INFRASYS LIMITED

Infrasys Cloud Hosting

Infrasys provide enterprise-class cloud-hosted applications and services. Infrasys ensure (where appropriate) the structured migration of applications from on-premises to the cloud (or cloud-to-cloud), the commissioning of new cloud-based services and applications, and the ongoing support of cloud-hosted applications

Features

• Archiving – Archiving using multiple cloud platforms
• Backup Management - Backup & Recovery using multiple cloud platforms
• Firewall Management - On-site and cloud firewall management
• Identity Management - Microsoft Entra ID (formerly Active Directory Services)
• Infrastructure Provision - Azure servers & storage
• Maintenance - Patching management and OS upgrades
• Monitoring – Proactive monitoring and reporting
• Network Management - On-site, hybrid and cloud network management
• Service Management – of Azure tenants and subscription
• Wifi - cloud management of multi-site wireless networks

Benefits

• Cloud implementation and services delivered using best practices
• Projects & service delivery using Prince2, Agile and ITIL methodologies
• Skilled resources to deliver short to long term projects
• Continuous service improvement
• Ensure ease of integration of existing processes
• Ease of on-boarding, working with your teams
• Multi technology support and management
• Service provided by Microsoft Solutions Partner
• Assurance of cost-consistency to enable budget planning

£50 to £995 a server a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Surinder.Padda@infrasys.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

448720728985087

Contact

Surinder Padda
01217949363
Surinder.Padda@infrasys.co.uk

Service scope

• Service constraints: Planned maintenance will be communicated to users in a timely manner. Any hardware- or configuration-specific constraints will be clearly highlighted.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have tested using different colour contrasts and message notifications.
• Onsite support: Onsite support
• Support levels: Infrasys provide support (upto 24 x 7 x 365) tailored to individual customer requirements; costs are determined by variables including applications, size and nature of the environment, number of sites and SLA.; ; Technical account managers and cloud support engineers are assigned as appropriate.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An Infrasys Technical Account Manager will oversee all aspects of on-boarding, including ensuring that training and documentation meet customer needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be exported from applications to a variety of file formats including XLS and PDF
• End-of-contract process: Customers will be contacted by Infrasys six months prior to contract end-date and will be presented with renewal options. If the customer does not renew the contract, all customer data and IP will be transferred to the customer within 30 days of contract expiry (included in cost). Professional services support required to migrate customer services to a new supplier will be subject to additional cost depending on scope.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can raise cases through the portal and use it to check progress and request escalations, and download reports.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We have tested using different colour contrasts and message notifications.
• API: Yes
• What users can and can't do using the API: The API enables customers to integrate the service with their own and/or third party applications using data formats such as JSON and XML, and web protocol such as HTTP and HTTPS. Infrasys can support users with specific use cases and highlight any limitations.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • Microsoft Azure DevOps
  • Power Automate
  • Azure Logic Apps
  • Microsoft System Center Orchestrator
  • Microsoft Endpoint Configuration Manager
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: CLI can be used for all functionality; Infrasys can support users as required.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Infrasys uses Microsoft's technologies, datacentres and services. Microsoft services scale to meet user demand through a feature known as automatic scaling. This feature adjusts the number of running instances of an application based on incoming HTTP requests, ensuring that web applications can handle varying levels of traffic without users being affected by the demand of other users.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: An Infrasys Technical Account Manager (TAM) will contact a user who is near to reaching service limits.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Users can request any changes to backup schedules and policies by raising support tickets, through web interface or by phone.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: SLA is 99.99% uptime; service credits are offered in the event that those levels of availability are not met.
• Approach to resilience: The service is based on Microsoft's Azure platform and infrastructure, and as such meets or exceeds regulatory requirements in respect of security, data integrity and business continuity. Additional information is available on request.
• Outage reporting: Public dashboard and email alerts report on availability; additionally, Technical Account Managers liaise directly with customers.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: Management interfaces are restricted to named users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: The Infrasys InfoSec Incident Handling Checklist details procedures that should be followed by Infrasys InfoSec staff in the event of a possible security incident. Actions are in 3 stages: 1 - Detection and Analysis; 2 - Containment, Eradication, and Recovery; and 3 - Post-Incident Activity including reporting and lessons-learned.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Infrasys change management adheres to ITIL principles and methodologies. All potential changes are assessed in the context of security impacts and any other dependencies.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Infrasys takes a multi-layered approach to vulnerability management, deploying tools from vendors including ManageEngine, Microsoft, Trend and Barracuda as part of a process of continual risk assessment; these tools monitor, assess and report to inform timely application of patches as required.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Each service will be monitored with automatic alerts sent to Infrasys Service Desk. Infrasys also work closely with each technical vendor and any known compromises will be managed under the ITIL framework. Logs will be kept for an agreed retention period and checked on a regular basis. Each alert/known compromise will have a ticket raised and given a severity level. Each severity has a Key Performance Indicator, including a response time and fix time.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Infrasys use ITILv3 framework for incident/problem management. Infrasys operate a Service Desk where customers can raise incident tickets either online or telephone. Each severity call is assigned a KPI set out in the agreed SLA document. Common pre-defined events will have a documented process. Monthly reports are generated and reviewed in service management meetings.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: The service uses Microsoft's multi-tenanted architecture, whereby logical isolation is enforced through rigorous security controls. Only authorized users can access specific resources and data is encrypted both at rest and in transit. Azure network security features include Network Security Groups (NSGs), Application Security Groups (ASGs), and Azure Firewall to control inbound and outbound network traffic to and from Azure resources.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft’s datacenters are designed with energy efficiency in mind, utilizing the latest in green technologies. They employ a variety of strategies to reduce energy consumption, such as using outside air for cooling, employing advanced cooling systems that consume less water and energy, and installing smart lighting systems. Microsoft also invests in renewable energy sources and has set ambitious goals to reduce its carbon footprint, including a commitment to shift to 100% renewable energy.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Our service reduces users' carbon footprint in utilising Microsoft's datacentres, which are on a pathway to 100% renewable energy.

  Equal opportunity

  Infrasys is an equal opportunity employer with a commitment to equality of opportunity throughout the business.

Pricing

• Price: £50 to £995 a server a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 30-day trial of fully specified service is available.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Surinder.Padda@infrasys.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.