TRUSTMARQUE AZURE KUBERNETES SERVICE ON AZURE STACK HCI
On-premises implementation of the popular Azure Kubernetes Service (AKS) orchestrator.
Features
- Automates running containerised applications at scale.
- Available on Azure Stack HCI and on Windows Server.
- Provided by Microsoft Gold Partner
Benefits
- Quickly start hosting Linux and Windows containers in your datacenter.
Pricing
£1.06 a unit a day
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at tenders@trustmarque.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
4 0 8 5 3 4 2 6 5 9 0 9 7 2 5
Contact
Trustmarque Solutions Limited
Darren Moyes
Telephone: 01904 934435
Email: tenders@trustmarque.com
Service scope
- Service constraints
- See https://docs.microsoft.com/en-gb/azure/ to determine applicable constraints based on buyers requirements
- System requirements
- See https://docs.microsoft.com/en-gb/azure/
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- See https://azure.microsoft.com/en-gb/support/plans/
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- For questions about accessibility with enterprise or commercial products, please visit the enterprise Disability Answer Desk.
- Web chat accessibility testing
- For questions about accessibility with enterprise or commercial products, please visit the enterprise Disability Answer Desk.
- Onsite support
- No
- Support levels
- See https://azure.microsoft.com/en-gb/support/plans/
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- See https://docs.microsoft.com/en-us/azure-stack/hci/get-started
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Customer are able to remove their data at any time.
- End-of-contract process
- Microsoft is governed by strict standards and removes cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. https://www.microsoft.com/en-gb/trust-center/privacy/data-management?rtc=1
Using the service
- Web browser interface
- Yes
- Using the web interface
- See: https://azure.microsoft.com/en-gb/features/azure-portal/
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- https://www.microsoft.com/en-us/accessibility/
- API
- Yes
- What users can and can't do using the API
- See: https://docs.microsoft.com/en-us/rest/api/stackhci/
- API automation tools
-
- Ansible
- Chef
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Command line interface
- Yes
- Command line interface compatibility
- Windows
- Using the command line interface
- The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation. https://docs.microsoft.com/en-us/cli/azure/?msclkid=2b50e70aa91311ec9b84e2bb2e192699
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- The service runs on premise in your data centre and is solely for your use.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
- Performance logs
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Never
- Protecting data at rest
- Other
- Other data at rest protection approach
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skillsets.
The customer is responsive for protecting their own data in their data centres, running on azure Stack HCI. - Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- No
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skill sets.
Data does not move between networks. - Data protection within supplier network
- Other
- Other protection within supplier network
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skillsets.
Customer data stays on their own network.
Availability and resilience
- Guaranteed availability
- The subscription service offers the host operating system software. Availability would be determined by the hardware that the customer choses to underpin the Azure Stack HCI Software.
- Approach to resilience
-
Storage Spaces Direct provides fault tolerance, often called "resiliency," for your data. Its implementation is similar to RAID, except distributed across servers and implemented in software.
As with RAID, there are a few different ways Storage Spaces can do this, which make different tradeoffs between fault tolerance, storage efficiency, and compute complexity. These broadly fall into two categories: "mirroring" and "parity," the latter sometimes called "erasure coding." - Outage reporting
- Azure Stack HCI Clusters can be managed by Azure Portal, Azure Stack HCI Insights (preview 05/22) or Windows Admin Centre. All of these can alert on outages.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Username or password
- Other
- Other user authentication
-
Azure Active Directory is Microsoft’s multi-tenant cloud based directory and identity management service. Azure-AD includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods?msclkid=b2a138a1a92d11ec918375623c320dc1 - Access restrictions in management interfaces and support channels
- Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
- Access restriction testing frequency
- Never
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
-
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
For more information: https://docs.microsoft.com/en-gb/azure/role-based-access-control/overview - Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 01/01/2022
- What the ISO/IEC 27001 doesn’t cover
- Please see https://docs.microsoft.com/en-gb/compliance/regulatory/offering-ISO-27001?view=o365-worldwide
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 12/02/2019
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Coalfire Systems Inc
- PCI DSS accreditation date
- 01/11/2017
- What the PCI DSS doesn’t cover
- Service Scope is identified here http://aka.ms/azure-pci
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- FACT
- FedRamp
- NIST 800-171
- FIPS 140-2
- CCSL (IRAP)
- ENISA IAF
- CDSA
- ISO 27001 , 27017, 27018, 22301, 9001
- SOC 1, SOC 2, SOC 3
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- No
- Security governance approach
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skillsets.
Security governance approach would be determined by the customer. - Information security policies and processes
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skillsets.
Security policies and processes would be determined by the customer.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skillsets.
The configuration and change management approach would be determined by the customer. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
Azure Stack HCI is a hyperconverged infrastructure host from Microsoft – delivered as an Azure hybrid service. Run Windows and Linux virtual machines on-premises on a host platform that is IT-friendly and is managed by you with existing tools, processes and skillsets.
The vulnerability management process would be determined by the customer. - Protective monitoring type
- Undisclosed
- Protective monitoring approach
- The protective monitoring processes would be determined by the customer.
- Incident management type
- Undisclosed
- Incident management approach
- The incident management processes would be determined by the customer.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Hyper-V
- How shared infrastructure is kept separate
- Different organisations do not share the same infrastructure unless the customer choses to do so themselves.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Please see https://www.microsoft.com/en-us/corporate-responsibility/sustainability
Social Value
- Fighting climate change
-
Fighting climate change
Trustmarque's Environmental Policy and Carbon Reduction Plan include delivering and supporting actions on reducing our carbon footprint and our impact on climate change. Our policies include 'Virtual First 'meetings, energy reduction plans, flexible working. Please contact Trustmarque to discuss the provision of Social Value. Any Social Value deliverable must be agreed with Trustmarque and be proportionate to the contract value and deliverables. - Covid-19 recovery
-
Covid-19 recovery
Trustmarque can provide re-training for those left unemployed by Covid-19 through skills training, CV and interview workshops. Please contact Trustmarque to discuss the provision of Social Value. Any Social Value deliverable must be agreed with Trustmarque and be proportionate to the contract value and deliverables. - Tackling economic inequality
-
Tackling economic inequality
Trustmarque tackles economic inequality through operating a diverse supply chain including a large number of SMEs and micro businesses. Our access to a broad range of suppliers ensures both resilience and capacity. Trustmarque is also continuously refining our supply chain to meet the ever-changing needs of our customers and to ensure we can always offer the best solution through capability, capacity and resilience at the best price. Our vendor agnostic approach among suppliers allows us to support innovation and disruptive technologies to deliver lower cost and/or higher quality goods and services to customers. Please contact Trustmarque to discuss the provision of Social Value. Any Social Value deliverable must be agreed with Trustmarque and be proportionate to the contract value and deliverables. - Equal opportunity
-
Equal opportunity
Trustmarque operates an Equal Opportunities policy that outlines our commitments including creating a workforce that reflects the diversity of our communities. Other initiatives include supporting disabled people to develop skills and supporting in-work progression. Please contact Trustmarque to discuss the provision of Social Value. Any Social Value deliverable must be agreed with Trustmarque and be proportionate to the contract value and deliverables. - Wellbeing
-
Wellbeing
We align our approach to mental wellbeing to the six standards in the Mental Health at Work commitment, including staff work and wellbeing sessions, flexible working, speak-up policy, etc. Please contact Trustmarque to discuss the provision of Social Value. Any Social Value deliverable must be agreed with Trustmarque and be proportionate to the contract value and deliverables.
Pricing
- Price
- £1.06 a unit a day
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Install Azure Stack HCI software with free 60-day trial built-in on new or repurposed hardware (must match capability of a solution in Azure Stack HCI catalogue).
- Link to free trial
- https://azure.microsoft.com/en-gb/products/azure-stack/hci/hci-download/
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at tenders@trustmarque.com.
Tell them what format you need. It will help if you say what assistive technology you use.