Click on question to show or hide answer.

Financial

Agencies will be billed using the normal invoicing process. Cloud services will appear on their invoice just like any other service.

There are two components to the rate structure. The first component is a fixed month rate that is similar in concept to the type of server rates agencies currently get charged. This rate is charged at the instance level. There is also a one-time set up fee. The second component is a consumption based rate. Charges from AWS, Azure, and OCI will receive a mark-up from VITA and passed on to the customer.

The same process currently used for addressing invoice questions and disputes should be used for cloud services.

There are defined billing triggers that outline when charges show up on a customer bill. Billing triggers are defined by Unisys and documented/implemented by our multisupplier integrator, Science Applications International Corporation (SAIC). SAIC and Unisys will collaborate to determine and document billing triggers so SACM can implement them. Without these triggers, we can't invoice or bill out charges.

VITA finance will work with the Department of Planning Budget (DPB) to align and set expectations around appropriations.

Security

VITA provides cyberliability insurance for data in the commonwealth data center; Cloud data will be handled in a similar way.

Agencies will have some restrictions on rights within their cloud environment as they do within the enterprise private cloud.

Yes.

As stated in the Hosted Environment Information Security Standard (SEC525-03.1), externally provided services and safeguards used in the electronic transmission or storing of commonwealth and/or citizen data must be risk assessed and security and interoperability must be maintained across all relevant state/national services.

The Code of Virginia §2-2.2009 states the requirement: "To provide for the security of state government electronic information from unauthorized uses, intrusions or other security threats, the CIO shall direct the development of policies, standards, and guidelines for assessing security risks, determining the appropriate security measures and performing security audits of government electronic information. …" Non-compliance would be in direct violation of the associated Code of Virginia.

Current privileges are aligned to future capabilities in the cloud environments.

Monitoring workloads

VITA is currently working to implement this functionality.

VITA is considering the need for this service.

Autoscaling of cloud storage will be part of the service offerings.

Yes, by setting thresholds in data consumption.

Yes, there are continuous improvements being made to the services offered, which could lower costs. Recommendations for modifying your service option will be made to agencies periodically.

Business Readiness

We are currently working to identify a timeline for delivery of these services.

At the commonwealth level, no. However, additional requirements should be included in your considerations, i.e. federal requirements.

There will be an initial network charge to connect to a cloud environment.

If a SaaS solution is being used, yes. Otherwise, VITA provided services (private cloud, AWS, Azure, and Oracle) must be used.

Yes, this information will be available at a later date.

VITA wants to avoid any extra costs that could be incurred by the agencies.

Yes, through the VITA service portal.

Yes, each cloud service provider offers a similar set of services.

Yes, development and production environments can be different sizes.