Ultima Managed Cloud
Managed Cloud is built to address the ongoing challenges of running a public cloud environment: controlling costs, patch management and backup. Backed by our 24x7 support centre and our extensive technical enablement services Managed Cloud allows staff to refocus from business as usual to innovation.
Features
- Delivered from our UK-based ISO27001 certified 24x7 Technical Service Centre
- Two service tiers, providing accountability across both CSP and Azure
- Bundle resources, management, licensing and support into affordable monthly subscription
- Interactive dashboard grants insight into consumption, subscriptions, governance, billing, workloads
- Eliminate excess resources through rightsizing, reducing consumption cost
- 24x7 support for on-boarding, subscription, service management and security activities
- Support for Azure compute, databases, management, networking, security, storage technologies
- Managed Cloud costs scales on a per-service basis
- Based on CSP framework, with contracts setup and renewed annually
- Compliant with the 14 x NCSC cloud security principles
Benefits
- Managed Cloud extends the out-of-the-box Azure experience
- Automated provisioning, configuration, reporting, monitoring, security, optimization and maintenance
- We have simplified cloud ownership, dramatically reducing operating costs
- Dramatically reduce the need for human intervention around BAU activities
- Offload majority of support tasks to a Microsoft Gold partner
- Overcome the most common Public Cloud challenges plaguing IT teams
- Our platform continually analyses Azure expenditure and optimizes licensing/usage
- Reduce TCO and siphon the difference into an innovation budget
- Stimulate innovation, kick-start growth and accelerate digital transformation
- Scale your public cloud footprint using automation, over additional staff
Pricing
£1,000 to £65,000 a unit
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 3 9 2 5 8 3 0 1 1 3 7 5 3 6
Contact
Ultima Business Solutions Ltd
Ultima Bid Office
Telephone: +44333 0158000
Email: publicsectorbids@ultima.com
Service scope
- Service constraints
- This service can only be provided on Azure CSP and EA agreements
- System requirements
-
- Azure CSP
- Azure EA
- Azure MCA/PAYG
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Priority 1 Tickets - 15 Minutes
Priority 2 Tickets - 4 hours
Priority 3 Tickets - 1 Day
Priority 4 Tickets - 2 Days - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
- Ultima’s Managed Cloud is delivered through a single tier providing full 24x7 support and a range of add-on services from optimisation through to security analytics.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
As part of the on boarding to the service full user guides are sent out to the users which will be interacting with the service. There is also a FAQ and knowledge base that is provided to all registered users of the service.
If required online training can be arranged at an additional cost to the service. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- .docx
- End-of-contract data extraction
- The customers data is never stored on our systems, it will always reside within the customers tenant which at all times they are in control of.
- End-of-contract process
- All off boarding activities are included within the cost of the contract, would the management service is removed it is down the the customer to administer all aspects of there platform.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Managed Cloud allows for users to have access to a service management portal or the Azure native user interface in order to create and manage services. Any action taken in either will be automatically reflected in the other portal without user interaction.
Within the service management portal there are a list of pre-approved changes which do not require any change control from a customer, if a customer wishes to go outside of this using there normal change control procedure this be facilitated directly in the Microsoft Azure portal or through the service management portal. - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
-
Detail for the service management portal can be found here https://docs.servicenow.com/bundle/orlando-release-notes/page/administer/accessibility-508-compliance/reference/r_VPAT.html
Details for the Azure portal can be found here: https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/ - Web interface accessibility testing
-
Details of the testing for the service management portal can be found here: https://docs.servicenow.com/bundle/orlando-release-notes/page/administer/accessibility-508-compliance/reference/r_VPAT.html
Details for the Azure portal can be found here: https://cloudblogs.microsoft.com/industry-blog/government/2018/09/11/accessibility-conformance-reports/ - API
- Yes
- What users can and can't do using the API
- The service management portal does not surface any APIs for access as this is designed to be the single tool for service management. However Azure has a fully documented REST API which can be utilised, full documentation for this API can be found at the following link: https://docs.microsoft.com/en-us/rest/api/azure/
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
-
The service management does not have customer facing CLI and all changes to the underlying platform are handled by ourselves or third parties if required.
The Azure platform has full CLI access, documentation for this can be found here: https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
-
The management platform exists within each customers tenant rather than as a shared services environment and therefore cannot be impacted by any noisy neighbour. In order to provide the 3rd line support continual capacity planning takes place to make sure that there is capacity within our support facility for new and existing customers as they scale.
The service is underpinned by Microsoft Azure, as part of the underlying service as part of the infrastructure platform Microsoft continuously monitors service usage to project infrastructure needs to support availability commitments/requirements, further more there is continual capacity planning to support future demands. - Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Active connections
- Configuration changes
- Backup state
- Patch state
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- Virtual machines
- Backup controls
-
By default there are 4 different schedules that can be applied based on the type of machine as well and the operating system that the machine is running.
Each of these 4 schedules has a patching window which is automatically used if there is not an override requested by the customer. - Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Single datacentre with multiple copies
- Single datacentre
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
For the management platform the there are SLA's for response based on the priority of the tickets with a 95% KPI:
Priority 1 tickets: 15 minutes
Priority 2 tickets: 4 hours
Priority 3 tickets: 1 day
Priority 4 tickets: 2 days
For the management platform the there are SLA's for resolution based on the priority of the tickets with a 95% KPI:
Priority 1 tickets: 4 hours
Priority 2 tickets: 8 hours
Priority 3 tickets: 2 days
Priority 4 tickets: 4 days
The SLA of the Azure platform is governed by Microsoft, details of which can be foound here: https://azure.microsoft.com/en-gb/support/legal/sla/ - Approach to resilience
- The service uses hyper-scale cloud technology with resilience built into the design of the components. The design follows best practice guidance for building cloud services which covers both security and resileince.
- Outage reporting
-
The Azure platform has a publicly available here: https://status.azure.com/en-gb/status
As part of the service customers will also receive alerts as part of the service from the management platform.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Access restrictions in management interfaces and support channels
- As part of the service setup and ongoing reviews account can be added and removed from the access to the service by approved users. As part of this process the user can be setup as an Incident Contact, Change Requester or Change Approver or a combination of all three.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Devices users manage the service through
-
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyd's Register
- ISO/IEC 27001 accreditation date
- 23/08/2018
- What the ISO/IEC 27001 doesn’t cover
- Please see https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO 27001 and ISO 9001 are followed across the business
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our change management system logs all systems into our ITSM platform. From here changes are validated by technical professionals before actioning.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The processes used as part of the service are ITIL aligned and are required to meet our ISO27001 accreditation
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- The processes used as part of the service are ITIL aligned and are required to meet our ISO27001 accreditation
- Incident management type
- Supplier-defined controls
- Incident management approach
- The processes used as part of the service are ITIL aligned and are required to meet our ISO27001 accreditation
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Hyper-V
- How shared infrastructure is kept separate
- The shared platform is part of the Microsoft Azure hyper-scale platform.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- For this service we are leveraging Microsoft datacentres for hosting of services. Details on how the Microsoft datacentres meet the EU code of conduct for energy efficient datacentres can be found within this document: https://download.microsoft.com/download/6/8/F/68F6C057-7ED4-440C-81A9-E289AACFB3DA/DublinDataCentreCasestudy_FINAL.pdf
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
Fighting climate change
Fighting climate change
Specific targets will be agreed with each customer at contract commencement, such as dedicated hours to a cause, green consultancy, or activities in the local area. However, at a broader level Ultima will deliver wider benefits. Our services are carried out remotely, wherever possible, reducing carbon emissions. Public transport will be encouraged for any mandatory travel. This ensures that customers working with us will have low supply chain carbon emissions. The services provided will also enable our customers to reduce their carbon emissions. For example, reduction of hardware and datacentre reliance through hosting and management. Resources used will be maximised through replicated use, reducing overall impact on the environment. Additionally, for every new member of staff hired, Ultima will plant one tree to offset their carbon footprint. Therefore, through working with Ultima, customers are reducing carbon emissions through a greener supply chain, and through reduction of their own infrastructure.Covid-19 recovery
Covid-19 recovery
Specific targets will be agreed with each customer at contract commencement, such as dedicated hours to CV/interview training, work placement targets, or retraining. However, at a broader level Ultima will deliver wider benefits. Working with Ultima will enable cloud services, and therefore, flexibility to effective and reliable remote working for customers. Therefore, those most vulnerable will have better access to IT services and allow efficient social distancing. Furthermore, Ultima is committed to the mental health of those working with us. Support will be offered to anyone working on each customer contract.Tackling economic inequality
Tackling economic inequality
Specific targets will be agreed with each customer at contract commencement, such as percentage of SME supply chain, work placement targets, or apprenticeships. However, at a broader level Ultima will deliver wider benefits. By working with Ultima, customers will be spending with an organisation with the flexibility to work directly with SMEs, and can offer this as a choice. Ultima work with SMEs as part of the supply chain. Therefore, customers are supporting SMEs through working with Ultima.Equal opportunity
Equal opportunity
Specific targets will be agreed with each customer at contract commencement, such as targeted training, work placement targets, or apprenticeships. However, at a broader level Ultima will deliver wider benefits. Ultima are committed to ending modern slavery. This is demonstrated through the actions outlined in the modern slavery statement. Therefore, by working with Ultima, customers are actively reducing risks associated to modern slavery via their supply chain.
Pricing
- Price
- £1,000 to £65,000 a unit
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A trail is available for customer to access a controlled environment to test the features of the service