AWS Management (Amazon Web Services)
Fully managed Amazon Web Services (AWS) service. All the features and benefits of an AWS solution managed and supported by fully AWS accredited technicians and consultants. Collaborative and bespoke specifications to suit your managed AWS environment supported 24 x 7.
Features
- AWS procured and managed on your behalf
- AWS Storage & Content delivery
- AWS Databases
- AWS Deployment & Management
- AWS Configuration Management
- AWS Serverless
- AWS Workspaces
- AWS Security
- AWS Containers
Benefits
- Outstanding service levels and support
- Monitored and supported 24/7/365
- Full integration of AWS Services
- Access to AWS experts
- Pay for what you use
- Automatic scalability
Pricing
£390 a unit a day
- Education pricing available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at info@perform-partners.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 12
Service ID
4 7 9 2 0 5 5 7 5 3 5 0 9 0 1
Contact
Perform Partners
Procurement
Telephone: 01134266810
Email: info@perform-partners.com
Service scope
- Service constraints
- None
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times as agreed with the client. We support business hours, heightened support and 24x7x365 services
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
We support 24x7x365 services, with a range of SLAs to meet client needs.
Our support teams respond to alerts and act to ensure that your services are operating effectively every second of the day. Our approach to Account Management is to provide a value added service to our customers. The Account Manager’s main role is to understand the core objectives of our clients’ businesses and ensure the services we are providing continually support the achievement of their goals. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onboarding service with supported online training and supporting user documentation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- We use best in class cloud infrastructure, configuration management and code management tools, and cloud based knowledgebase services. These can be hosted either on client instances, or our own, and can be easily handed back to clients or other third parties during service transition.
- End-of-contract process
- We factor a transition period into the service operation costs, assumed to be in the last 3-6 months of the contract. Service transition and handover is part of service operation. We would build the project delivery elements into the delivery backlog of the managed service team. Additional costs could be incurred if a client requires resources over and above the original agreed team size, and will be provided on a Time and Materials basis to a pre-agreed rate card - however, this will only be required if delivery or operational activities over and above that of the service team are requested specifically by the client.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Documented here https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/getting-started.html?id=docs_gateway
- Web interface accessibility standard
- WCAG 2.1 AAA
- Web interface accessibility testing
- No additional testing ourselves.
- API
- Yes
- What users can and can't do using the API
- All AWS services can be configured via API, one such example is https://docs.aws.amazon.com/AmazonECR/latest/APIReference/Welcome.html
- API automation tools
-
- Ansible
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Anything possible in AWS CLI as documented here https://docs.aws.amazon.com/cli/index.html
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- We use either our clients' or our own cloud service accounts, with no contention from other users or services.
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Amazon Web Services
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Databases
- Backup controls
- Backups will be performed and scheduled by the team. Requests for backups over and above those defined during the service design will be Service Requests (costs included in the service team operational cost).
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
SLAs range from 99.5% to 99.9% service availability. We have a client-specific service credit approach defined during service setup definition and negotiations.
Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements. - Approach to resilience
- Available on request.
- Outage reporting
- Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging) as well as hooks into tools such as Service Now and Pager Duty as required by our clients.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is restricted by use of best in class authentication and identification processes as required by the client. All internal systems access is supported by 2-factor authentication, Public key authentication (including by TLS client certificate), and Identity federation with existing provider where relevant.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- United Registrar of Systems Ltd
- ISO/IEC 27001 accreditation date
- 2020
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We ensure that all of our consultants comply with our policies on induction and on an annual refresh.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We offer and design Configuration and Change Management processes that meet exacting client requirements in secure and sensitive, compliance-driven environments.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We offer and design Vulnerability Management processes that meet exacting client requirements in secure and sensitive, compliance-driven environments, using best in class threat definition resources internally and externally.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We offer and design Protective Monitoring processes that meet exacting client requirements in secure and sensitive, compliance-driven environments. We can integrate with client or third party SOC services, which form part of service evolution, protection and incident management.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We offer and design Incident Management processes that meet exacting client requirements in secure and sensitive, compliance-driven environments, in line with specific client objectives. Incident reports are provided to an agreed schedule and timeline, and are also automated by the toolsets we integrate with. Incidents can be reported using tools such as Service Now or Pager Duty, or via Service processes (client Service Management teams directly contacting our service teams).
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Other
- Other virtualisation technology used
-
VMware
Hyper-V
AWS proprietary - How shared infrastructure is kept separate
-
Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.
Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. The Amazon EC2 firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets pass through this layer. The physical random-access memory (RAM) is separated using similar mechanisms.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
AWS is committed to running our business in the most environmentally friendly way possible. In addition to the environmental benefits inherently associated with running applications in the cloud, AWS has a long-term commitment to achieve 100% renewable energy usage for our global infrastructure footprint. We’ve made a lot of progress on this commitment. In January 2018, AWS achieved 50% renewable energy usage.
To date, we have announced nine new renewable energy projects (three wind farms and six solar farms), and these projects will deliver a total of 2 million MWh of energy annually onto the electric grid powering AWS data centers located in the AWS US East (Ohio) and AWS US East (N. Virginia) Regions. The electricity produced from these projects is enough to power the equivalent of over 190,000 U.S. homes annually, which is approximately the size of the city of Atlanta, Georgia.
More information is available on the AWS and Sustainability page.
AWS introduced its first carbon-neutral region in 2011. Today, AWS offers customers five AWS Regions that are carbon-neutral:
• US West (Oregon)
• AWS GovCloud (US-West)
• EU (Frankfurt)
• EU (Ireland)
• Canada (Central)
Pricing
- Price
- £390 a unit a day
- Discount for educational organisations
- Yes
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at info@perform-partners.com.
Tell them what format you need. It will help if you say what assistive technology you use.