Azure Infrastructure Services
Microsoft Azure is an ever-expanding set of cloud services to help your organisation meet your business challenges using cloud services from the following cloud compute concepts: IaaS, PaaS and Serverless.
We use the Azure CSP to provide added value to our customers with an end-to-end relationship.
Features
- Deliver cached web content from edge servers to improve latency.
- Quickly deploy Kubernetes, DC/OS, or Docker Swarm Cluster.
- High availability by distributing incoming traffic amongst healthy compute resources.
- Quickly assess/diagnose with access to log data and analytics.
- Provide reliable message queuing and durable publish/subscribe messaging.
Benefits
- Access your hosted applications from anywhere on any device.
- Better latency for web content.
- Highly availability and load balancing for your applications.
- Add a rich search experience to your applications.
Pricing
£0.01 a unit
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 2 1 8 1 4 7 3 7 9 8 1 7 3 6
Contact
CLIMB GLOBAL SOLUTIONS LTD
Chris Chandler
Telephone: 01364 654100
Email: chrisc@greymatter.com
Service scope
- Service constraints
-
PaaS services such as App Services may require adjustments to application architecture or code.
App Services supports the following programming languages: .NET, .NET Core, Java, Ruby, Node.js, PHP, and Python. - System requirements
-
- Licenses included in cost of Virtual Machines (VMs).
- Non-Microsoft software products may require licenses for use in VMs.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Standard level offers you a 2-hour response time for your business-critical issues and our team are available Monday to Friday (excluding bank holidays), 9 am to 5:30 pm.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- None, standard text-based web chat.
- Web chat accessibility testing
- None, standard text-based web chat.
- Onsite support
- Yes, at extra cost
- Support levels
-
Standard free support offers:
- Unlimited remote break/fix support
- 2-hour response SLA for business-critical issues (severity A)
- Support incident escalation service
- 24x7 access to our ServiceAide helpdesk portal to log support requests, knowledge base and FAQs
- Service availability Monday to Friday (excluding bank holidays), 09:00 to 17:30
24x7 support offerings are available upon request. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Microsoft provide a lot of online training material for Azure, and the Azure cloud services are well-documented to enable IT professionals and developers to easily get started. There are deployment templates available and step-by-step tutorials to help guide the user through self-paced learning. If additional training is required, we can provide end user and technical training services for a fee.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Azure services can be moved or migrated to another subscription or tenant if the contract ends and if you no longer wish to continue to use our services under our Azure CSP subscription. Your Azure services will be made available to you throughout your contract and you will have full access to move your services and data as required.
- End-of-contract process
- The contract includes the ability to purchase Microsoft cloud services from ourselves, we will provision and support an Azure CSP subscription, the subscription can then be used to create new cloud resources through the various interfaces available, or move existing cloud resources. If the contract is terminated for any reason, then the subscription will suspended on a predetermined date to prevent further bills. If you wish to continue to use any of the Azure resources after the subscription is suspended, then they will need to be moved out of the subscription, which will require technical services which will be chargeable by us if you require us to perform the migration tasks.
Using the service
- Web browser interface
- Yes
- Using the web interface
- The portal allows users to browse active resources, modify settings, launch new resources, and view basic monitoring data from active virtual machines and other Azure services. The Azure portal is located at https://portal.azure.com/.
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- Microsoft performed these tests to achieve their WCAG certification. Because Microsoft is a major software and cloud-services provider to states and governments around the world, it is committed to complying with all relevant international standards and compliance controls. By adhering to these wide-ranging accessibility standards, Microsoft ensures that all customers—both inside and outside of government—can use Microsoft services and products.
- API
- Yes
- What users can and can't do using the API
- Azure provides an API built on REST, HTTP, and XML that allows a developer to interact with the services provided by Microsoft Azure, and Azure also integrates with Microsoft Visual Studio, Git, and Eclipse.
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
-
Microsoft Azure supports the use of the AzureRM PowerShell module (Windows), in addition to the new Cross-platform Az module which supports all Windows, Linux and MacOS.
Azure CLI is a command-line tool that works entirely cross-platform and is used for managing Azure resources. Azure Cloud Shell which is a browser-version of Azure CLI is natively available in the Azure portal.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Most Azure cloud services offer guaranteed capacity. When a cloud resource such as a Virtual Machine has been created and turned on within an Azure region, Microsoft offer the resource in a dedicated capacity, except for cloud services which are "shared". More information available on request.
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files and Folders (Windows server and Windows computer)
- Hyper-V virtual machine (Windows)
- Hyper-V virtual machine (Linux)
- VMware virtual machine
- Microsoft SQL Server
- Microsoft SharePoint
- Microsoft Exchange
- Azure IaaS VMs (Windows)
- Azure IaaS VMs (Linux)
- Backup controls
- Azure Backup policies can be configured to protect the supported workload as required and the backup policy can run automatically on a predetermined schedule.
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Single datacentre with multiple copies
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Monthly Service Level :
1. The Service Level varies by service.
2. The Monthly Uptime Percentage is calculated for a given calendar month using the following formula:
Monthly Uptime Percentage (=) Total number of minutes in a given calendar month (minus) Total number of minutes of Downtime in a given calendar month.
More information available on request. - Approach to resilience
- Datacenters implement numerous techniques and technologies to achieve resilience including significant power, hardware, data and network redundancy through the use of Availability Sets and Availability Zones, amongst other datacenter resiliency configurable solutions. Detailed information is available upon request.
- Outage reporting
- Outages can be communicated by multiple methods including configurable Dashboards, accessible via APIs, email alerts and via phone.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Username or password
- Other
- Other user authentication
-
Azure Active Directory is Microsoft’s multi-tenant cloud based directory and identity management service. Azure-AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur. For application developers, Azure-AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations. Azure-AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis - Access restrictions in management interfaces and support channels
-
AzureAD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Security governance is standardised via internal policies and procedures. The Azure platform complies to all standards detailed within the Microsoft Security and Compliance Centre.
- Information security policies and processes
- Director level ownership, all processes are tracked and audited and there are additional requirements around change management. Accountability at all levels.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Please see:
https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
When providing the Antimalware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.
Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future re-occurrence.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Hyper-V
- How shared infrastructure is kept separate
- Microsoft Azure provides Tenant Level Isolation, Compute Isolation, Storage Isolation, Networking Isolation and they have also well-documented the isolation methodologies for other cloud services which are multi-tenanted. Information is available on request.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- In Microsoft's latest datacentre designs, the Power Usage Effectiveness (PUE), a measure of overall building load divided by IT load, average 1.12-1.2 depending on physical location, representing a substantial energy reduction versus the industry average of 1.8. Microsoft has demonstrated a long-standing commitment to sustainability, and are continuously innovating and evolving to drive greater efficiency, reliability, performance, and security across their cloud infrastructure.
Social Value
- Wellbeing
-
Wellbeing
Further information on Grey Matter’s culture and corporate responsibility can be found here: https://greymatter.com/about/#culture
Pricing
- Price
- £0.01 a unit
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- You can create a free Azure account. Microsoft offer 1-month trial of Azure with £150 credit. At the end of the trial, some popular services are free for 12-months, and there are some services which are always free.