Circle Cloud Ltd

Hyrbrid Infrastructure

Azure is not an all or nothing solution. Circle Cloud can design it in a way that ensures your organisation can get the most value from your existing infrastructure, whilst taking advantage of the Azure components your organisation needs the most.

Features

  • Active Directory Integration
  • Cloud Access
  • Cloud Management

Benefits

  • Resilience
  • Automation
  • Disaster Recovery
  • Fully Managed

Pricing

£11.97 a virtual machine a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.povey@circlecloud.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 0 5 5 3 4 9 7 2 2 1 1 3 7 9

Contact

Circle Cloud Ltd Michael Povey
Telephone: 01916727012
Email: michael.povey@circlecloud.co.uk

Service scope

Service constraints
All operating systems must be within current Microsoft support. Although all operating systems are compatible, we only manage Microsoft operating systems.
System requirements
  • Internet
  • VPN capable firewall in some configurations
  • Resilience for on-premises systems is recommended

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Service contracts are built to meet our client’s requirements and include 3 tiers of support & response times. Highly critical items can be dealt with on a 24/7 basis, including 3rd party elements which are relied on for delivery of the service.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide tiered support to meet a customers’ needs. A package that includes cover, response times and 3rd party support can be built using our individual service packages to suit your organisation. All customers are allocated both a technical and general Account Manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Circle Cloud can either set up a new portal or configure an existing Azure portal. All services will be set up or migrated into this portal.
A member of the technical team will provide a tour of all services available in the portal. Most customers will contract Circle Cloud to manage the setup. Additional training can be provided where required.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The portal allows the export of all data contained within. Any activities that require the export of information, such as data subject access requests, will be handled by our Information Security Manager. Responses will be given that are in line with current regulations.
End-of-contract process
All services are included and outlined in the contract. There are no additional costs other than what the customer contracts to initially. All contracts are electronic and issues to the customer by email. Where businesses are allowed usage fluctuations, adding or removing certain licensed services, this will be explained in the contract.

Using the service

Web browser interface
Yes
Using the web interface
The Azure web interface allows extensive configuration, including the setting up of new Virtual machines, networking and VPN config, backups and storage. The Azure active directory can be linked to allow access using your existing AD credentials.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
The web interface for configuring Azure is a technology owned and maintained by Microsoft
API
Yes
What users can and can't do using the API
All services can be deployed, amended, turned on/off using an API. There are no limitations. You can read more about this here: https://docs.microsoft.com/en-us/rest/api/azure/
API automation tools
Other
Other API automation tools
Azure Stack
API documentation
Yes
API documentation formats
HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
All aspects of the service can be configured through PowerShell. PowerShell offers more configuration possibilities than the GUI. Scripts can be used to create virtual machines, power on/off, amend disk sizes, allocate processors

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
The Azure portal, along with the Circle Cloud management portal are cloud based and therefore easily expanded on demand. There are no circumstances where other users can affect services.
Usage notifications
Yes
Usage reporting
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Datacenter Location
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Physical Machines
  • Databases
  • Files
Backup controls
Backup schedules can be put in place and can cover anything from entire machines down to individual files. Different data retention policies can be set for different services or devices. Services can also be replicated, and virtual machines can be cloned for disaster recovery purposes at regular intervals.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
All of our systems are either security vetted SAS providers or Microsoft Cloud. We have no local services. For our internal infrastructure, we only use Meraki firewalls because of Cisco’s industry leading security standards. We also use various other cloud technologies such as Umbrella and Azure Information Protection to protect data. All user activity is logged and there are limited domain admins who can configure systems. Our certified ISO27001 ISMS ensures that all such fundamental requirements are being met and are subjected to continual improvement processes.

Availability and resilience

Guaranteed availability
SLA's of up to 99.95% can be achieved by implementing systems in the correct resilient manner, such as replication between geographically separate datacenters. SLA and service credit details can be found here: https://azure.microsoft.com/en-gb/support/legal/sla/virtual-machines/v1_9/
Approach to resilience
Azure data centres are resilient by design. Every Azure data centre has connectivity from multiple internet providers, resilient power, and data replication over separate hardware. We can design your resilient Infrastructure by load balancing over dual internet connections, and load balancing your services over multiple Azure datacentres.
Outage reporting
Outages can be reported using SMS, Email, Phone, and the Circle Cloud management platform. We can setup alerting in a way that suits how your organisation wants to receive alert information. For example, all automated alerts can be sent directly to your organisation, or we can arrange for alerts that occur during non-trading house to be sent to Circle Cloud’s 'out of hours support'.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels
We have limited global administrators in the business, who operate with personal logins and only use the 'GA' login when required. The system we operate is strict and in line with our ISO27001 policies.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
Original Registration: 25.06.2020 (Latest Revision: 02.04.2020)
What the ISO/IEC 27001 doesn’t cover
Circle Cloud use various Cloud Platforms for several key business functions. Access to these platforms and the data we put in them are Circle Cloud’s responsibility, and therefore in scope. Anything outside of this, such as physical locations and the maintenance of assets belonging to the cloud providers (e.g. servers in data centres) are out of scope. However, any contractual expectations, interfaces and dependencies are considered to ensure the confidentiality, integrity and availability of our business information is maintained to a measurable standard.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Circle Cloud adhere to a set of organisation wide company policies that are:

• Written by a dedicated Information Security Manager

• Endorsed and backed by all members of the Circle Cloud Management team, including Directors

• Certified by the British Standards Institution in accordance with the ISO27001 standard

Our certificate can be found here: http://go.pardot.com/e/409922/-ISO27001-2020-Certificate-pdf/lsmxhj/808106561?h=qjxexFvyHxaRcl_zf9UCcchrFOEscMTlPK26jFu6jxg

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to configurations items go through a change management process. This process ensures the relevant people perform assessments on availability and security including how dependant or linked configuration items are affected by a change to the primary configuration item. The change owner must produce a detailed plan for implementing the change which will include security precautions, testing plan and roll back procedures if the change does not meet the success criteria. Each change is discussed with the Change Advisory Board who will make approve or reject the change.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The below extract describes Microsoft's vulnerability management process: "Azure is responsible for ensuring the service is highly available, that definitions are updated regularly... [and that] software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist. Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary. Additional vulnerability management can be provided by Circle Cloud as described in our listed managed services.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The below extract describes Microsoft's approach to proactive monitoring: Microsoft Azure employs service instrumentation and monitoring that integrates at the component level, the datacenter edge, our network, Internet exchange, and at the user level, providing visibility when a service disruption is occurring and pinpointing its cause. Proactive monitoring measures the performance of key subsystems of the platform against the established boundaries. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the event. Additional proactive monitoring can be provided by Circle Cloud as described in our listed managed services.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Identifying suspicious activity requires a nexus of the latest intelligence capabilities, detection tools, and incident management solutions. The detection processes used by Azure are designed to discover events that risks the confidentiality, integrity, and availability of Azure services. Several events can trigger an investigation. Users can log incidents directly in the Azure portal. Incident reports are provided within the Azure portal.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Microsoft
How shared infrastructure is kept separate
All Microsoft Azure portals are separate by build, with no connectivity between customers.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft Azure data centres are currently operating with an average PUE of 1.6 and have set a target PUE of below 1.2. Microsoft has already implemented the majority of the Code's best practices in its data centres worldwide.

Pricing

Price
£11.97 a virtual machine a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Microsoft can endorse a free trial for customers with the minimum requirements. This is usually measured by the number of virtual machines they are considering for the migration.
Link to free trial
https://www.circlecloud.co.uk/apoc/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.povey@circlecloud.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.