Microsoft (MS) Azure Managed Infrastructure as a Service (IaaS)
Microsoft (MS) Azure Managed Infrastructure as a Service (IaaS) allows our cloud experts to evolve your technology estate into a value-generating, intelligent engine of innovation, automation, agility, and sustained business outcomes.
We support/transform infrastructures regardless of size, age, technology, complexity, ensuring best practice in a secure and cost-effective manner.
Features
- Infrastructure-as-a-Service (IaaS) with Microsoft (MS) Azure
- Microsoft (MS) Gold Partner: Azure Specialisation in Apps Modernisation
- ITILv4 Incident, Problem and Change Management processes
- Continuous improvement, integration and optimisation with disaster recovery options
- Dynamic monitoring, anomaly detection, machine learning, patching and security management
- IITILv4, ISO20000, ISO27001, Cyber Essentials Plus certified managed service
- 24/7/365 monitoring and alerting. SLAs and VLAs
- Secure Azure migration and managed services supporting OFFICIAL AND OFFICIAL-SENSITIVE
- Well Architected infrastructure design and build
- DevOps, CI/CD, self-healing solutions, Infrastructure-as-Code, Terraform
Benefits
- Microsoft (MS) Gold Partner; Gold Cloud Platform; Gold Cloud Productivity
- Microsoft (MS) Azure Expert MSP
- Rapid deployment of scalable and robust cloud-based solutions
- Automation for infrastructure builds and workload migrations
- Best practice governance, compliance and Security by design
- Solution and application-based SLAs and VLAs
- Ongoing expert advice on best cloud services to meet requirements
- Value for money ensured through cloud management and cost optimisation
- Additional services available for platform management and software development
- Optional: Expert advice on maximising current licence investments
Pricing
£250 a server a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
9 0 3 9 0 2 6 3 0 5 2 1 8 4 2
Contact
Version 1 Solutions Limited
Emma Olsen
Telephone: +44 203 859 4790
Email: tendernotices@version1.com
Service scope
- Service constraints
- See https://docs.microsoft.com/en-gb/azure/ to determine applicable constraints based on buyers requirements.
- System requirements
- See https://docs.microsoft.com/en-gb/azure/
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Standard SLA covers Office Hours:
1 hour priority calls
4 hour response standard
Can be tailored to customer requirement including weekend cover - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Version1 provide service tiers for our Managed Service Models, each tier provides Buyers with access to specific assistance and benefits, allowing you to choose the services best suited to your needs. Essentials, Advanced and Premier levels as detailed in the attached Service Definition Document. The Advanced (or Silver) level provides Normal Office Hours and 24/7 options. For added flexibility, we do not force clients into a ‘one-size-fits-all’ service and price and offer a ‘mix-and-match’ approach allowing you to operate a cost and service-optimised portfolio, applying and apply the right tier to the appropriate right business applications, or to production and non-production workloads. Cost details are provided in the pricing document. Version 1 has an ITIL based Service Governance structure in place for each client to ensure SLAs are met and the overall support service is managed in a responsive, customer-focused manner. The focus of the service governance will be a regular Service Management Board or Service Review Meeting attended by key stakeholders. Each managed service client is assigned a Service Manager to co-ordinate their service provision and ensure customer satisfaction levels are maintained.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- See https://azure.microsoft.com/en-us/resources/ plus comprehensive online documentation for various solutions available across the platform. See https://docs.microsoft.com/en-us/azure/. We also offer free of charge remote best practice guidance from our Azure Engineers called FastTrack for Azure. https://azure.microsoft.com/en-us/programs/azure-fasttrack/#overview
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Customer are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services. Also see https://www.microsoft.com/en-us/trustcenter/privacy
- End-of-contract process
- Microsoft is governed by strict standards and removes cloud customer data from systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. https://www.microsoft.com/en-gb/trust-center/privacy/data-management?rtc=1
Using the service
- Web browser interface
- Yes
- Using the web interface
- See https://azure.microsoft.com/en-gb/features/azure-portal/
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- https://www.microsoft.com/en-us/accessibility/
- API
- Yes
- What users can and can't do using the API
- https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
- API automation tools
-
- Ansible
- Chef
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
- The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation. https://docs.microsoft.com/en-us/cli/azure/?msclkid=2b50e70aa91311ec9b84e2bb2e192699
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- We currently have On Demand Capacity Reservation in preview https://docs.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- AD, Server, Service, Configuration Stores, Spring, Automation, Private Cloud, Batch
- Workspaces, Accounts, Blockchain Members, Bot Services, Redis, App Firewall policies
- Profiles, Roles, VM's, Storage accounts, blob services, file services
- Queue services, table services, pools, nodes, communication services, disks
- Container groups, registries, managed clusters
- Please see https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported
- Reporting types
- API access
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Microsoft
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Other
- Other data at rest protection approach
- Azure Key Vault & Azure Active Director see https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest?msclkid=b2f26c8ea91a11ecac8f8d24fb4e36fc
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files, folders and system state
- Entire Windows/Linux VMs
- Azure Managed Disks
- Azure Files shares
- SQL Server in Azure VMs
- SAP HANA databases in Azure VMs
- Azure Database for PostgreSQL servers
- Azure Blobs
- Backup controls
- By assigning Azure Policies in Backup Center.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
-
Microsoft’s approach to enabling two layers of encryption for data in transit is:
Transit encryption using Transport Layer Security (TLS) 1.2. All traffic leaving a datacenter is encrypted in transit, even if the traffic destination is another domain controller in the same region. TLS 1.2 is the default security protocol used. TLS provides strong authentication, message privacy, and integrity (enabling detection of message tampering, interception, and forgery), interoperability, algorithm flexibility, and ease of deployment and use.
Additional layer of encryption provided at the infrastructure layer. - Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- See SLA's for each service here https://azure.microsoft.com/en-gb/support/legal/sla/summary/?msclkid=0132c6f0a91b11ec927496d95a52a9a9
- Approach to resilience
-
Network reliability through intelligent software
Safe Deployment with AIOps
Resiliency threat modeling for large distributed systems
Low and no impact maintenance
For more detail please see https://azure.microsoft.com/en-us/features/reliability/#features - Outage reporting
- Through Azure Service Health which gives personalised alerts and guidance for Azure service issues.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell. https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
-
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
For more information: https://docs.microsoft.com/en-gb/azure/role-based-access-control/overview - Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Certification Europe
- ISO/IEC 27001 accreditation date
- 20/04/2019
- What the ISO/IEC 27001 doesn’t cover
- All our Cloud Hosting Services are covered by the ISO 27001 Certification
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Other
- Other security governance standards
- EN 301 549, ENISA IAF, EU Model Clauses, UK Cyber Essentials Plus, UK NPIRMT, CIS Hardened images, SOC 1 Type 2, SOC 2 Type 2
- Information security policies and processes
- We have policies for infrastructure security, physical security, availability, components & boundaries, network architecture, production network, SQL DB, operations, monitoring, integrity and data protection. For more information please visit https://docs.microsoft.com/en-gb/azure/security/fundamentals/infrastructure-availability
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Please see https://www.microsoft.com/en-us/SDL/OperationalSecurityAssurance and https://www.microsoft.com/en-us/sdl - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Vulnerability management recommendations focus on addressing issues related to continuously acquiring, assessing, and acting on new information in order to identify and remediate vulnerabilities as well as minimizing the window of opportunity for attackers.
1: Run automated vulnerability scanning tools
2: Deploy automated operating system patch management solution
3: Deploy automated patch management solution for third-party software titles
4: Compare back-to-back vulnerability scans
5: Use a risk-rating process to prioritize the remediation of discovered vulnerabilities
For more information https://docs.microsoft.com/en-us/security/benchmark/azure/security-control-vulnerability-management - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Microsoft Defender for Cloud helps you prevent, detect, and respond to threats. Defender for Cloud gives you increased visibility into, and control over, the security of your Azure resources as well as those in your hybrid cloud environment.
Defender for Cloud performs continuous security assessments of your connected resources and compares their configuration and deployment against the Azure Security Benchmark to provide detailed security recommendations tailored for your environment.
Intelligent Security Graph provides real-time threat protection in Microsoft products/services. It uses advanced analytics that link threat intelligence and security data to provide insights that can strengthen organizational security - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analyzed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Other
- Other virtualisation technology used
- VMware, Hyper-V, Red Hat Virtualisation
- How shared infrastructure is kept separate
-
https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices
A tenant can be defined as a client/organization that owns and manages a specific instance of that cloud service. With the identity platform provided by Microsoft Azure, a tenant is a dedicated instance of Azure Active Directory (Azure AD) that your organization receives and owns when it signs up for a Microsoft cloud service. Each Azure AD directory is distinct and separate from other Azure AD directories. The Azure AD architecture isolates customer data and identity information from co-mingling. This means that users and administrators of one Azure AD directory cannot accidentally or maliciously access data in another directory.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Please see https://www.microsoft.com/en-us/corporate-responsibility/sustainability
Social Value
- Fighting climate change
-
Fighting climate change
Version1 will deliver additional environmental benefits in the performance of our contracts. We are a Carbon Neutral company and have committed to be Carbon Net Zero by 2025; compliant with (PPN) 06/21 with a published CRP, ISO14001 certified and an SECR. We have signed the business ambition for 1.5 °C commitment letter to SBTi and will reduce emissions in line with science-based targets. All results are reported annually via the Carbon Disclosure Project framework. Our plan to support environmental protection and improvement includes: • A steering group delivering environmental initiatives through our Environmental, Social, and (Corporate) Governance (ESG) programme. • A dedicated Sustainability Manager to manage our Carbon agenda. • An internal sustainability taskforce driving innovation with customers, identifying opportunities to improve operational efficiency and reduce emissions to fight climate change. As an example; at ICBF, we used blockchain to understand which species of herd emit the most greenhouse gases. • Introduce a Responsible Procurement Policy, ensuring full supply chain. alignment with all our suppliers. • Mobilize, influence, and empower staff to halve their carbon footprint by 2025. • Proactively work with suppliers/partners to decarbonise processes. - Covid-19 recovery
-
Covid-19 recovery
Version1 has embraced our social obligation to support local communities to manage and recover from the impact of COVID-19. Version1 has designed and delivered digital and employability skills for people impacted by COVID-19 through: • Recognising the impact of COVID-19 on young people aged 16-24, we have prioritised our education engagement activities. Working remotely and within restrictions to deliver work placements, and inviting students to participate in our career skills programme for IT. • Supporting people 75+ to use the internet safely with confidence. • Helping young people affected by COVID manage their online profile responsibly • For third sector workers, we improved their digital skills using Microsoft Office and free online tools Initially implemented during lockdown in 2020 and still active at present, Version1 support our customers, communities, partners, and supply chain with both the Covid Remote Working Guide, providing advice on technology, security, culture, and management practices to encourage organisations to embrace remote working. We’ve also been proponents of how future success requires a business to embrace being a naturally digital workplace. Version1 supported our team with paid COVID leave, remote health and wellbeing initiatives to support their physical and mental health through the pandemic. To share our learnings, we included health and wellbeing in our Covid Remote Working Guide with advice on ensuring the social, physical and mental wellbeing of workers affected by COVID-19. Version1 have invested more than £1M to support our teams through our Welltech Framework, where they can order the equipment, they need to work in comfort from home. We are continuing to offer remote and flexible working options where practical, and provide our returning to work team with guidance to ensure they are able to maintain a clean workspace and social distancing. - Tackling economic inequality
-
Tackling economic inequality
Version1 values the importance of SMEs and VCSEs play in our supply chain. Our organisation manages 80+ supplier/partner relationships including SMEs/Start-ups and proactively engages with tech communities, industry events/conferences, and customers to identify new partners to extend this network. We support entrepreneurship through maintaining a diverse supply chain as well as partnering and collaboration with Social Enterprise organisations. We use ISO20000 accredited supply chain management processes consistent with government guidelines and Social Value objectives. Version1 actively engage with local communities, creating employment, businesses, skills and training opportunities relevant to the contract through: • Actively working with economically isolated people or deprived areas through our “Insights” Programme to encourage 16–24-year-olds to consider roles in high growth sectors i.e. STEM • Commitment to employ 165 people through digital academies by 2024, open to anyone with any degree background or level 4/5 STEM qualification • Pilot initiatives to attract more women into tech by creating an academy specifically for women returning to work or changing career • Bespoke programmes to access underserved communities, such as people living with a disability and care leavers • We commit to including SMEs (where possible) in Call-Off Contracts, engaging in pre-contract activities - Equal opportunity
-
Equal opportunity
A Great Place to Work since 2011, Version1 commits to a transparent, accountable, inclusive culture for all our employees, ensuring all are well rewarded, motivated, and continuously developed. Demonstrated by a recent employee survey in that 93% of people agree are treated fairly. Version1 is a certified Disability Confident Committed employer. We have designed and developed services for vulnerable users and users with Assisted Digital and Accessibility requirements for our Public Sector customers. This has included understanding offline options, screen reader requirements, multiple language requirements, those with poor or no internet connectivity, and people with expert, low or no digital skills aligned to Gov.UK’s digital inclusion scale, GDS/CDDO, and the Technology Code of Practice. We are undertaking initiatives in communities to inspire people living with a disability to consider a career in IT. We are working with a foundation that improves employability outcomes and promotes independence for people who are neurodiverse, living with a physical disability, cognitive disability, or acquired injury. Also, we are piloting a partnership with a VCSE that specialise in the recruitment of people living with a disability, using that initiative to identify and inform our future accessibility strategy within recruitment. Our award-winning Diversity Team, is committed to promoting diversity, driving initiatives (e.g. Gender Pay equality, International Women/Men’s Days, Pride, Cultural Diversity), e.g. our startswithaname.net campaign, developed with customers, has an aggregated membership of 40,000+. Version1 is committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our business or any of our supply chains. - Wellbeing
-
Wellbeing
At Version1 we want our employees and community to be healthy and live well. We strive to promote a culture of positive health and wellbeing daily and we invest in a strong culture of wellness through programmes, activities, and resources. Version1 is a certified Healthy Place to Work and were recently listed as one of the UK’s Best Workplaces™ for Wellbeing 2022 at the Great Place to Work awards. Our Health & Wellbeing Strategy is shaped by a network of wellbeing champions from across Version1 who plan events and initiatives. Version1’s ‘Wellbeing Framework’ ensures that employees’ financial, emotional, and physical needs are supported through our investment in a variety of programmes/resources. The 5 pillars of our holistic Wellbeing model include Sense of Purpose, Financial Management, Physical Health, Mental Wellbeing and Social Connections. All wellbeing training, webinars and supporting materials are available on our Health & Wellbeing site for access anytime. Physical Health: we aim to promote positive physical health through a variety of initiatives/activities such as Marathon teams and 5-a-side football and we also aim to ensure our employees are working in a healthy and safe work environment. As an example, we have a “Step Challenge” for all employees each year, easily clocking up over 1m steps. Mental Wellbeing: Our mental wellbeing pillar focuses on mental health, mindfulness, self-confidence, stress management/ resilience and maintaining a growth mindset. We not only want our employees to be getting by we want them to have a positive and growth mindset as they strive to deliver excellence at work.
Pricing
- Price
- £250 a server a month
- Discount for educational organisations
- No
- Free trial available
- No