CLIMB GLOBAL SOLUTIONS LTD

Azure Infrastructure Services

Microsoft Azure is an ever-expanding set of cloud services to help your organisation meet your business challenges using cloud services from the following cloud compute concepts: IaaS, PaaS and Serverless.

We use the Azure CSP to provide added value to our customers with an end-to-end relationship.

Features

  • Deliver cached web content from edge servers to improve latency.
  • Quickly deploy Kubernetes, DC/OS, or Docker Swarm Cluster.
  • High availability by distributing incoming traffic amongst healthy compute resources.
  • Quickly assess/diagnose with access to log data and analytics.
  • Provide reliable message queuing and durable publish/subscribe messaging.

Benefits

  • Access your hosted applications from anywhere on any device.
  • Better latency for web content.
  • Highly availability and load balancing for your applications.
  • Add a rich search experience to your applications.

Pricing

£0.01 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chrisc@greymatter.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 2 1 8 1 4 7 3 7 9 8 1 7 3 6

Contact

CLIMB GLOBAL SOLUTIONS LTD Chris Chandler
Telephone: 01364 654100
Email: chrisc@greymatter.com

Service scope

Service constraints
PaaS services such as App Services may require adjustments to application architecture or code.

App Services supports the following programming languages: .NET, .NET Core, Java, Ruby, Node.js, PHP, and Python.
System requirements
  • Licenses included in cost of Virtual Machines (VMs).
  • Non-Microsoft software products may require licenses for use in VMs.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard level offers you a 2-hour response time for your business-critical issues and our team are available Monday to Friday (excluding bank holidays), 9 am to 5:30 pm.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
None, standard text-based web chat.
Web chat accessibility testing
None, standard text-based web chat.
Onsite support
Yes, at extra cost
Support levels
Standard free support offers:
- Unlimited remote break/fix support
- 2-hour response SLA for business-critical issues (severity A)
- Support incident escalation service
- 24x7 access to our ServiceAide helpdesk portal to log support requests, knowledge base and FAQs
- Service availability Monday to Friday (excluding bank holidays), 09:00 to 17:30

24x7 support offerings are available upon request.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Microsoft provide a lot of online training material for Azure, and the Azure cloud services are well-documented to enable IT professionals and developers to easily get started. There are deployment templates available and step-by-step tutorials to help guide the user through self-paced learning. If additional training is required, we can provide end user and technical training services for a fee.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Azure services can be moved or migrated to another subscription or tenant if the contract ends and if you no longer wish to continue to use our services under our Azure CSP subscription. Your Azure services will be made available to you throughout your contract and you will have full access to move your services and data as required.
End-of-contract process
The contract includes the ability to purchase Microsoft cloud services from ourselves, we will provision and support an Azure CSP subscription, the subscription can then be used to create new cloud resources through the various interfaces available, or move existing cloud resources. If the contract is terminated for any reason, then the subscription will suspended on a predetermined date to prevent further bills. If you wish to continue to use any of the Azure resources after the subscription is suspended, then they will need to be moved out of the subscription, which will require technical services which will be chargeable by us if you require us to perform the migration tasks.

Using the service

Web browser interface
Yes
Using the web interface
The portal allows users to browse active resources, modify settings, launch new resources, and view basic monitoring data from active virtual machines and other Azure services. The Azure portal is located at https://portal.azure.com/.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Microsoft performed these tests to achieve their WCAG certification. Because Microsoft is a major software and cloud-services provider to states and governments around the world, it is committed to complying with all relevant international standards and compliance controls. By adhering to these wide-ranging accessibility standards, Microsoft ensures that all customers—both inside and outside of government—can use Microsoft services and products.
API
Yes
What users can and can't do using the API
Azure provides an API built on REST, HTTP, and XML that allows a developer to interact with the services provided by Microsoft Azure, and Azure also integrates with Microsoft Visual Studio, Git, and Eclipse.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Microsoft Azure supports the use of the AzureRM PowerShell module (Windows), in addition to the new Cross-platform Az module which supports all Windows, Linux and MacOS.

Azure CLI is a command-line tool that works entirely cross-platform and is used for managing Azure resources. Azure Cloud Shell which is a browser-version of Azure CLI is natively available in the Azure portal.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Most Azure cloud services offer guaranteed capacity. When a cloud resource such as a Virtual Machine has been created and turned on within an Azure region, Microsoft offer the resource in a dedicated capacity, except for cloud services which are "shared". More information available on request.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files and Folders (Windows server and Windows computer)
  • Hyper-V virtual machine (Windows)
  • Hyper-V virtual machine (Linux)
  • VMware virtual machine
  • Microsoft SQL Server
  • Microsoft SharePoint
  • Microsoft Exchange
  • Azure IaaS VMs (Windows)
  • Azure IaaS VMs (Linux)
Backup controls
Azure Backup policies can be configured to protect the supported workload as required and the backup policy can run automatically on a predetermined schedule.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Single datacentre with multiple copies
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Monthly Service Level :

1. The Service Level varies by service.
2. The Monthly Uptime Percentage is calculated for a given calendar month using the following formula:

Monthly Uptime Percentage (=) Total number of minutes in a given calendar month (minus) Total number of minutes of Downtime in a given calendar month.

More information available on request.
Approach to resilience
Datacenters implement numerous techniques and technologies to achieve resilience including significant power, hardware, data and network redundancy through the use of Availability Sets and Availability Zones, amongst other datacenter resiliency configurable solutions. Detailed information is available upon request.
Outage reporting
Outages can be communicated by multiple methods including configurable Dashboards, accessible via APIs, email alerts and via phone.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication
Azure Active Directory is Microsoft’s multi-tenant cloud based directory and identity management service. Azure-AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur. For application developers, Azure-AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations. Azure-AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis
Access restrictions in management interfaces and support channels
AzureAD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security governance is standardised via internal policies and procedures. The Azure platform complies to all standards detailed within the Microsoft Security and Compliance Centre.
Information security policies and processes
Director level ownership, all processes are tracked and audited and there are additional requirements around change management. Accountability at all levels.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.

Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.

Please see:
https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.

When providing the Antimalware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft has developed robust processes to facilitate a coordinated response to incidents.

• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future re-occurrence.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Microsoft Azure provides Tenant Level Isolation, Compute Isolation, Storage Isolation, Networking Isolation and they have also well-documented the isolation methodologies for other cloud services which are multi-tenanted. Information is available on request.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
In Microsoft's latest datacentre designs, the Power Usage Effectiveness (PUE), a measure of overall building load divided by IT load, average 1.12-1.2 depending on physical location, representing a substantial energy reduction versus the industry average of 1.8. Microsoft has demonstrated a long-standing commitment to sustainability, and are continuously innovating and evolving to drive greater efficiency, reliability, performance, and security across their cloud infrastructure.

Social Value

Wellbeing

Wellbeing

Further information on Grey Matter’s culture and corporate responsibility can be found here: https://greymatter.com/about/#culture

Pricing

Price
£0.01 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
You can create a free Azure account. Microsoft offer 1-month trial of Azure with £150 credit. At the end of the trial, some popular services are free for 12-months, and there are some services which are always free.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chrisc@greymatter.com. Tell them what format you need. It will help if you say what assistive technology you use.