FOUNDRY4 CONSULTING LTD

Microsoft Azure Cloud Hosting and Support

Notbinary’s service uses the Azure cloud platform to provide compute, storage and associated public cloud services–enhancing user experience, delivering operational excellence and efficiency savings. With extensive experience in a range of Microsoft technologies, including Azure IaaS and PaaS, we help organisations exploit Azure as a platform for digital transformation.

Features

  • Infrastructure as a Service with Microsoft Azure.
  • Deliver websites, portals, web and mobile apps on Microsoft Azure.
  • Develop services using Microsoft .NET, Java, PHP, Ruby, Python.
  • Industry-recognised security and resilience with Azure.
  • Harness the power of: Compute, Virtual Machines, Windows, Linux, Networking,
  • Active Directory (AD) B2C, Storage, Backup, VPN, DNS, Search, Containers,
  • Databases, Analytics, Artificial Intelligence (AI), Machine Learning, Bot service, Integration,
  • Service Bus, Multi-Factor Authentication, Load Balancing, Content Delivery Network,
  • ExpressRoute, MySQL, PostgreSQL and connection to Azure Stack,
  • Cognitive services, Internet of Things (IoT) Hub and Edge, SQL.

Benefits

  • Pay for what you use subscription model.
  • Secure, cloud-based service with robust access management controls.
  • A range of hosting options for secure applications and workloads.
  • Help understanding licences and licensing, including plan selection.
  • Skills transfer to internal staff including training and project management.
  • Build failure resilient applications in multiple Azure regions.
  • Modernise your services with Azure Functions, WebApps and LogicApps.
  • Planning, Setup, Migration, Quality Assurance, Performance Testing, Testing, Cyber Security.
  • Ongoing optimisation, consolidation and right-sizing, reduces cloud spend.
  • Simplify on-premises database migration to the cloud.

Pricing

£0.01 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@foundry4.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 9 8 2 6 5 0 8 4 0 3 2 5 6 4

Contact

FOUNDRY4 CONSULTING LTD James Herbert
Telephone: 07866 316470
Email: bids@foundry4.com

Service scope

Service constraints
Updates are periodically performed to improve the reliability, performance, and security of the infrastructure. If maintenance requires downtime, you get a notice of when the maintenance is planned. In these cases, you'll also be given a time window where you can start the maintenance yourself, at a time that's convenient. Each region is paired with another region within the same geography, together they make a regional pair. During planned maintenance, Azure will only update a single region at a time.
System requirements
  • Volume licence with software assurance required for licence mobility
  • Standard connectivity via site-to-site IPSec VPN or the internet
  • See https://docs.microsoft.com/en-gb/azure/

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Support case response time depends on severity. The support response times for Developer, Business and Enterprise Support tiers are listed below:

Developer:
General guidance cases < 24 business hours; system impaired cases < 12 business hours.

Business:
General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases
< 1 hour.

Enterprise:
General guidance cases < 24 hours; system impaired cases < 12 hours; production system impaired cases < 4 hours; production system down cases < 1 hour; business-critical system down cases < 15 minutes
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We can provide a tailored 1st, 2nd or 3rd line support 24/7/365 according to customer needs, with proactive monitoring, maintenance and remediation of customer systems.

We can provide a team which includes an IT Manager who manages the Service team , an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.

Support Incidents are classified under one of four levels depending on severity:
Level 1: Critical,
Level 2: Major,
Level 3: Significant,
Level 4: Minor.

The levels typically have the following response and resolution times (agreed on an individual as-required basis with each customer in the SLA):
Level 1: 1 hour respond, 4 hours resolve;
Level 2: 4 hours respond, 8 hours resolve;
Level 3: 1 day respond, 5 days resolve;
Level 4: 5 days respond, 10 days resolve
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The level of onboarding and offboarding support provided by Notbinary depends on the customer's requirements. Azure provides a comprehensive dashboard which allows full self-service for customers experienced with Azure. For customers who want more support, Notbinary provides a fully managed service which completes all configuration and setup of the cloud service. Likewise, at the end of the engagement, Notbinary can provide the level of offboarding support required. Notbinary also provides a number of training options including: train the trainer, training for key individuals, classroom training for all users and floor walking support.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Microsoft provides online videos and interactive learning portals
End-of-contract data extraction
Customers can export their data from Azure at any time using the standard export services. Notbinary can provide complete support in undertaking this process.
End-of-contract process
The notification period required to end the contract depends on the length of contract taken out and will be included in the call-off contract. At the end of the contract process, Notbinary will assist the customer in extracting any data or moving to another supplier as required.

The customer retains control and ownership of their data. We will not erase customer data for 30 days following an account termination. This allows customers to retrieve content from our services so long as the customer has paid any charges for any post-termination use of the service and all other amounts due.

Using the service

Web browser interface
Yes
Using the web interface
Using the web interface, customers can have full control to manage and deploy services including increasing and reducing the specification of cloud services. Notbinary can assist alongside in-house teams or undertake this on behalf of the customer.

More details on what is available in the Azure portal can be found here: https://azure.microsoft.com/en-gb
Web interface accessibility standard
None or don’t know
How the web interface is accessible
See https://www.microsoft.com/en-us/accessibility
Web interface accessibility testing
None.
API
Yes
What users can and can't do using the API
Users are able to access the Azure Service Management API to programmatically access much of the functionality available through the web interface.
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Azure CLI 2.0 is optimised for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.

See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Microsoft Azure is a hyper-scale public cloud service, loads are balanced across multiple instances in different data centres.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Other metrics, as required
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Folders
  • Virtual Machines
  • Databases
  • Others, as required
Backup controls
Azure requires backups to be manually created in order to occur. Notbinary can advise customers on the best backup strategy for their data and then implement a suitable solution. Customers have full control over what is backed-up and when.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Azure provides a number of different encryption options for connections between a customer network and the Azure cloud. Notbinary can advise and implement a solution which works best for an organisation and takes into account the level of information security required.
Data protection within supplier network
Other
Other protection within supplier network
Azure also enables the configuration of network security groups. More information can be found here: https://azure.microsoft.com/en-us/blog/network-security-groups/

Availability and resilience

Guaranteed availability
The level of availability guaranteed by Azure is dependent on the configuration. At a minimum, Azure can provide 99.9% availability (based on 24x7). However, for instance, virtual machines can be configured into availability sets to provide 99.95% or 99.99% guaranteed availability. More details on the level of SLA provided for each service can be found here: https://azure.microsoft.com/en-gb/support/legal/sla
Approach to resilience
Azure provides multiple layers of redundancy in order to ensure resilience. There are 50 regions worldwide, including 2 in the UK and Azure can provide resilience between data centres. Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/ for more information.
Outage reporting
Azure provides a dashboard showing current issues and outages. A personalised dashboard with notifications can also be configured for each customer. In addition, if a fully managed service is taken, Notbinary will act as an intermediary and notify the customer of any severe impact to service. More details can be found here: https://azure.microsoft.com/en-us/status

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication
Most customers choose to implement a link between their on-premise Active Directory and Azure Active Directory (Azure AD). This permits a single sign-on experience to any services implemented in Azure along with other cloud services. More details on Azure AD can be found here: https://azure.microsoft.com/en-gb/services/active-directory/
Access restrictions in management interfaces and support channels
Azure AD restrictions are implemented by administrators within Active Directory. Administrators can then assign permissions to users for the service. Notbinary can act as administrators for customers or give advice on the best configuration to suit a certain purpose.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • ISO 27001 - anticipated by Aug 2019

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Notbinary use ISO27001-aligned policies and procedures to ensure that information security risk is controlled adequately. There is a Security Working Group (SWG) which handles the assessment and control of information security risk.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.

Notbinary uses configuration and change management procedures produced inline with ISO9001 and ISO27001. These are based on the ITIL framework and make use of DevOps tooling where possible.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
When providing the anti-malware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective, and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.

On top of Azure's vulnerability management, for Virtual Machines, Notbinary can provide an automated patching and virus scanning process to ensure VMs are kept up to date and the latest virus definitions are installed.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the datacenter edge, the network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Notbinary runs an incident management process based upon ITIL's Service Operation practices. These include detailed processes for handling security incidents.

Microsoft has developed robust processes to facilitate a coordinated response to incidents. The process is Identification > Containment > Eradication > Recovery > Lessons Learned

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Microsoft have multiple controls to ensure customer's data is kept separate. More details can be found here: https://www.microsoft.com/en-us/trustcenter/security

Notbinary has internal processes to ensure that each customer is managed in such a manner as to ensure a separation of data between each customer environment.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft is committed to running their business in the most environmentally friendly way possible. In addition to the environmental benefits inherently associated with running applications in the cloud, Microsoft has a long-term commitment to achieve 100% renewable energy usage for their global infrastructure footprint.

Pricing

Price
£0.01 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Notbinary can assist customers who wish to make use of Microsoft's free trial offer. Details of which can be found here: https://azure.microsoft.com/en-us/free
Link to free trial
https://azure.microsoft.com/en-us/free

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@foundry4.com. Tell them what format you need. It will help if you say what assistive technology you use.