised to each customer, procedures developed with each customer as required)
Billing unit/interval (eg. per server per month)
Maximum price per billing unit/interval (eg. $X per server per month)
Minimum entry unit/interval (eg. None, 1 server for one month)
Free Trial Option (eg. None, 1 month, 3 months)
Service Hours (eg. 24 hours Business Days only, 24 x 7 x 365)
Service Availability per month (eg. >95%, >= 99%, >= 99.9%)
Schedule Outage hours per month (eg. <30, <15)
Service Monitoring (eg. Website availability, CPU utilisation, Memory utilisation)
Backup and Restore (eg. full backup once per week and incremental backups on other week days)
Archiving (eg. none, one year, seven years)
Help Desk Support Hours (eg. Not applicable, 24 x 7 x 365)
Method of lodging Help Desk Requests (eg. Email, Self-service portal)
Method of tracking Help Desk Requests (eg. Email, Self-service portal)
Service Report Delivery (eg. Email, Self-service portal)
Service Reporting Options (eg. Real time usage, customised)
Provisioning Lead Times (eg. one day, one week)
Decommissioning Timeframe (eg. one day, one week)
Additional features included in the service at no additional cost
Optional:
Data migration service
Training services
Other (please specify)
Other (please specify)
Other (please specify)

SaaS – IT Service Management (ITSM)

SaaS - Specific Requirements
Provision of software applications that are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface.
IT Service Management (ITSM) - Category specific requirements
The implementation and management of quality IT services that meet business needs. IT service management is performed by IT service providers through an appropriate mix of people, process and information technology. It emphasizes the importance of coordination and control across various business functions, processes and systems necessary to manage the full lifecycle of IT services.[2]
This includes the following IT functions, consistent with ISO/IEC 20000:
  • incident and problem management;
  • service continuity and availability management;
  • change and release management;
  • configuration management;
  • service catalogue;
  • asset management;
  • cost management;
  • reporting

Service Specific Conditions and Service Level Information to be provided by the Tenderer
Name of service:
Description of service:
Specification of standard offering:
Description / Offer 1 / Offer 2 / Offer 3
Offer name / eg. Bronze / eg. Silver / eg. Gold
Location: Country & State
Deployment Models
(Private Cloud, Community Cloud, Public Cloud or Hybrid Cloud)
IRAP assessed/Agency accredited at security classification (eg. None, Unclassified DLM systems, Protected)
Standards and accreditations that the service has obtained (eg. ISO Standards, security accreditation)
Protocol supported (eg. SSL, SMP)
Solution access interface (eg. web browser, program interface)
Supported web browsers (eg. Mozilla Firefox – IE10+, Safari 7/8, Chrome 5.1.5+)
Included components (eg. workflow management, social media, customisable reporting and dashboard, transactional database management)
Implementation procedures in place (eg. none, standard procedures used for all customers, standard procedures customised to each customer, procedures developed with each customer as required)
Supported client devices (eg. desktop, mobile device)
System integration (eg. Email, Active Directory, Social Media)
Billing unit/interval (eg. per server per month)
Maximum price per billing unit/interval (eg. $X per server per month)
Minimum entry unit/interval (eg. None, 1 server for one month)
Free Trial Option (eg. None, 1 month, 3 months)
Service Hours (eg. 24 hours Business Days only, 24 x 7 x 365)
Service Availability per month (eg. >95%, >= 99%, >= 99.9%)
Schedule Outage hours per month (eg. <30, <15)
Service Monitoring (eg. Website availability, CPU utilisation, Memory utilisation)
Backup and Restore (eg. full backup once per week and incremental backups on other week days)
Archiving (eg. none, one year, seven years)
Help Desk Support Hours (eg. Not applicable, 24 x 7 x 365)
Method of lodging Help Desk Requests (eg. Email, Self-service portal)
Method of tracking Help Desk Requests (eg. Email, Self-service portal)
Service Report Delivery (eg. Email, Self-service portal)
Service Reporting Options (eg. Real time usage, customised)
Provisioning Lead Times (eg. one day, one week)
Decommissioning Timeframe (eg. one day, one week)
Additional features included in the service at no additional cost
Optional:
Data migration service
Training services
Other (please specify)
Other (please specify)
Other (please specify)

PaaS - Application Deployment

PaaS - Specific Requirements
Provision of resources for developing, deploying and management of applications distributed as a service
Application Deployment - Category specific requirements
Provision of a software platform on which customers may deploy their own applications.
Service Specific Conditions and Service Level Information to be provided by the Tenderer
Name of service:
Description of service:
Specification of standard offering:
Description / Offer 1 / Offer 2 / Offer 3
Offer name / eg. Bronze / eg. Silver / eg. Gold
Location: Country & State
Deployment Models
(Private Cloud, Community Cloud, Public Cloud or Hybrid Cloud)
IRAP assessed/Agency accredited at security classification (eg. None, Unclassified DLM systems, Protected)
Standards and accreditations that the service has obtained (eg. ISO Standards, security accreditation)
Protocol supported (eg. SSL, SMP)
Operating System (eg. Linux, Windows, AIX)
Billing unit/interval (eg. per server per month)
Maximum price per billing unit/interval (eg. $X per server per month)
Minimum entry unit/interval (eg. None, 1 server for one month)
Free Trial Option (eg. None, 1 month, 3 months)
Service Hours (eg. 24 hours Business Days only, 24 x 7 x 365)
Service Availability per month (eg. >95%, >= 99%, >= 99.9%)