ARC-P

FedRAMP High Cloud for the Government Community.

The ARC-P system is a FedRAMP High JAB accredited IaaS (Infrastructure as a Service) platform which provides elastic, on demand provisioning of virtual machines. The ARC-P system provides an IaaS cloud platform in government community, government private, and hybrid deployment models, allowing repeatable, secure and on-demand delivery of infrastructure services to the government user community.

About ARC-P

The ARC-P cloud solution consists of a set of shared orchestration tools located at two geographically separate data centers within the ARC-P boundary. This architecture supports individual availability zones specifically designated for Federal and DoD Mission Partners. The ability to size, scale, and implement virtual machines greatly reduces operational cost and procurement times. The combination of these mandates with the ARC-P system allows the government to meet its goals of agile computing, generating fiscal savings and increasing utilization of federal IT platforms.

GDIT’s ARC-P platform is proud to offer a variety of services to meet the IT computing needs of our Federal and DoD customers. Within the scope of our offerings we provide Infrastructure as a Service (IaaS), Backup as a Service (BUaaS), Platform as a Service (ARCWRX/PaaS), as well as a dedicated hosts.

ARC-P also provides a dedicated Department of Defense (DoD) private community cloud, milCloud® 2.0, for hosting Impact Level 5 (IL5) and Impact Level 6 (IL6) systems*.

First - to authorize FedRAMP JAB High VMWare IaaS and FedRAMP JAB ATO in 201

Among the first three FedRAMP High ATO’s (FedRAMP JAB ATO in 2016)

First - to offer on-demand multi-tenant native VMware cloud

Powered by the latest technology.

ARC-P utilizes vCloud Director which provides customer access to their Virtual Machines, as well as the full range of core functionality necessary to build and manage their cloud environment.

Ready to learn more about the benefits of VMware Cloud Director?

ARC-P Standard VMs

• Contains same t-shirt size configurations (vCPU/vGB)
• T-shirt sizes in vCD are established by using Virtual Data Center (VDC) Compute policies to restrict memory/CPU combinations that are available for tenant use
• Operating Systems (OSs) include: Windows 2012/2016/2019, RHEL 6/7, Cent OS 6/7, and no OS
• Includes a 24vCPU series configuration to allow for higher compute options

The cloud management layer is the top layer of the stack. Service consumption occurs at this layer. This layer requests resources and orchestrates the actions of the lower layers from a user interface or application programming interface (API). The cloud management platform is represented by vCloud Director (vCD).

Orchestration

• vCloud Director (vCD) orchestrates the provisioning of VMs on vSphere and creates software-defined networks on NSX
• vRealize Orchestrator (vRO) is another key orchestration tool which allows for the creation of custom services made available through the service library within vCD.

Infrastructure as a Service (IaaS)

• Core infrastructure components include CPU, memory, storage, and network.
• Pools of these resources are created and managed by ARC-P on which tenant VMs are deployed
• Resource utilization is tracked for usage-based billing

Backup as a Service (BUaaS)

• Provides the capability of assigning backup policies to VMs, backing up on demand, and restoring on demand
• Will support full system backups using Rubrik
• Backup/restore actions will be available directly from the vCD Tenant Portal

Disaster Recovery as a Service (DRaaS)

• Tenants have control of site-to-site migration and failover tasks
• In the event of a site failure, tenant VMs can be restored at the alternate site

Self-Service

• Provides access for users to VMs and services from the service catalog
• Used for administrative access to perform administrative tasks such as configuring users, defining services and catalog items, virtualization compute reservations, approval groups, and policies

The virtual infrastructure layer controls the access to the underlying physical infrastructure, and controls and allocates resources to the management and tenant workloads. The management workloads consist of elements in the virtual infrastructure layer, itself, together with elements in the cloud management, business continuity, and security layers.

Hypervisor

• Runs on physical servers and provides compute resources to multiple guest VMs
• Capable of live VM migrations across hypervisor hosts
• Supports automated failover of VMs in the event of a hardware failover

Monitoring

• Supports monitoring the underlying physical infrastructure, virtual management, and tenant workloads in real time
• Information collected in the form of structured data (metrics) and unstructured data (logs)
• vRealize Operations (VROps) provides the tenant with advanced metrics and overview of system health

Software Defined Networking (SDN)

• Easily deploy secure networks on demand with SDN via VMware’s NSX
• With SDN, the physical network serves as the data plane with software controllers determining where and when traffic is sent

Resource Pooling

• Aggregates all resources from attached infrastructures and provides larger pools of compute, network, and storage resources
• Consumption of these resources is policy-based
• Provides tenant with granular control of VM performance based on workload requirements

ARC-P systems has an accredited design focused on critical security standards. A secure design reduces risk and increases compliance while providing a governance structure. The security layer outlines the operations and setup required to implement a Software-Defined Data Center (SDDC) that is resilient to both internal and external threats. Security services provide access restrictions for users and services accessing the cloud. Security services are also responsible for preventing unauthorized intrusion or manipulation from the outside or within the cloud. The customer is responsible for environmental compliance and authorization.

DISA STIG Compliance

• ARC-P systems follow applicable DISA Security Technical Implementation Guides (STIGs)
• In addition to DISA STIG compliance, ARC-P systems are hardened using vendor security hardening recommendations, and all systems follow foundational security principles
• System compliance is enforced and verified on a continuous basis

NIST 800-53 Controls

• All components of the Physical Resource, Virtual Infrastructure, and Cloud Management layers satisfy security controls outlined as part of the FedRAMP and NIST-800-53 High Baselines

Configuration Management

• ARC-P System compliance and settings are validated using configuration management
• If a server drifts from the pre-established configuration baseline, automated correction actions take place to ensure standardization and compliance; this includes security hardening settings identified in DISA STIGs or vendor security guidance
• The ARC-P Orchestration Manager performs automated checks and remediation actions

Vulnerability Scanning

• All systems are scanned regularly for vulnerabilities, and regular risk assessments are conducted
• Corrective actions are taken to resolve findings as needed
• Regularly scheduled patch and maintenance activities are carried out to remediate findings
• All systems are scanned continuously for new vulnerabilities by the ARC-P Vulnerability Scanner suite

Security Control Inheritance

Tenants can inherit 50+ NIST 800-53 controls with the base IaaS package, including but not limited to physical and environmental and media protection security controls. For a full list of inheritable controls, contact us.