INNOVALAB LIMITED

Azure cloud hosting services

Microsoft azure cloud hosting and infrastructure services including application hosting, security, networking, devops, IOC, ETL, data analytics and more

Features

• App service hosting using docker and kubernetes (AKS)
• sql server, postgres, nosql expertease
• Microsoft azure platform experts (AZ-104 Azure Administrators)
• CICD using azure devops (and github with github actions)
• ETL and data warehousing (azure data factory, databricks, datalake)
• Infrastructure as code
• Security and networking (WAF, azure gateway, vnet, bastion)
• Service bus and other highly available messaging services
• Compute including VM provisioning, serverless functions and app services
• Single sign on and multi factor auth (azure active directory)

Benefits

• Managed CICD for robust and continuous application delivery
• Wide breadth of azure platform expertise
• Manage relational and non relational data
• Highly scalable, price conscious hosting of apps and serverless compute

£550.00 to £1,210.00 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james@innovalab.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

157265251029899

Contact

James Christianson
07915720175
james@innovalab.co.uk

Service scope

• Service constraints: We are experts in azure cloud, we typically do not work with AWS or GoogleCloud although limited support is available.
• System requirements: Applications should be compatible with azure

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times depends on the service agreement but can typically we respond to tickets within 2 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use Microsoft teams and slack which provide messaging and calls
• Web chat accessibility testing: We us MS teams because it allows users to customize the reading and viewing experience for different visual and cognitive needs
• Onsite support: Onsite support
• Support levels: We provide scalable service desk support starting at £710pd (140h per month) for first line cloud support engineer. ; ; Our technical account manager rate rate is £1200/pd as required
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a fully managed azure cloud service that does not require user onboarding. However, where developers and other users require access to azure services managed by us we can proved onsite or online training and demos.
• Service documentation: No
• End-of-contract data extraction: Typically an azure subscription or code repository will be owned by the service users. In this scenario all data is owned by and can be maintain or extracted at their convenience.
• End-of-contract process: The azure service subscriptions are handed over to the end user at no additional cost for them to maintain at their discretion.

Using the service

• Web browser interface: Yes
• Using the web interface: Using the azure portal users have role based access to all features at the as required.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: We use Microsoft products which are highly accessible and have a dedicated and ongoing commitment to accessibility.
• API: Yes
• What users can and can't do using the API: Azure and its services are fully configurable through a numebr of management APIs
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: A description of the use cases of the cli tool can be found here: https://docs.microsoft.com/en-us/cli/azure/

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Our cloud hosting services are automatically vertically and horizontally scalable. This is achieved through load balancing and app service service scaling. Depending on user requirements we test service response times based on user load and can tailor the level of scaling and compute power to optimise cost and performance.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Any other custom application metric
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Objects (blob storage)
  • Relational data (sql) and document collections (nosql)
  • Code and infrastructure
  • Virtual machines
• Backup controls: Backups are typically automatic, geo-redundant and can be scheduled.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Data is protected through azure vnet, bastion and ip whitelisting.
• Data protection within supplier network: Other
• Other protection within supplier network: Azure WAF, bastion, vnet.

Availability and resilience

• Guaranteed availability: SLAs vary and depend on the services used. Typically service uptime is greater than 99.5%.
• Approach to resilience: We use Microsoft azure which allows us to provide industry leading uptime for our users. SLA figures for all services can be found here: https://azure.microsoft.com/en-gb/support/legal/sla/
• Outage reporting: Services are monitored using Azure Monitor, an extensive monitoring system that allows us and our users to view, analyse and alert system outages and health.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to services is roles based and managed in the azure subscription.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ISO 9001:2015
• Information security policies and processes: We are ISO 9001:2015 certified.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We practice infrastructure as code which allows us to manage the services we build using a cloud code repository. Along with a well defined code change and release management process we track, test and peer review all service updates and changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform third party penetration tests as required by the service user.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a suite of Azure security monitoring tools to identify and track possible threats, including Microsoft Sentinel and Azure DDoS Protection
• Incident management type: Supplier-defined controls
• Incident management approach: 5

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  InnovaLab is passionate about reducing our impact on climate change. We are committed to a policy of remote working to reduce our transportation emissions, our office is paperless and we empower our employees to find ways of saving energy in their working life.
• Covid-19 recovery:

  Covid-19 recovery

  We have a policy of remote working and flexible hours enabling our employees to shield and recover at home.
• Tackling economic inequality:

  Tackling economic inequality

  Innovalab is an equal opportunities employer and all employees and contractors are paid well over the national living wage.

Pricing

• Price: £550.00 to £1,210.00 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james@innovalab.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.