NETBUILDER DIGITAL LTD

Azure Managed Infrastructure

NETbuilder provides Microsoft Azure professional services from strategy through platform build, maintenance and support to live service deployment on Azure infrastructure. Our experts help advise, manage, design and deliver integrated Azure work packages or end-to-end solutions.

Features

• Support design of cloud architecture and infrastructures on Azure
• Support private cloud hosting in secured facilities
• Provide fully redundant and resilient cloud infrastructures built on Azure
• Support flexible and scalable storage, network, monitoring and backup services
• Provide industry experts cloud implementation support for your Azure initiatives
• Automate code testing, deployment processes and CI / CD infrastructure
• Support Azure Virtual Machines, Active Directory, VPN Gateway, Security Center
• Support Azure Government, RemoteApp, Storage, StorSimple, BackupAzure
• Support Azure Site Recovery, CDN, SQL Database, Azure DocumentDB
• Support Azure Key Vault, API Management, Azure Automation, Virtual Network

Benefits

• Deliver operational cloud stacks at speed
• Facilitate platform maturity enhancement and speed up your cloud transformation
• Best-in-class implementation for cloud platform hosting applications
• Reduce time to market, overall costs, focus on engaging customers
• Relieve IT staff of day-to-day operational and management activities
• Flexible system configurations based on needs with automated cloud infrastructure
• Add flexibility to your Azure cloud initiatives
• Improve security posture and minimise cyber security risks

£300 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxwell.ashley@netbuilder.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

445725789992487

Contact

Maxwell Ashley
07481 758650
maxwell.ashley@netbuilder.com

Service scope

• Service constraints: The customer is responsible for, and remains liable for ensuring that their licensing is compliant with deployment in a virtualised cloud environment.; ; The customer is responsible for complying with the Azure service agreement and terms. This can be found at https://azure.microsoft.com/en-gb/support/legal/
• System requirements:
  • Operating systems must be x86 based.
  • Operating systems must not be end of support
  • Legacy environments will require an audit prior to acceptance

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: NETbuilder provide prioritised support services for the Managed Services, to be accessed by the Customer’s Technical Support Contacts 24 hours a day, 7 days a week (each such request a “Service Request” or an “Incident” or a “Change Request”) according to an agreed set of Response Times for each service request type and priority level.; ; Indicative response times:; ; • P1 Highest Severity Incident - 15 minute response; • P2 High Severity Incident - 1 hour; • P3 Medium Severity Incident - 2 hours; • P4 Low Severity Incident - 4 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our Production Support offering ensures that the customer’s technology estate is operational whilst providing them with significant autonomy in daily application and business operations. Production customers are assisted with a self-service portal that makes it easy to request help, search knowledgeable content and track progress on issues, and by the NETbuilder Technical Support team composed of service desk agents and a named Service Delivery Manager (SDM) primarily tasked with system maintenance, security, health reporting and monitoring on a 24x7 basis.; ; Our Enterprise Support offering builds on Production Support and is a premium full-service package developed with the goal of empowering customer teams to focus on their core business and deliver effectively at scale. This offering entitles the customer to a single point of contact with NETbuilder; the Technical Account Manager (TAM), a highly skilled professional proactively supporting the customer during deployment time and production related activities, while ensuring the ongoing maintenance and management of the technology stack. The TAM meets regularly with the customer and can assist with activities such as performance tuning, configuration and planning.; ; Pricing of the Managed Service is determined on a case by case basis dependent upon the service offering, service level agreements and customer requirements.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: NETbuilder's service setup and onboarding process consists of several steps:; ; Introduction; ; • Visit the customer to meet the team and perform initial introductions; • Provide an overview of the Managed Service; • Formulate a plan for the next steps; ; Discovery; ; • Run an initial discovery phase in which we review and validate the scope of the service with the business and technical stakeholders; • Create an inventory of the resources to support; • Review existing security controls and processes; • Perform any necessary knowledge transfer; • Define a service catalogue with associated SLAs; • Review of resources and costs required for the managed service; ; On-Boarding; ; • Provision the support, networking and monitoring services; • Implement quality controls; • Check integration points; • Integrate to the customer business process; • Trial run end-to-end key use cases and live incidents; • Start preparing initial knowledge base and relevant run books; • Implement relevant security controls and processes; ; Transition; ; • Switch to the new support service; • Check hands for an official start; • Provide/receive frequent feedback and reporting for a defined period; ; Maintenance and Support; ; • Proactively support and maintain managed service resources; • Provide service level reports with KPIs
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Customer instances and data can be transferred to the customer and source instance/data deleted upon completion. This transfer is included within the managed service cost.
• End-of-contract process: A high level exit plan is contained within the Managed Service documentation. The exit plan contains off-boarding instructions as to whether the service is to be ceased or migrated to another third party.

Using the service

• Web browser interface: Yes
• Using the web interface: The AWS management console interface lets you access and manage AWS through a simple and intuitive web-based user interface. Access rights and levels of access are determined depending upon the specific AWS managed service that will be procured.; ; The Console facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users.; ; All IaaS AWS administration, management, and access functions in the AWS Console are available in the AWS API and CLI. New AWS IaaS features and services provide full AWS Console functionality through the API and CLI at launch or within 180 days of launch
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The AWS management console interface lets you access and manage AWS through a simple and intuitive web-based user interface. Access rights and levels of access are determined depending upon the specific AWS managed service that will be procured.; ; The Console facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users.; ; All IaaS AWS administration, management, and access functions in the AWS Console are available in the AWS API and CLI. New AWS IaaS features and services provide full AWS Console functionality through the API and CLI at launch or within 180 days of launch
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: AWS provides extensive API support. Please visit https://docs.aws.amazon.com/ for detailed information.
• API automation tools:
  • Ansible
  • Chef
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: All aspects of the Azure service can be managed using the CLI

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Azure represents a hyper-scale public cloud service.; ; In addition, NETbuilder can proactively monitor service and resource performance and review performance metrics with the customer.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Backup
  • Patching
  • Anti-Virus
  • Security controls & posture
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft Azure

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • All applicable data including system configurations
  • Log files, databases, instances and application data
• Backup controls: Backups are controlled by the Service Desk according to a backup schedule and retention period agreed with the customer
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft datacentres. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: ACL Based Network Security Groups are also used. See https://azure.microsoft.com/en-us/blog/network-security-groups/

Availability and resilience

• Guaranteed availability: NETbuilder will use commercially reasonable efforts to make the Included Services available for each Azure region with a Monthly Uptime Percentage of at least 99.99%, in each case during any monthly billing cycle. In the event any of the Included Services do not meet the Service Commitment, you will be eligible to receive a Service Credit as described below.; ; Less than 99.99% but equal to or greater than 99.0%: 10%; Less than 99.0% but equal to or greater than 95.0%: 30%; Less than 95.0%: 100%; ; Azure SLAs describing Microsoft's commitments for uptime and connectivity can be found at https://azure.microsoft.com/en-gb/support/legal/sla/
• Approach to resilience: Microsoft’s approach to improving Azure reliability involves improving the platform’s capability to minimize impact during planned maintenance events and giving customers control over the experience during these events.; ; For more information please see https://azure.microsoft.com/en-gb/resources/resilience-in-azure-whitepaper/
• Outage reporting: Alerts are generated by our monitoring platform that are received by our 24x7 Service Desk. SMS text alerts, phone calls and/or email notifications are generated and dispatched to user stakeholders for the affected services.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Azure Active Directory is Microsoft’s multi-tenant cloud based directory and identity management service. Azure-AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur. For application developers, Azure-AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations. Azure-AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.
• Access restrictions in management interfaces and support channels: Management access utilises role based access controls and is granted only to those team members who need it. Two factor authentication is also used to further secure and control access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus
• ISO/IEC 27001 accreditation date: 18/07/2023
• What the ISO/IEC 27001 doesn’t cover: All aspects of our Managed Services are included within the scope of our ISO27001:2013 Accreditation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: • ISO27001:2013; • Cyber Essentials; ; Azure:; ; ISO 27001:2013, Cyber Essentials Plus; ISO 27017; ISO 27018; SOC 1/2/3
• Information security policies and processes: Our ISO 27001 Management System identifies significant information security aspects and the associated impacts of our operations. These are managed at all times in a way that minimises risk to all our stakeholders. Training and continual risk assessment ensures this is undertaken in a controlled manner.; ; Specifically, we:; ; • Include information security considerations in existing management systems and initiatives with the aim of improving our management processes, information security performance, whilst committing, at a minimum, to compliance with relevant legislation, contractual security obligations and other requirements to which the company subscribes including ISO 27001; • Work in partnership with our contractors and suppliers to influence and/or improve the integrity of their information security.; • Provide and maintain information security.; • Identify and seek to prevent information security incidents which may arise from our processes, operations and work activities.; • Make adequate provision for dealing with all emergency situations in our business.; • Ensure available access to information security training for our staff, encouraging them to apply good practice at all times.; • Discuss information security issues regularly at the highest levels of the company and consult with our staff on all related matters.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests can range from supporting Azure infrastructure design work through to provisioning new instances and services.; ; We use a well-defined change management process to ensure that changes are implemented in a controlled manner. Changes are risk assessed, include roll back/recovery procedures and are reviewed by our Change Advisory Board (CAB) prior to implementation.; ; Our change management process follows ITIL standards and is included in our ISO 27001 scope.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: NETbuilder has a ISO 27001 aligned vulnerability management process. This processes is audited several times per year both internally and by a UKAS accredited ISO certification body.; ; All relevant systems are anti-malware protected. Updates are tested prior to deployment and are applied according to a schedule. Mailing list subscriptions and security alert briefings are used to keep abreast of the latest vulnerabilites.; ; Vulnerability assessments are also performed on a regular basis using industry standard tools and remediated in a timely manner.; ; Microsoft performs vulnerability scans on the host operating system, web applications, and databases in the Azure environment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: NETbuilder has a ISO 27001 aligned protective monitoring process. These processes are audited several times per year both internally, externally and by the ISO governing body.; ; Protection is provided in a number of ways, including SIEM, IPS, host sensors and next generation firewalls.; ; AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth-usage. Devices monitor:; ; • Port scanning attacks; • Usage (CPU, processes, disk utilization, swap rates, software-error generated losses); • Application metrics; • Unauthorized connection attempts; ; Near real-time alerts flag potential compromise incidents, based on Azure Service/Security Team- set-thresholds.
• Incident management type: Supplier-defined controls
• Incident management approach: NETbuilder's Incident Management process follows the ITIL standard and is included in our ISO 27001 scope. As such, it is audited and approved by our external auditors. Incidents are raised by customers (via the service desk portal, email or phone), monitoring systems or service desk technicians. Root cause analysis is performed for any incident.; ; Azure has its own comprehensive Incident Management plan, details of which can be provided upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.; ; Detailed information can be found at https://docs.microsoft.com/en-us/azure/security/

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  NETbuilder a public target set up with SBTi (Science Based Targets) and report on EcoVadis and CDP.

  Tackling economic inequality

  NETbuilder recruit, employ and train our permanent technical staff per client engagement, often in regional area’s with limited industry. We assess based on attitude and aptitude of the individual, not education alone, which opens up career opportunities to people moving into Digital At a high level we provide:; • Paid full time training so employees do not need to work outside of training hours to support themselves ; • Accessible training programmes that are designed to be inclusive, and adopting and utilising different styles, approach and media to support a wide audience and learning styles. ; • Objective recruitment processes taking away any potential for unconscious bias. This is managed, tracked and auditable in the SkillsNow platform. ; • Localised recruitment to support with local sustainability creating communities and preserving personal and local infrastructure. ; • All employees empowered to actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timelines have been met. This promotes in region investment and increases in skills over time, as well as addressing digital skills gaps in critical technologies, as well as supporting maintenance of legacy applications where necessary. ; ; NETbuilder also provide upskilling and reskilling programmes to support non technical staff cross department/ directorate/ agency transition into CDIO, supporting and aligned to Government Digital and Data Profession Capability Framework . This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a parallel service and stand-alone initiative.

  Equal opportunity

  NETbuilder recruit, employ and train our permanent technical staff per client engagement, often in regional area’s with limited industry. We assess based on attitude and aptitude of the individual, not education alone, which opens up career opportunities to people moving into Digital At a high level we provide:; • Paid full time training so employees do not need to work outside of training hours to support themselves ; • Accessible training programmes that are designed to be inclusive, and adopting and utilising different styles, approach and media to support a wide audience and learning styles. ; • Objective recruitment processes taking away any potential for unconscious bias. This is managed, tracked and auditable in the SkillsNow platform. ; • Localised recruitment to support with local sustainability creating communities and preserving personal and local infrastructure. ; • All employees empowered to actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timelines have been met. This promotes in region investment and increases in skills over time, as well as addressing digital skills gaps in critical technologies, as well as supporting maintenance of legacy applications where necessary. ; ; NETbuilder also provide upskilling and reskilling programmes to support non technical staff cross department/ directorate/ agency transition into CDIO, supporting and aligned to Government Digital and Data Profession Capability Framework . This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a parallel service and stand-alone initiative.

Pricing

• Price: £300 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxwell.ashley@netbuilder.com. Tell them what format you need. It will help if you say what assistive technology you use.