A4S Cloud Solutions Limited

Microsoft Azure Design, Build, Hosting, Service Transition and Support

We specialise in providing CSP Cloud Hosting and support, we provide optimisation, billing and complete setup.

We also provide partially and fully managed support services that cover the tenant and all contained infrastructure solutions.
We provide incident, request, change, capacity and problem management.

Features

• 24hr proactive monitoring and alerting, online service desk portal.
• Load balancing, clustering, high performance compute.
• Azure automation & scripted failover, failback & bursting routines/runbooks.
• Mix of host replication and geo-resilience for maximum assurance.
• Isolated or routed network connectivity, load balancing, reserved IP addressing.
• CSP Cloud Service Provider
• Connectivity via public or private connected routes, WAN, MPLS, VPN.
• Hosts Linux and Windows servers.
• Provision of all licensing.

Benefits

• Fully integrated with your on premise IT infrastructure.
• Can be refined to integrate with your business application needs.
• Simple to monitor and maintain.
• Low cost, pay as consumed, highly flexible.
• Reduce your infrastructure costs.
• Minimise downtime with dependable recovery.
• Easily provides reports to your review your infrastructure statu
• Easy to access via terminal server, VPN, Azure Domain Join.
• Flexible performance to meet business requirements.

£0.00 a server an hour

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloudservices@a4scloud.solutions. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

741551260506401

Contact

Jason birchall
0161 250 9310
gcloudservices@a4scloud.solutions

Service scope

• Service constraints: None.
• System requirements:
  • A small amount of on premise infrastructure is required.
  • Authentication into your Hyper-V or VSphere Infrastructure.
  • Good quality connectivity from your on premise environment into Azure.
  • An Azure subscription.
  • Microsoft Express Route connectivity to ensure best performance.
  • Microsoft Active Directory on premise and replicated into Azure.
  • Microsoft Active Directory Federated with Azure Active Directory.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Subject to SLA agreed with client.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None.
• Onsite support: Yes, at extra cost
• Support levels: We can provide 24/7/365 incident management based on pre-agreed SLAs. ; A technical account manager provide support where needed, engineering resources can be accessed 24/7/365 as required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Azure4Sure will provide documentation referencing both official Microsoft literature but also lessons learned from previous deployment and experiences. Additionally you can review official microsoft literature at: ; ; https://azure.microsoft.com/en-us/resources/ & https://docs.microsoft.com/en-us/azure/.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Users/customers are able to extract their operational systems data from any Azure hosted using traditional methods such as file copy via network shares, recovery from Microsoft Azure Backup Server or using ASR to migrate their server instances from Azure to their on premise solutions. the customer also has the option of utilising the Azure Import/Export services shown here: https://azure.microsoft.com/en-gb/pricing/details/storage-import-export/.
• End-of-contract process: Please see: https://www.microsoft.com/en-us/trustcenter/privacy/you-own-your-data.; ; Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.; ; If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.; After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.).

Using the service

• Web browser interface: Yes
• Using the web interface: Azure comes with a feature rich and powerful user interface within the Azure Resource Manager console, we can help you configure additional services through this interface and provide the necessary training. All configuration is undertaken through the management console using a mix of graphical user interface, PowerShell commands and runbook scripting.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: None.
• API: Yes
• What users can and can't do using the API: Customers are able to utilise the Azure API Management service to create their own API's as needed. The Azure Service Management API which provides programmatic access to much of the functionality available is through the Management Portal available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager. See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Microsoft Azure cloud utilises various Cloud Scale techniques and technologies, to ensure multi-tenant services are not affected in terms of peak usage, additionally the Azure hypervisor is designed with 3 principles in mind to ensure high performance 1) Efficient and designed to work hardware as much as possible 2) Small footprint to ensure less code churn and less reboots 3) Tightly integrated with the Windows Azure Kernel to support best performance levels.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: ASR Replication Metrics.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft, Zerto, Barracuda, Sophos.

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Please refer to: https://azure.microsoft.com/en-gb/blog/azure-site-recovery-encryption-at-rest/ , http://download.microsoft.com/download/0/D/D/0DD8FB12-6343-4A50-80B2-545F2951D7AE/MicrosoftAzureDataProtection_Aug2014.pdf , https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines.
  • Files.
  • Folders.
  • Databases.
  • On Premise VMs to Azure.
  • Azure VMs to on Premise.
  • Groups of resources using protection groups.
  • Storage Accounts.
  • Software Code.
• Backup controls: Users/customers can create different backup routines across VM instances or resources or create protection groups to apply specific backup routines to groups of resources. Any variety of backups can be applied to either Azure or On Premise resources.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Azure virtual networks can be segregated by dedicated VPN and firewall rules. Data can be transferred between Windows Server 2016 instances and security enforced using firewall rules, encryption and various authentication solutions. Various third party provided IDS solutions can be implemented to further improve security.

Availability and resilience

• Guaranteed availability: Please refer to this document for exact information: https://azure.microsoft.com/en-us/support/legal/sla/site-recovery/v1_1/
• Approach to resilience: Azure is an extremely resilient hyper-scale cloud platform that includes many resilience solutions, these include: storage, virtual machine, application and network high availability across multiple data centres and geographies. Additionally ASR can be utilised to provide resilience between Azure data centres and Azure to physical on premise data centres.; ; Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/.
• Outage reporting: Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Shared key between on premise and Azure based ASR infrastructure.; ; Authentication hinges on the use of Azure Active Directory, this can be run in isolation of federated with your internal on premise Active Directory.
• Access restrictions in management interfaces and support channels: Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 11/09/2018
• What the ISO/IEC 27001 doesn’t cover: Please see https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 12/02/2018
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: None.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire
• PCI DSS accreditation date: 27/08/2018
• What the PCI DSS doesn’t cover: None.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • FACT
  • NHS Information Governance Toolkit
  • SOC 1, 2, 3
  • ISO 27017 and 27018
  • CDSA
  • FedRamp

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: Microsoft Azure complies with the 14 Cloud Security Principles - See https://gallery.technet.microsoft.com/14-Cloud-Security-Controls-670292c1 . Also FACT, NHS IG Toolkit, FedRamp, NIST 800-171, EU Model Clauses.
• Information security policies and processes: Azure4Sure operates a security officer post who is responsible for security policies and procedures. Any security issues/breaches/incidents and reported and immediately via the companies incident management systems and managed through according to severity, impact and scope. ; ; Additionally:; ; Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.; Also see https://www.microsoft.com/en-us/TrustCenter/Compliance/ISO-IEC-27001 and The Microsoft Cloud Security Policy is available via the Service Trust Platform.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Azure4Sure operates ITIL aligned change and configuration management procedures.; ; Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.; Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates knowledge gained through capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape. ; Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Azure4Sure fully utilises the Azure vulnerability management solutions, these include:; - Azure security assessment center to assess threats to service: https://azure.microsoft.com/en-gb/services/security-center/; - The use of 'as a service' solutions to utilise the Microsoft capability to apply patches to services.; - The use of Microsoft reporting aswell as trusted third parties to provide alerting on vulnerabilities.; ; Additionally:; ; Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Azure4Sure utilises Microsoft Security Center to provide a comprehensive security alerting solution.; ; Each alert is reported and logged within the Azure4Sure incident management platform.; ; Each alert is assessed and inline with its impact level.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Azure4Sure operates a ITIL aligned incident management procedure.; ; Incidents related to the platform are automatically alerted via monitoring and alerting.; ; Users can report incidents into the Azure4Sure incident management platform online or via email, or phone.; ; Reports can be provided to customers as agreed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Azure Hypervisor. Hyper-V or VSphere for on-premise.
• How shared infrastructure is kept separate: Please see https://www.microsoft.com/en-us/TrustCenter/Security/default.aspx and https://www.microsoft.com/en-us/trustcenter/security/networksecurity#Secure-infrastructure.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Free air cooling used where possible.; Dublin data centre PUE of 1.25.; Software processes offloaded to underutilized data centres.

Social Value

• Fighting climate change:

  Fighting climate change

  We only utilise cloud services such as Microsoft Azure to avoid the production of raw materials as much as possible, we also attempt to re-use existing solutions where possible, our company vehicles are electric only.
• Covid-19 recovery:

  Covid-19 recovery

  We ensure our working practices support our teams to either recover or to be able to support their own family members to recover using flexible remote working.
• Tackling economic inequality:

  Tackling economic inequality

  We create new employment opportunities where possible and work to upskill our team members to ensure they can progress in their careers. We often work with smaller growing companies to support their growth.
• Equal opportunity:

  Equal opportunity

  We are an equal opportunities employer and recruit team members based on their attitude, work ethic, experience and skill.
• Wellbeing:

  Wellbeing

  We ensure our team members can work flexibly in terms of hours and locations whilst support our clients. We believe work is a thing you do and not a place, our team members are hugely productive whilst being given the flexibility and support to maintain and improve wellbeing.

Pricing

• Price: £0.00 a server an hour
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: All features are included for a period of 31 days before you must convert to a paid subscription.
• Link to free trial: https://azure4sure.co.uk/azure

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloudservices@a4scloud.solutions. Tell them what format you need. It will help if you say what assistive technology you use.