Pulsant Managed Azure Stack (Multi-tenant / Dedicated)
Pulsant's Managed Azure Stack (IaaS) is delivered as Infrastructure as a Service, providing flexible, high performance, high capacity virtual server (VM). This service can be used in conjunction with any of Pulsant's other cloud services to deliver a hybrid cloud model. Managed service available with defined and financially backed SLA's.
- Azure Virtual Machine(s) hosted within Pulsant datascentre
- Closely integrated with Microsoft tools
- 99.95% availability
- 24/7/365 service monitoring
- Supported by a ISO27001, ISO9001 and CSA Star accredited partner
- Direct connectivity to Azure Cloud
- 24/7/365 service monitoring
- 99.95% Service availability - protecting your business reputation
- Accredited provider aligned to Public Sector service requirements
- Reduce CAPEX, minimal OPEX and consistent cost structure
- Advance backup monitoring underpins industry leading SLA's
- Over 12 years experience in supporting Public Sector organisations
- Choice of carrier and carrier neutrality
- Experienced audit support through dedicated compliance team
- Flexible and scalable service
£91.80 per virtual machine per month
- Free trial available
0345 119 9911
The Azure platform is designed so that maintenance can be carried out without interruption to those systems being protected. Though some individual jobs may be delayed during maintenance those jobs will resume when possible and continue service as normal.
In order to reduce risk of unplanned downtime, Pulsant will apply strict change management procedures and configuration management control in applying system or application changes. A regular maintenance schedule will be applied for timely application of systems and application updates. Change control will consider impact of change and rollback procedures if release is unsuccessful.
|System requirements||Internet connectivity|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response times to questions and support requests are as follows:
Routine: within 30 minutes, measured during business hours
Service Affecting (must be notified by telephone): Within 30 minutes
Critical (must be notified by telephone): Within 15 minutes
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 A|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Our Azure Cloud service provides:
The Azure Cloud designed and maintained to achieve a target availability of 99.95% measured on a calendar month.
We operate and resource a technical support team so that customers have access to highly trained staff 24 hours a day, 7 days a week, 365 days a year.
Simple - Within 24 hours
Complex - As scheduled and agreed based on change requirements
Incident Response Times:
Critical - 24/7/365 (must be notified by telephone) - response within 15 minutes
Impacting Service - 24/7/365 (must be notified by telephone) - response within 30 minutes
Routine - Business hours - response within 30 minutes measured during business hours
Azure Cloud service is delivered to clients as an infrastructure as a Service model. Where clients require a managed service, the cost of the managed service is included within the pricing document uploaded as part of this service.
The above support levels are included as part of the service and carry no additional cost.
Pulsant also provide an Account Manager.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Pulsant can provide suitable training for standard procedures to customers taking on the service and if required bespoke training can be arranged on request ensuring customers’ proficient use of the service.|
|End-of-contract data extraction||Customers are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services.|
|End-of-contract process||In their Online Services Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under their control. If a customer terminates a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data. After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of Microsoft's Online Services Terms.)|
Using the service
|Web browser interface||Yes|
|Using the web interface||
The Cloud portal allows users to:
- Create and manage virtual networks
- Create and manage virtual machines
- Manage virtual firewalls (where those firewalls are provided by the Cloud platform)
- Allocate and de-allocate virtual resources
|Web interface accessibility standard||WCAG 2.1 A|
|Web interface accessibility testing||
Pulsant tests all software whether new, or upgrades/ enhancements to existing software prior to release.
Pulsant are committed to ensuring all user interfaces are accessible and where required will work with assistive technology users.
|What users can and can't do using the API||Users are able to utilise the Azure API Management service to create their own APIs for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal.|
|API automation tools||
|API documentation formats||HTML|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||Azure CLI 2.0 is optimised for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.|
|Independence of resources||Azure represents a hyper-scale public cloud service.|
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||Under user control|
|Backup controls||Under user control.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users can recover backups themselves, for example through a web interface|
|Data protection between buyer and supplier networks||
|Other protection between networks||For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft data centres. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.|
|Data protection within supplier network||
|Other protection within supplier network||ACL Based Network Security Groups are also used.|
Availability and resilience
The Supplier will use its reasonable endeavours to deliver the following Response Times in respect of incidents as set out in the table below.
Event Type - Service Hours - Response Time
Critical - 24/7/365 (issue must be notified by telephone) - Within 15 minutes
Service Affecting - 24/7/365 (issue must be notified by telephone) - Within 30 minutes
Routine - Business Hours - Within 30 minutes, measured during Business Hours
Measure - Description - Value
Service Hours - The hours during which the service and SLA is provided - 24/7/365
Availability - % of the service hours during which service availability is guaranteed (excluding planned maintenance in clause 5 below) - 99.95%
|Approach to resilience||Available on request|
In the unlikely event an outage occurs, Pulsant respond in line with our documented Outage Response Process.
Pulsant understands that during any loss of service communication with the client is of paramount importance to support sharing information with their clients'. However, maintaining communication must not impact upon the works being completed to resolve any outage.
Pulsant's outage reporting process provides clients with regular updates through a number of different methods. Depending on the type and severity of the outage Pulsant will utilise either one are all of the following communication methods:
- Public Dashboard, refreshed and updated every 30 minutes
- Direct communication either by telephone or email to clients
- Text message alerts for clients should this method of communication have been approved
- Customer Portal - updated at 30 minute intervals
- Email alerting - communication schedule in line with resolution activity, supports the communication via the other methods listed above.
Following any outage or loss of service Pulsant complete a Reason For Outage (RFO) report which is distributed to all clients and any service improvements are recorded and implemented for future service improvement.
Identity and authentication
|Other user authentication||Azure Active Directory is Microsoft’s multi-tenant cloud-based directory and identity management service. Azure-AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur. For application developers, Azure-AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations. Azure-AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.|
|Access restrictions in management interfaces and support channels||Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licences, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organisation has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Standards Institution|
|ISO/IEC 27001 accreditation date||29/02/2018|
|What the ISO/IEC 27001 doesn’t cover||Any elements of the service which is not hosted on / within Pulsant managed and operated environments / infrastructure.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||29/09/2016|
|CSA STAR certification level||Level 3: CSA STAR Certification|
|What the CSA STAR doesn’t cover||None|
|Who accredited the PCI DSS certification||Coalfire Systems Inc|
|PCI DSS accreditation date||01/04/2016|
|What the PCI DSS doesn’t cover||Any elements of the service which is not hosted on / within Pulsant managed and operated environments / infrastructure.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||FACT, NHS IG Toolkit, FedRamp, NIST 800-171, EU Model Clauses, Cyber Essentials Plus|
|Information security policies and processes||
An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.
The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy).
Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.
Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
When providing the Antimalware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.
Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.
Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analysed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Hyper-V|
|How shared infrastructure is kept separate||Microsoft Azure is natively capable of multi-tenancy with cloud management systems that separate organisations into tenant accounts and use physical, network, logical and hypervisor segregation to separate organisation data and usage from other tenants.|
|Description of energy efficient datacentres||
Pulsant’s Environmental Management System exists to ensure Pulsant adheres to the very highest levels of Energy Efficiency in line with the EU Code of Conduct.
The Environmental Management System is a collection of associated Environmental policies and records that form part of an overall management system applied across Pulsant for the purpose of management and control of business operations. It applies to all sites and operations.
Pulsant uses the measure of Power Usage Effectiveness (PUE) to establish the environmental and energy efficiency performance of the datacentres we operate. The Company will continue to drive the Power Usage Effectiveness (PUE) down across sites as far as is practicably possible.
Where employing equipment to deliver datacentre functionality the following points are considered:
• The environmental credentials of any systems or equipment
• The employment of power factor correction where possible
• The isolation of equipment when not in use
• Management and control of running times and rates
Regular testing is performed across all plant equipment to assess performance. Regular reviews of equipment, sourcing practices as well as technologies available to enhance both operational efficiencies and environmental benefits are conducted by Pulsant's management team.
Pulsant is a member of the Green Grid.
|Price||£91.80 per virtual machine per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Pulsant provide a free trial of the service in line with the clients service scope.
The trial period will be for an agreed period, typically this is no longer than 1 month.