California Managed Cloud (CAMC)

Why CAMC?

CDT-managed Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) in the public cloud are provided through California Managed Cloud (CAMC). CDT’s CAMC delivers these services cost-effectively as an alternative to traditional on-premises setups while still maintaining access to recognized third-party cloud providers/services (i.e., Azure and AWS).

We build it, we manage it seamlessly for you – CDT Managed

CDT’s fully managed service provides a secure environment that is compliant with IT industry standards (i.e., SIMM, NIST, etc.). As expected from a managed service, CDT performs all infrastructure management tasks to ensure your system is up to date, secure, stable, and running efficiently. SOCaaS (Security Operations Center as a Service), CPI (Cloud Provider Interconnect), and 24x7x365 monitoring and support allows your department to focus on your customers and business needs.

We build it, you control it – Self-Managed

All the benefits from CAMC IaaS and PaaS compliant and secured environments are also available as a self-managed offering that complements and supports your full control over configuration, management, and maintenance of the infrastructure.

Benefits

Low-cost hosting solution
No capital expenditures
Rapid provisioning
24×7 Help Desk*
24×7 Operations Center*
26 instance sizes to choose from to meet any application-sizing requirements
Native Cloud Services such as Container, Serverless, Autoscale Groups and RDMS

*Only included for CAMC CDT Managed

Included

Serverless Computing

Native support for Java, Go, PowerShell, Node, C#, Ruby, and Python.
Built-in fault tolerance.
Automatic scaling.
Connection to Relational Database Services (RDS).

Amazon S3

Storage helps you create data lakes for your analytics needs, and provides storage to build powerful cloud-native and mobile app.

Azure Blob

Unlimited Object Storage with varying storage and pricing tiers.

Relational Database Service (RDS)

Instances are pre-configured with parameters and settings appropriate for the engine and class you have selected.
Relational database software powering your deployment stays up-to-date with the latest patches.
Push-button database scaling up to a maximum of 32 vCPUs and 244 GB of RAM.
Deploy “Read Replicas” of databases to improve the performance of the main databases.
Automated backups enable point-in-time recovery of databases.
The database is deployed in multiple availability zones to ensure availability.
Data encryption is at rest and in transit
Reserve instances are available
Available as a Pay-as-you-go service

Auto-Scaling Groups

Launch or terminate compute servers in auto-scaling groups.
Adjust compute instances to the desired account using server and network-based metrics and alarms.
Configure predefined optimization strategies to optimize performance and cost.

Hardware

Multiple instance sizes to choose from to meet any application-sizing requirements.

Operating System

Windows Server 2019, 2022
RedHat Enterprise Linux 64bit

Network Connection

Cloud Provider Interconnect (CPI) connections into the CAMC environment.

Security Operations Center as a Service (SOCaaS)

Managed service that monitors and protects systems from cyber threats.

Security

Operating system security strictly adheres to established, applicable CDT security policies. Policies include, but are not limited to, an established quarterly operating system patch cycle and routine third-party security scans to test for known vulnerabilities. For more information, see Security Services.

Security Benefits

Security is embedded into the automation that builds the account and deploys the services.
Data encryption is in transit and at rest.
Network traffic inspected at CDT firewalls and IPS.
Network traffic logs are created using automation. Network logs are stored in S3 and sent to Splunk SIEM.
Full logging is enabled and logs are sent to our Security Operations Center for 24×7 monitoring.
Security aligned with the following IT security standards:
- SOC 1/ISAE 3402
- SOC 2
- SOC 3
- FISMA
- DIACAP
- FedRAMP Moderate
- PCI DSS Level 1
- ISO 9001
- ISO 27001
- ISO 27017
- ISO 27018

Administration

The following components and features are standard administration responsibilities for CDT:

Data storage
Operating system patching
Serverless application functions
Capacity, performance, and system-level fault monitoring
Cloud-provider managed Virtual servers
Point-in-time backups and restores
Storage lifecycle policies
CDT standard security scans

Roles & Responsibilities

Role	CDT Managed	Self-Managed
Operating System	X	X
Operating System Patching	X	X
Application Exception: Depends on the owner of the application.	X	X
Application Layer Security Exception: Depends on the owner of the application.	X	X
Application Maintenance Exception: Depends on the owner of the application.	X	X
Application Support Exception: Depends on the owner of the application.	X	X
DNS	X	X

Storage

Role	CDT Managed	Self-Managed
Device(s)	X	X
Connectivity to servers	X	X
Disk space management	X	X
Backup and recovery	X	X

Rates

Customers are charged the vendor’s usage costs for subscribed services, plus a 16% Support Service Fee.

Service Description	Service Identifier	Product Name	Unit of Measurement	Rate	Service Code
CAMC Pass-Through	CA Managed Cloud	CA Managed Cloud	Variable	Vendor Cost +16% Fee	L501
CAMC Windows IaaS Support	CA Managed Cloud	CA Managed Cloud	Per IaaS VM Instance, Per Month	$700.00	L502
CAMC Linux IaaS Support	CA Managed Cloud	CA Managed Cloud	Per IaaS VM Instance, Per Month	$700.00	L503

Request service

Service Request Name	Link
California Managed Cloud Services (CAMC) Submit a service request for CDT Managed or Self-Managed options: IaaS, PaaS and FaaS services, Builds, Changes, and Discontinue.	California Managed Cloud Services (CAMC)

Service Level Objectives

Service Level Objectives (SLO) – California Managed Cloud (CAMC) Public Cloud Native Services – AWS

For CAMC Linux Platform Service SLOs, select the “SLO” Tab from this page: Platform-Linux – CDT Services (ca.gov)

For CAMC Windows Platform Service SLOs, select the “SLO” Tab from this page: Platform-Windows – CDT Services (ca.gov)

CAMC Native Services SLOs are as follows:

Service Option	Fulfillment Timeframe SLO	Process	Dependencies
New	95% within 21 calendar days	Customer Initiates Request - 2 Days Customer submits request with all account and user information CDT Cloud Review - 4 Days Cloud Team receives, reviews, and gathers additional information (if needed); once finalized, Cloud Team creates AWS account and configures standard Services (CloudTrail logs, Billing Roles) and user accounts CDT Billing (User creation/SAML Federation) - 15 Days CDT receives and reviews request CDT schedules working session to add SAML Federation or creates users CDT Submits request for Enterprise Support be added to the AWS account	Customer submission of accurate information and documentation Account Creation is for a single AWS account Applies to all new/modify/discontinue requests
Modify	95% within 65 calendar days	Customer Initiates Request - 2 Days Customer submits request with all account and user information CDT Cloud Review - 3 Days Cloud Team receives, reviews, and gathers additional information (if needed); once finalized, Cloud Team initiates AWS move with Reseller which can only occur at the end of month AWS Account Transfer - 45 Days Letter of Agreement signed by former Reseller/Service owner and sent to AWS to migrate the AWS account (must be signed and received within 10 business days of end of month or it will be pushed to the following month) CDT Submits request for Enterprise Support be added to the AWS account CDT Billing (User creation/SAML Federation) - 15 Days CDT receives and reviews request CDT schedules working session to add SAML Federation or creates users CDT utilizes AWS Root user to suspend the account. Billing charges cease, account remains suspended for 90 days before being deleted	Customer submission of accurate information and documentation Account modify is for a single AWS account Applies to all new/modify/discontinue requests
Decommission	95% within 20 calendar days (Remove from monthly billing invoice)	Customer Initiates Request - 2 Days Customer submits request with all account and user information CDT Cloud Review - 3 Days Cloud Team receives, reviews, and gathers additional information (if needed); once finalized, Cloud Team decommissions AWS account and removes standard Services (CloudTrail logs, Billing Roles) and user accounts CDT Billing (User creation/SAML Federation) - 15 Days CDT receives and reviews request CDT schedules working session to remove SAML Federation or delete users if this is the only remaining AWS account on contract CDT utilizes AWS Root user to suspend the account. Billing charges cease, account remains suspended for 90 days before being deleted	Customer submission of accurate information and documentation Account Creation is for a single AWS account Applies to all new/modify/discontinue requests

FAQs

How long will it take to build my services in the cloud?

Generally, it takes a couple of days to have a scoping meeting to determine your needs and then build to those specifications.

How do I get billed for Cloud Services?

All Cloud Provider charges incurred are pass-through charges on your bill. Support charges will be added according to the services chosen.

What group inside CDT will support my services?

A cross-functional team will assist with designing, scoping, building, and supporting your system.