Pulsant Ltd

Pulsant Managed Azure Stack (Multi-tenant / Dedicated)

Pulsant's Managed Azure Stack (IaaS) is delivered as Infrastructure as a Service, providing flexible, high performance, high capacity virtual server (VM). This service can be used in conjunction with any of Pulsant's other cloud services to deliver a hybrid cloud model. Managed service available with defined and financially backed SLA's.

Features

  • Azure Virtual Machine(s) hosted within Pulsant datascentre
  • Closely integrated with Microsoft tools
  • 99.95% availability
  • 24/7/365 service monitoring
  • Supported by a ISO27001, ISO9001 and CSA Star accredited partner
  • Direct connectivity to Azure Cloud

Benefits

  • 24/7/365 service monitoring
  • 99.95% Service availability - protecting your business reputation
  • Accredited provider aligned to Public Sector service requirements
  • Reduce CAPEX, minimal OPEX and consistent cost structure
  • Advance backup monitoring underpins industry leading SLA's
  • Over 12 years experience in supporting Public Sector organisations
  • Choice of carrier and carrier neutrality
  • Experienced audit support through dedicated compliance team
  • Flexible and scalable service

Pricing

£91.80 per virtual machine per month

  • Free trial available

Service documents

G-Cloud 11

697599402931760

Pulsant Ltd

John Easson

0345 119 9911

john.easson@pulsant.com

Service scope

Service scope
Service constraints The Azure platform is designed so that maintenance can be carried out without interruption to those systems being protected. Though some individual jobs may be delayed during maintenance those jobs will resume when possible and continue service as normal.

In order to reduce risk of unplanned downtime, Pulsant will apply strict change management procedures and configuration management control in applying system or application changes. A regular maintenance schedule will be applied for timely application of systems and application updates. Change control will consider impact of change and rollback procedures if release is unsuccessful.
System requirements Internet connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times to questions and support requests are as follows:
Routine: within 30 minutes, measured during business hours

Service Affecting (must be notified by telephone): Within 30 minutes

Critical (must be notified by telephone): Within 15 minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our Azure Cloud service provides:
Availability
The Azure Cloud designed and maintained to achieve a target availability of 99.95% measured on a calendar month.

Support Hours
We operate and resource a technical support team so that customers have access to highly trained staff 24 hours a day, 7 days a week, 365 days a year.

Change Completion
Simple - Within 24 hours
Complex - As scheduled and agreed based on change requirements

Incident Response Times:
Critical - 24/7/365 (must be notified by telephone) - response within 15 minutes
Impacting Service - 24/7/365 (must be notified by telephone) - response within 30 minutes
Routine - Business hours - response within 30 minutes measured during business hours

Azure Cloud service is delivered to clients as an infrastructure as a Service model. Where clients require a managed service, the cost of the managed service is included within the pricing document uploaded as part of this service.

The above support levels are included as part of the service and carry no additional cost.

Pulsant also provide an Account Manager.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Pulsant can provide suitable training for standard procedures to customers taking on the service and if required bespoke training can be arranged on request ensuring customers’ proficient use of the service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Customers are able to remove their data at any time through the same means they uploaded. Either over their network (internet or express route) or via the Azure Import/Export services.
End-of-contract process In their Online Services Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under their control. If a customer terminates a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data. After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of Microsoft's Online Services Terms.)

Using the service

Using the service
Web browser interface Yes
Using the web interface The Cloud portal allows users to:
- Create and manage virtual networks
- Create and manage virtual machines
- Manage virtual firewalls (where those firewalls are provided by the Cloud platform)
- Allocate and de-allocate virtual resources
Web interface accessibility standard WCAG 2.1 A
Web interface accessibility testing Pulsant tests all software whether new, or upgrades/ enhancements to existing software prior to release.

Pulsant are committed to ensuring all user interfaces are accessible and where required will work with assistive technology users.
API Yes
What users can and can't do using the API Users are able to utilise the Azure API Management service to create their own APIs for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal.
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats HTML
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface Azure CLI 2.0 is optimised for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Azure represents a hyper-scale public cloud service.
Usage notifications Yes
Usage reporting
  • API
  • Email
  • SMS

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Under user control
Backup controls Under user control.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft data centres. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network ACL Based Network Security Groups are also used.

Availability and resilience

Availability and resilience
Guaranteed availability Service Levels

The Supplier will use its reasonable endeavours to deliver the following Response Times in respect of incidents as set out in the table below.

Event Type - Service Hours - Response Time

Critical - 24/7/365 (issue must be notified by telephone) - Within 15 minutes

Service Affecting - 24/7/365 (issue must be notified by telephone) - Within 30 minutes

Routine - Business Hours - Within 30 minutes, measured during Business Hours

Measure - Description - Value

Service Hours - The hours during which the service and SLA is provided - 24/7/365

Availability - % of the service hours during which service availability is guaranteed (excluding planned maintenance in clause 5 below) - 99.95%
Approach to resilience Available on request
Outage reporting In the unlikely event an outage occurs, Pulsant respond in line with our documented Outage Response Process.

Pulsant understands that during any loss of service communication with the client is of paramount importance to support sharing information with their clients'. However, maintaining communication must not impact upon the works being completed to resolve any outage.

Pulsant's outage reporting process provides clients with regular updates through a number of different methods. Depending on the type and severity of the outage Pulsant will utilise either one are all of the following communication methods:

- Public Dashboard, refreshed and updated every 30 minutes
- Direct communication either by telephone or email to clients
- Text message alerts for clients should this method of communication have been approved
- Customer Portal - updated at 30 minute intervals
- Email alerting - communication schedule in line with resolution activity, supports the communication via the other methods listed above.

Following any outage or loss of service Pulsant complete a Reason For Outage (RFO) report which is distributed to all clients and any service improvements are recorded and implemented for future service improvement.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication Azure Active Directory is Microsoft’s multi-tenant cloud-based directory and identity management service. Azure-AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur. For application developers, Azure-AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations. Azure-AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management.
Access restrictions in management interfaces and support channels Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licences, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organisation has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Standards Institution
ISO/IEC 27001 accreditation date 29/02/2018
What the ISO/IEC 27001 doesn’t cover Any elements of the service which is not hosted on / within Pulsant managed and operated environments / infrastructure.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 29/09/2016
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover None
PCI certification Yes
Who accredited the PCI DSS certification Coalfire Systems Inc
PCI DSS accreditation date 01/04/2016
What the PCI DSS doesn’t cover Any elements of the service which is not hosted on / within Pulsant managed and operated environments / infrastructure.
Other security certifications Yes
Any other security certifications
  • FACT
  • NHS IG Toolkit
  • FedRamp
  • NIST 800-171
  • FIPS 140-2
  • CCSL (IRAP)
  • ENISA IAF
  • CDSA
  • ISO 27017 and 27018
  • SOC 1, SOC 2, SOC 3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards FACT, NHS IG Toolkit, FedRamp, NIST 800-171, EU Model Clauses, Cyber Essentials Plus
Information security policies and processes An Information Security Management Program has been established to enable Microsoft Azure to maintain and improve its management system for information security. Through establishment of the ISMS, Azure plans for and manages protection of its assets to acceptable security levels based on defined risk management processes. In addition, Azure monitors the ISMS and the effectiveness of controls in maintaining the confidentiality, integrity and availability of assets to continuously improve information security.

The ISMS framework encompasses industry best-practices for information security and privacy. The ISMS has been documented and communicated in a customer-facing Information Security Policy, which can be made available upon request (customers and prospective customers must have a signed NDA or equivalent in place to receive a copy).

Microsoft Azure performs annual ISMS reviews, the results of which are reviewed by management. This involves monitoring ongoing effectiveness and improvement of the ISMS control environment by reviewing security issues, audit results, and monitoring status, and by planning and tracking necessary corrective actions.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Azure has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53, and others.

Microsoft also uses Operational Security Assurance (OSA), a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach When providing the Antimalware solution for Virtual Machines, Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software. MCIO-managed hosts in the scope boundary are scanned to validate anti-virus clients are installed and current signature-definition files exist.

Vulnerability scans are performed on a quarterly basis at a minimum. Microsoft Azure contracts with independent assessors to perform penetration testing of the Microsoft Azure boundary.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Microsoft Azure employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, our network backbone, Internet exchange sites, and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

Proactive monitoring continuously measures the performance of key subsystems of the Microsoft Azure services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Microsoft has developed robust processes to facilitate a coordinated response to incidents.
• Identification – System and security alerts may be harvested, correlated, and analysed.
• Containment – The escalation team evaluates the scope and impact of an incident.
• Eradication – The escalation team eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
• Recovery – During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Each security incident is analyzed to protect against future reoccurrence.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate Microsoft Azure is natively capable of multi-tenancy with cloud management systems that separate organisations into tenant accounts and use physical, network, logical and hypervisor segregation to separate organisation data and usage from other tenants.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Pulsant’s Environmental Management System exists to ensure Pulsant adheres to the very highest levels of Energy Efficiency in line with the EU Code of Conduct.

The Environmental Management System is a collection of associated Environmental policies and records that form part of an overall management system applied across Pulsant for the purpose of management and control of business operations. It applies to all sites and operations.

Pulsant uses the measure of Power Usage Effectiveness (PUE) to establish the environmental and energy efficiency performance of the datacentres we operate. The Company will continue to drive the Power Usage Effectiveness (PUE) down across sites as far as is practicably possible.

Where employing equipment to deliver datacentre functionality the following points are considered:
• The environmental credentials of any systems or equipment
• The employment of power factor correction where possible
• The isolation of equipment when not in use
• Management and control of running times and rates

Regular testing is performed across all plant equipment to assess performance. Regular reviews of equipment, sourcing practices as well as technologies available to enhance both operational efficiencies and environmental benefits are conducted by Pulsant's management team.

Pulsant is a member of the Green Grid.

Pricing

Pricing
Price £91.80 per virtual machine per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Pulsant provide a free trial of the service in line with the clients service scope.

The trial period will be for an agreed period, typically this is no longer than 1 month.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑