California Managed Cloud (CAMC) Hosting

CAMC provides customers with CDT managed services within the public cloud. These services include Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). IaaS provides traditional virtual servers and provides for the selection of vCPU, memory, storage, and data protection. PaaS brings new services such as containers, serverless, and other cloud-native offerings. CAMC provides these services in a cost-effective manner in the public cloud as an alternative to the traditional on-premises deployments. Currently, this offering is only available on AWS but other Cloud Providers will be added in 2023.

Highlights

  • Low-cost hosting solution
  • No capital expenditures
  • Rapid provisioning

 

  • 24×7 Help Desk
  • 24×7 Operations Center

 

  • 26 instance sizes to choose from to meet any application-sizing requirements
  • Native Cloud Services such as Container, Serverless, Autoscale Groups and RDMS

Serverless Computing

  • Native support for Java, Go, PowerShell, Node, C#, Ruby, and Python.
  • Built-in fault tolerance.
  • Automatic scaling.
  • Connection to Relational Database Services (RDS).

Amazon S3

  • Unlimited Object Storage with varying storage and pricing tiers.

Relational Database Service (RDS)

  • Instances are pre-configured with parameters and settings appropriate for the engine and class you have selected.
  • Relational database software powering your deployment stays up-to-date with the latest patches.
  • Push-button database scaling up to a maximum of 32 vCPUs and 244 GB of RAM.
  • Deploy “Read Replicas” of databases to improve the performance of the main databases.
  • Automated backups enable point-in-time recovery of databases.
  • The database is deployed in multiple availability zones to ensure availability.
  • Data encryption is at rest and in transit
  • Reserve instances are available
  • Available as a Pay-as-you-go service

Auto-Scaling Groups

  • Launch or terminate Amazon EC2 servers in auto-scaling groups.
  • Adjust ECS and EC2 instances to the desired account using server and network-based metrics and alarms.
  • Configure predefined optimization strategies to optimize performance and cost.

Hardware

  • 26 instance sizes to meet any application sizing requirements.

Operating System

  • Windows Server 2019, 2022
  • RedHat Enterprise Linux 64bit

Network Connection

  • Cloud Provider Interconnect (CPI) connections into the CAMC environment.

Security

Operating system security strictly adheres to established, applicable CDT security policies. Policies include, but are not limited to, an established quarterly operating system patch cycle and routine third-party security scans to test for known vulnerabilities.

For more information, see Security Services.

Security Benefits

  • Security is embedded into the automation that builds the account and deploys the services.
  • Data encryption is in transit and at rest.
  • Network traffic inspected at CDT firewalls and IPS.
  • Network traffic logs are created using automation. Network logs are stored in S3 and sent to Splunk SIEM.
  • API calls are logged and sent to the Splunk SIEM where they are monitored by 24×7 security staff.
  • AWS Shield is deployed on all accounts. AWS Shield Advanced provisioned at customer’s request at no cost.
  • AWS Guardduty leverages AI to identify unusual account activity.
  • CloudFront CDN and WAF deployed on customer AWS accounts.
  • Full logging is enabled and logs are sent to our Security Operations Center for 24×7 monitoring.
  • Security aligned with the following IT security standards:
    • SOC 1/ISAE 3402
    • SOC 2
    • SOC 3
    • FISMA
    • DIACAP
    • FedRAMP Moderate
    • PCI DSS Level 1
    • ISO 9001
    • ISO 27001
    • ISO 27017
    • ISO 27018

The following components and features are standard administration responsibilities for CDT:

  • Data storage
  • Operating system patching
  • Serverless application functions
  • Capacity, performance, and system-level fault monitoring
  • Cloud-provider managed Virtual servers
  • Point-in-time backups and restores
  • Storage lifecycle policies
  • CDT standard security scans

RoleCDTCustomer
Operating SystemX
Operating System PatchingX
Application
Exception: Depends on the owner of the application.		XX
Application Layer Security
Exception: Depends on the owner of the application.		XX
Application Maintenance
Exception: Depends on the owner of the application.		XX
Application Support
Exception: Depends on the owner of the application.		XX
DNSX

Storage

RoleCDTCustomer
Device(s)X
Connectivity to serversX
Disk space managementX
Backup and recoveryX
Capacity MonitoringX

Customers are charged the vendor’s usage costs for subscribed services, plus a 10% Support Service Fee.

Service DescriptionService IdentifierProduct NameUnit of MeasurementRateService CodeNotes
CAMC Pass-ThroughCA Managed CloudCA Managed CloudVariableVendor Cost +10% FeeL501
CAMC Windows IaaS SupportCA Managed CloudCA Managed CloudPer IaaS VM Instance, Per Month$295.00L502
CAMC Linux IaaS SupportCA Managed CloudCA Managed CloudPer IaaS VM Instance, Per Month$283.00L503

Service Request NameLink
Native Services
To submit a Case/Request for CAMC Cloud Native Services, please complete a CAMC Native Services request.		Order Cloud Native Services
Cloud Linux Services
Submit a Case/Request for a new server or server environment or changes to an existing environment.		Order Cloud Linux Services
Cloud Windows
Submit a service request for a new server or server environment.		Order Cloud Windows Services

Why do I need to use the Linux server build catalog item to request Native Services?

  • We do not have a catalog item for Native Services yet. This is being designed now.

Do I need to go through the Enterprise Service Delivery (ESD) process for these builds?

  • We have set up a modified ESD process for Cloud requests.

How long will it take to build my services in the cloud?

  • Generally, it takes a couple of days to have a scoping meeting to determine your needs and then build to those specifications.

How do I get billed for Cloud Services?

  • All Cloud Provider charges incurred are pass-through charges on your bill. Support charges will be added according to the services chosen.

What group inside CDT will support my services?

  • Not only do you have a cross-functional matrix team to help design, scope, and build your resources, this team along with the Platform teams will support your environment.

Service Level Objectives (SLO) – California Managed Cloud (CAMC) Public Cloud Native Services – AWS

For CAMC Linux Platform Service SLOs, select the “SLO” Tab from this page: Platform-Linux – CDT Services (ca.gov)

For CAMC Windows Platform Service SLOs, select the “SLO” Tab from this page: Platform-Windows – CDT Services (ca.gov)

CAMC Native Services SLOs are as follows:

Service OptionFulfillment Timeframe SLONotes/Dependencies
New95% within 21 Calendar Days

Dependencies/Assumptions (applies to all new/modify/discontinue requests)


  • Customer submission of accurate information and documentation

  • Account Creation is for a single AWS account


    • Process includes:

  • Customer Initiates Request – 2 Days

  • Customer submits request with all account and user information


  • CDT Cloud Review – 4 Days

  • Cloud Team receives, reviews, and gathers additional information (if needed); once finalized, Cloud Team creates AWS account and configures standard Services (CloudTrail logs, Billing Roles) and user accounts

  • CDT Billing (User creation/SAML Federation) – 15 Days

  • CDT receives and reviews request

  • CDT schedules working session to add SAML Federation or creates users

  • CDT Submits request for Enterprise Support be added to the AWS account

Modify95% within 65 Calendar Days

Dependencies/Assumptions (applies to all add, change, and delete requests)


  • Customer submission of accurate information and documentation

  • Account modify is for a single AWS account



    • Process includes:

  • Customer Initiates Request - 2 Days

  • Customer submits request with all account and user information


  • CDT Cloud Review – 3 Days

  • Cloud Team receives, reviews, and gathers additional information (if needed); once finalized, Cloud Team initiates AWS move with Reseller which can only occur at the end of month

  • AWS Account Transfer – 45 Days

  • Letter of Agreement signed by former Reseller/Service owner and sent to AWS to migrate the AWS account (must be signed and received within 10 business days of end of month or it will be pushed to the following month)

  • CDT Submits request for Enterprise Support be added to the AWS account


  • CDT Billing (User creation/SAML Federation) – 15 Days

  • CDT receives and reviews request

  • CDT schedules working session to add SAML Federation or creates users

  • CDT utilizes AWS Root user to suspend the account. Billing charges cease, account remains suspended for 90 days before being deleted
Decommission95% within 20 Days
(Remove from monthly billing invoice)

Dependencies/Assumptions (applies to all new/modify/discontinue requests):


  • Customer submission of accurate information and documentation

  • Account Creation is for a single AWS Account


    • Process includes:

  • Customer Initiates Request - 2 Days

  • Customer submits request with all account and user information


  • CDT Cloud Review – 3 Days

  • Cloud Team receives, reviews, and gathers additional information (if needed); once finalized, Cloud Team decommissions AWS account and removes standard Services (CloudTrail logs, Billing Roles) and user accounts

  • CDT Billing (User/SAML Federation Removal) – 15 Days

  • CDT receives and reviews request

  • CDT schedules working session to remove SAML Federation or delete users if this is the only remaining AWS account on contract

  • CDT utilizes AWS Root user to suspend the account. Billing charges cease, account remains suspended for 90 days before being deleted