AVANADE UK LIMITED

Avanade Hybrid Cloud Services

Avanade’s Hybrid Cloud Services leverages our deep experience in Microsoft Azure and combines it with Avanade Private Cloud. Customers can combine Azure with a fully managed Private Cloud Service in Avanade’s datacentres or managed hybrid cloud in the customer’s datacentre using Azure Stack Hub, Azure Stack HCI/Windows Server HCI.

Features

• Fully managed Hybrid Infrastructure Service
• Option to use Avanade’s multi-tenant Private Cloud
• Infrastructure as a Service with Azure Stack (Hub/HCI)/Windows Server HCI
• Low latency connectivity
• Secure and regulatory compliance for cloud services
• Hybrid connectivity and hosting
• Flexible scaling and deployment options
• Migration services from existing datacentres to Avanade’s Hybrid Cloud

Benefits

• Harness the power of Azure in your data centre/ours
• Pay for what you use subscription model
• Secure cloud-based service
• Accelerate data centre exit for your non-cloud applications
• Ongoing optimisation and transformation to public Azure over time
• Expertise: 60,000+ Microsoft certifications and 18 Microsoft Gold competencies
• Comprehensive end to end capability across Microsoft cloud offerings
• Shared service model utilising onshore/nearshore/offshore capabilities

£325 to £2,400 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.hps.support@avanade.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

408312377713815

Contact

Paul Marsh
02070251000
uk.hps.support@avanade.com

Service scope

• Service constraints: Avanade manages the overall available capacity based on existing requirements to control infrastructure spend within the cloud service.; Our compliance programs require software and operating system vulnerability remediation as part of the service.; ; Avanade utilises HP hardware for its Private Cloud services.
• System requirements:
  • OS-licenses can be included however might incur additional costs
  • Database and application licenses must be supplied by the client
  • Vendor maintenance agreements are held and managed by Avanade
  • The standard support model is global.
  • Virtual Private Cloud is only available in pre-defined locations
  • Data hosting restrictions should be known prior to enabling service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This would be dependent on the client requirements and agreed ‘response’ service level agreement (SLA). We operate a number of different bespoke SLA models across our client base.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Avanade can develop and deploy chatbots powered by Artificial Intelligence (AI) that can provide online web chat support (requirements dependent) at an additional cost. Avanade also utilise Microsoft Teams which can be another means of support but is reliant upon the customer also using a Microsoft Teams solution.
• Onsite support: Yes, at extra cost
• Support levels: Support services are flexible options available to our clients and can be agreed at the time of negotiation. We have three areas of contact: Email, Phone, and online self-service. This is a standard support service which is shared across multiple clients. Every organisation will have a technical account manager assigned. If you require dedicated support or support from specific locations, this will be at an extra cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Avanade will provide the needed introductions to the Avanade Hybrid Cloud service by conducting introductory training sessions with designated personnel. This will be conducted virtually and provided guidance for additional supporting documentation online.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Avanade has a comprehensive cloud migration service where we can assist in migrating the data under contract to a secondary location.
• End-of-contract process: The Avanade Hybrid Cloud service includes a managed operating system for the client. This would include break/fix, security patching, vulnerability management. Avanade has the ability to provide additional security, application or business processing services on top of the Avanade Hybrid Cloud Service for additional costs.

Using the service

• Web browser interface: Yes
• Using the web interface: Microsoft provides a public facing web interface for admiration.; ; Avanade doesn't provide a public facing web interface for Private cloud services hosted in Avanade Datacentres.; ; Private cloud services that are deployed into client Datacentres have a Microsoft web interface that can be used to access and manage infrastructure.; ; For details on Microsoft web interface, please refer to the publicly available documentation from Microsoft.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The Web interface is a role based access solution. Clients are configured and upon approved access control lists are granted access to the client portfolio established in the Public cloud service.
• Web interface accessibility testing: A standard service readiness test is performance per release to ensure service is functional with each sprint release.
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: We operate in an N+1 capacity model to ensure available capacity to support the provisioned workloads within the system. Along with this, we restrict over provisioning and have specific proactive thresholds set in our monitoring service to capture reorder points based on demand.; Finally, we actively monitor the service to rightsize virtual machines, including when they are under-utlised to optimize the costs.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual Machines
  • Databases
  • Archives
• Backup controls: Standard schedules are pre-defined at server deployment based on workload type, and then adhoc requests are handled via ticket process to adjust the schedule.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: For infrastructure up-time running on the Private cloud, as long as the service is configured to Avanade recommendations, availability up-time target will be 99.95% availability target. ; ; For Public cloud, the client will need to refer to the Microsoft service description documentation (publicly available).; ; Individual application and end-to-end service availability is subjected to the architecture and dependent services of those applications.; ; Service SLAs can be agreed in the contracting phase with Avanade.
• Approach to resilience: Available on request.
• Outage reporting: Monitoring alert on infrastructure and application failure output to ServiceNow and logs ticket;; Incidents raised by vendors/end-users in ServiceNow;; Email notifications to the identified stakeholders of the critical incidents;; Collaboration with client's major incident process, where available; Summary of outages in ServiceNow reports.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted to the management interfaces both by network firewalls and role based restrictions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DEKRA Certification, Inc.
• ISO/IEC 27001 accreditation date: 24/02/2021
• What the ISO/IEC 27001 doesn’t cover: Avanade certification covers - Information services, information systems, personnel, and data associated with or supported by Avanade’s internal corporate functions, Avanade’s Client Data Protection (CDP) program, and Avanade's Cloud Managed Services (CMS) business unit. Other areas of the certification are not under Avanade's certification scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Avanade aligns the security for the Hybrid Cloud Service to the global policies of the organisation. Included within those policies are specific guidelines for identifying, reporting, and tracking security related tasks. This is then reviewed by an internal audit and compliance team, and audited by a third party annually.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The ITIL based change management processes and procedures are managed at the infrastructure level and recommended to the application and business users leveraging the service. This process ensures specific reviews in the process for technical, business and service approvals throughout the process culminating in a change approval board approval.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Avanade service leverages third party scanning tools to assist in identifying vulnerabilities within the environment. Scans are scheduled based on specific targeted services and results assessed based on risk and impact. Based on the assessment, the vulnerabilities identified are classified and scheduled for remediation depending on the risk.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring starts with the Intrusion Detection Service, and flows through our service through several monitoring tools and processes in the service.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management is a process defined to ensure service is restored to a predefined standard of service. This is managed with the monitoring tools deployed as part of the service and leverages inputs from both Users as well as technology to maintain the standard service. Based on the severity of the incident, incident reports are provided with root cause analysis to the identified stakeholders.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Avanade provides a solution that offers Software defined networking that enables clients to run on separate network layers within the same hardware.; This coupled with role-based access provides assurance that organisations sharing the same infrastructure are kept apart.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Avanade has several global programs focused on energy conservation for the company. Along with these programs within our datacentres, we ; leverage the HP Greenlake service. This service accelerates sustainable digital transformation, offering efficient IT solutions to decrease the energy consumption and carbon footprint of digital infrastructure. ; ; The as-a-service offering, delivers energy savings through a consumption-based IT model that is aligned to capacity usage.; ; For the datacentre space as well, periodic reviews are conducted to ensure optimal cooling is in place and hot spots are addressed through approved datacentre solutions.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  "Avanade is committed to working with our clients to deliver measured outcomes across all Social Value Themes. ; ; Avanade is an expert and leading firm in Social Value, including in certifications, partnerships, compliance across mandatory and voluntary targets and having delivered/ currently running various successful initiatives internally and for our clients.; ; You can read more about Avanade's position as a responsible business here: https://www.avanade.com/en/about-avanade/story/responsible-business"

  Covid-19 recovery

  "Avanade is committed to working with our clients to deliver measured outcomes across all Social Value Themes. ; ; Avanade is an expert and leading firm in Social Value, including in certifications, partnerships, compliance across mandatory and voluntary targets and having delivered/ currently running various successful initiatives internally and for our clients.; ; You can read more about Avanade's position as a responsible business here: https://www.avanade.com/en/about-avanade/story/responsible-business"

  Tackling economic inequality

  "Avanade is committed to working with our clients to deliver measured outcomes across all Social Value Themes. ; ; Avanade is an expert and leading firm in Social Value, including in certifications, partnerships, compliance across mandatory and voluntary targets and having delivered/ currently running various successful initiatives internally and for our clients.; ; You can read more about Avanade's position as a responsible business here: https://www.avanade.com/en/about-avanade/story/responsible-business"

  Equal opportunity

  "Avanade is committed to working with our clients to deliver measured outcomes across all Social Value Themes. ; ; Avanade is an expert and leading firm in Social Value, including in certifications, partnerships, compliance across mandatory and voluntary targets and having delivered/ currently running various successful initiatives internally and for our clients.; ; You can read more about Avanade's position as a responsible business here: https://www.avanade.com/en/about-avanade/story/responsible-business"

  Wellbeing

  "Avanade is committed to working with our clients to deliver measured outcomes across all Social Value Themes. ; ; Avanade is an expert and leading firm in Social Value, including in certifications, partnerships, compliance across mandatory and voluntary targets and having delivered/ currently running various successful initiatives internally and for our clients.; ; You can read more about Avanade's position as a responsible business here: https://www.avanade.com/en/about-avanade/story/responsible-business"

Pricing

• Price: £325 to £2,400 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.hps.support@avanade.com. Tell them what format you need. It will help if you say what assistive technology you use.