Agilisys Ltd

Microsoft SQL Database as a Service

Provision of a secure, reliable service level orientated database as a service platform which provides organisations with a platform to consolidate databases, servers and storage to achieve efficiencies in costs, resouces and licensing.

Agilisys is a Microsoft Cloud Solution Provider (CSP) able to resell cloud platform services.

Features

  • DBaaS Platform incorporating DBA management
  • Scalable approach to meet your needs and entitlements
  • Differing Service level options to meet varying business needs
  • Reliable, experienced UK based support service
  • Provided from our own cloud platform based in UK Datacentre
  • Dual site disaster recovery available
  • Variety of connection methods available
  • Third party product support options available

Benefits

  • Modular approach ensures pay for only what you need
  • Bring your own data and entitlements reduces migration costs
  • Cost effective, reliable, technical support service
  • Retain your own application expertise and user support
  • Choice of product support options
  • Resilient and scalable platform
  • UK Public Sector ICT Specialist provision
  • Employee owned provider

Pricing

£10398 per unit per month

Service documents

G-Cloud 9

193953683329538

Agilisys Ltd

Darren London

07702 367779

info@agilisys.co.uk

Service scope

Service scope
Service constraints Where customers choose to bring their own licensing they must demonstrate appropriate database, middleware and application product licensing entitlements. Agilisys can advise and assist with consultancy through our G-Cloud 9 Lot 3 Lincense Management as a Service offer if required.
Platform is provided on x86 compute architecture using x86 compatible Linux and Windows operating systems.
System requirements Customer to provide proof of entitlement to portable licenses.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Reponse times within service hours are P1 15 minutes, P2 30 minutes, P3 2 hours, P4 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Support levels include response and resolution times for Incidents (varying by priority) and service requests (varying by priority) .
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The default service provides a standard database configuration and a single import and export of each database for onboarding and offboarding. More specialist requirements can be catered for with the addition of service from the Cloud Support G Cloud service.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats Microsoft Office formats
End-of-contract data extraction Should a customer wish to migrate away from Agilisys then once the Customer has provided written confirmation data will be made available. Our process extracts customer data, in the form of standard backups, from our service which can be transferred securely via network connectivity or via portable media, allowing you to migrate data to other services. Preparing and extracting a single copy of data into a staging area at termination is included within the managed service price. The price of media and shipment of media to transfer data will be charged in addition to the managed service. Further services are available to support off-boarding of your service from the service and are accessible at the rates detailed within the accompanying SFIA rate card.
End-of-contract process He customer initiates the off-boarding process via a service request. Appropriate data is extracted and either presented in a staging area or made available on portable media. Once extracted and confirmed as received by the customer, data is overwritten and released back for reallocation to other Public Sector customers.

Using the service

Using the service
Web browser interface No
API No
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface Users can use the standard database product command line tools to access and manage aspects of the service for which they are responsible, within the assigned permissions.

Scaling

Scaling
Scaling available No
Independence of resources Our service is capacity managed to ensure that users are not adversely affected by other users. In addition, we provide uncontended memory and for larger customers, dedicated compute resources. We also validate designs for each client through a TDA approval process for their service, which would include performance requirements. Once in service, we proactively monitor and alert on service performance and share performance metrics with our customers. Hosting in Microsoft Azure is an option; Microsoft's approach is detailed in our other offers.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Other
Other metrics Available metrics can be agreed as part of onboarding
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Optionally - encryption of storage media.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Databases
  • Files
  • Virtual Machines
Backup controls A standard backup schedule and retention policy is included in the service. The policy for backup and retention can be configured to meet specific users needs and ad-hoc additonal backups of database, files, servers etc can be requested via the service desk.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network As a ‘Community’ Cloud offering for Public Sector users, our virtualisation uses edge appliances and firewalls deployed for internal tenant security separation. Compute resources are allocated on a per-tenant basis or shared between tenants depending on load and security profile. When specified, Agilisys will implement the Key Lifecycle Manager software for key management and encryption of client disks using AES256 on Full Disk Encryption (FDE) drives. Access to the management is via a physically separate dedicated firewalls with different contexts deployed to secure and separate the traffic, limited to UK based engineers with appropriate security clearance.

Availability and resilience

Availability and resilience
Guaranteed availability Agilisys offers three levels of availability classed as 'DBaaS Highly Available', 'DBaaS Resilient', and 'DBaaS Standard'. Characteristics and availability targets for each service are outlined in the service description.
Approach to resilience The Agilisys Infrastructure as a Service Platform is hosted in two UK Tier 3 Data Centres, these centres maintain ISO 27001: 2013 certification. Both sites benefit from temperature and humidity management to industry standards, diverse power supply including substations and UPS, multiple carrier links, inert gas and Vesda smoke detection fire controls, 24/7 onsite security, car trap entrance to site, man trap entrance to data halls, secure delivery processes and areas and strict access control. Within and between our data centres, our platform has been designed with a minimum of n+1 resilience across all infrastructure, services and connectivity (including network and storage) Where specified, we offer High Availability services, extending client networks between the two data centres, supporting active/standby services and Vmotion of guest servers. We also offer SAN replication between data centres. We regularly undertake system and process maturity audits in relation to IaaS (amongst others) to ensure that our systems and processes remain fit for purpose and generate predictable outcomes. Where process outcome is less than optimal or generate unexpected outcomes, these are triaged and rectified, engaging change management where appropriate. Hosting in Microsoft Azure is an option; Microsoft's approach is detailed in our other offers.
Outage reporting Alerts are generated by our monitoring platform that are received by our 24x7 Operations Centre. SMS text alerts and email notifications are generated and dispatched to user stakeholders for affected services.

Identity and authentication

Identity and authentication
User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to the management LAN is via a physically separate dedicated firewall with different contexts deployed to secure and separate the traffic. Management access is granted only to UK based engineers that hold current Security Check (SC) Clearances. Two factor authentication, and strict segregation of administrative privileges is used to further control access.
Management traffic is segregated using physically separate firewalls, physical switches and separate partitions within the secure switches.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS United Kingdom Limited
ISO/IEC 27001 accreditation date 24/03/2017
What the ISO/IEC 27001 doesn’t cover Aspects of application and database operations are not included in the scope of the accreditation.

For clarity, all aspects of our IaaS and supporting Service Management are included within the scope of our ISO27001:2013 Accreditation.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards ISO27001:2013 PSN Code of Connection Cyber Essentials CESG 14 Cloud Security Principles
Information security policies and processes The Agilisys IaaS service, which underpins the PaaS, is ISO27001:2013 certified and has appropriate governance and processes in place. Certificate No: GB14/91147.

Agilisys has a comprehensive set of policies and standards covering our services, these are supplemented with “How To” documents, which cover the range of services providing practical method statements for common procedures when implementing platform and client services.

Agilisys have invested in our own, UK based, PSN accredited cloud Infrastructure-as-a-Service (IaaS) platform that assures the security of information we host and manage for our customers.
We operate an Information Security Management System (ISMS), incorporating best practice guidance from SANS Top 20 CIS Critical Security Controls and Good Practice Guides, our architecture and ISMS is certified to ISO27001:2013, and we are a certificated PSN Service Provider, following the PSN Code of Connection for our cloud infrastructure services. Agilisys comply with the CESG 14 Cloud Security Principles and are certified against the Cyber Essentials Scheme.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our CMDB contains details of all the IT services delivered to our customers, together with relationships to the supporting services, shared services, components and Configuration Items (CIs) necessary to support the provision of the service. Agilisys ensures the smooth running of operations using well-defined change management processes. Our Change Advisory Board (CAB) is managed to ITIL standards (assessed within the scope of ISO27001), with 98.5% of changes completing successfully. Many of our processes are documented as standard changes, however service impacting or non-standard changes require a full change submission that may require communication with end customers via our servicedesk.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Agilisys engages accredited third parties to regularly conduct IT HealthChecks and conduct other testing of the IaaS and client platform environments. Timescales for implementing fixes and patches to address known and reported vulnerabilities are detailed in the Agilisys Patching Policy. Within platforms in Agilisys's datacenters ESET anti-malware and anti-virus are included. Patches are deployed, once tested and signed off via CAB. Microsoft updates are received automatically.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Agilisys has a comprehensive incident Management Process and Security Operating Procedures in place. A Security Information and Event Management (SIEM) tool has been deployed in addition to log capture on the IaaS Platform which monitors up to, but not within, tenant environments with logs filtered and supplied to our operations centre. The SIEM is configured in accordance with the our SIEM & GPG13 Protective Monitoring Audit Policy. All firewalls (physical and virtual) and network switches are monitored by the SIEM tool and all Internet traffic is screened as part of a DDoS prevention system.
Incident management type Supplier-defined controls
Incident management approach Our Incident Management process is aligned to the ITIL Standard and has been audited and approved by external auditors as part of our ISO 27001 certification. Agilisys’ Servicedesk function provides the single contact point for all Incidents, Requests and Changes. Operating 24x7 the service desk agents provide core services, including help and advice, and Major Incident Management. Accessible by telephone and email, once an incident call ticket has been raised, the desk retains control of the call. Escalations and communications including updates are accessible via the Servicedesk. Major Incident reports are provided for all P1 incidents within 5 working days.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate As a ‘Community’ Cloud offering for Public Sector users, our virtualisation uses edge appliances and firewalls deployed for internal tenant security separation. Compute resources are allocated on a per-tenant basis or shared between tenants depending on load and security profile. When specified, Agilisys will implement the Key Lifecycle Manager software for key management and encryption of client disks using AES256 on Full Disk Encryption (FDE) drives. Access to the management is via a physically separate dedicated firewalls with different contexts deployed to secure and separate the traffic, limited to UK based engineers that hold a current Security Check (SC).

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £10398 per unit per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑