Agilisys Community Cloud Hybrid Service is a service that combines Microsoft Azure, Agilisys’ PSN accredited infrastructure as a service and a service management wrapper to deliver ‘managed resources’ for public sector customers.
Agilisys is a Microsoft Cloud Solution Provider (CSP) able to resell cloud platform services.
- Integrated Microsoft Azure, Public Sector IaaS and colocation solution.
- Managed resource; OS, patching, AV, backup and incident management included.
- Express Route connecivity between Community Cloud & Azure.
- UK based service delivery team and UK hosting.
- Reslient replicated storage, mutli datacenter or Geo-Replicated.
- Supports Windows, Linux, Unix guest OSs. Oracle DB/applications on OVM.
- PSN accredited, ISO:27001, Cyber Essentials covering OFFICIAL (and SENSITIVE) data.
- Built on familiar VMware technology.
- Managed by UK resources following ITIL 2013 Service Management practices.
- Built to support UK Public Sector organisations.
- Secure datacenters.
- Flexibility to deploy hybrid Azure and Community Cloud.
- Enables resource focus on building services not managing infrastructure.
- Get rid of hosting and equipment; break the refresh cycle.
- Build security-enhanced, compliant solutions.
- Run enterprise applications in the cloud with support.
- Agilisys can assist delivering a coherent, realistic cloud migration strategy.
- Simplify the provision of shared storage to applications and storage.
- Public sector respected platform
- Comprehensive managed service with self service options
£45 per server per month
- Free trial available
- Planned maintenance may take place between the hours of 22:00 and 06:00. Where maintenance is identified as potentially service impacting, 14 days notice will be provided to the customer.
- Operating systems deployed must be within support providing Critical and Security updates.
- The customer is responsible for, and remains liable for ensuring that their licensing is compliant with deployment in a virtualised cloud environment.
- Where PSN connectivity is required, that the customer accepts the PSN Mandatory Obligations.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response times within service hours as per selected management service are:
P1 15 minutes, P2 30 minutes, P3 2 hours, P4 4 hours
Gold - 24x365 Servicedesk and P1 Incident resolution in addition to silver
Silver - 24x365 Servicedesk in addition to Bronze
Bronze - 08:00-18:00 M-F Excl Holidays for all calls
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Agilisys operates a Service Desk to provide a single contact point for all service related Incidents, Requests and Changes. Our service desk agents are available as detailed within the Management Service option selected.
Our management options are selected on a server by server basis, including management of storage, backup and underlying network and security. Basic management layer is included within the cost of each infrastructure element and provides service desk, subscription support, billing and reporting. Each layer builds on the service provided by the layer below to provide service support options from basic incident management with working hours’ support, to proactive management with 24x7 support with enhanced service levels and a named technical lead for your service.
These management options can be selected on a server by server basis, to ensure that your tailored solution exactly meets your requirements. Charges apply per server, per month.
Gold - £115.00 As Silver, plus enhanced Service Levels, including 24x7 incident management, named technical lead and architectural review.
Silver - £75.00 As Bronze, plus managed Antivirus, patching, proactive and capacity management and 24x7 Servicedesk.
Bronze - £45.00 0800:1800 Monday to Friday (excluding holidays) support, account management and no predefined support per server time limit
|Support available to third parties||Yes|
Onboarding and offboarding
• new build of VMs;
• tool driven physical or virtual to virtual migration;
• professional services managed migrations.
New build is typically best for new projects or implementations where a clean build will provide a useful break from previous environments. This is a process led by the customer unless Agilisys are also engaged to provide professional services via Lot 3.
Tool driven migration takes advantage of vendor supplied utilities that package existing deployments for migration. In this case, the customer is responsible for deploying the tool, providing the data to Agilisys then commissioning and testing once the images have been uploaded.
Agilisys offers broad migration planning and implementation capabilities via G-Cloud Lot 3. Our tailored approach enables us to rationalise and transform your systems, migrating them onto our UK based cloud services, Microsoft's Azure platform or as a hybrid which Agilisys also offer via on Lot 1. Typically, we can accommodate >90% of legacy systems within our hybrid approach, removing the need for dedicated local data centres and releasing significant savings. Options include:
• Cloud Readiness, Due Diligence and Design
• Transformation, consolidation and optimisation
• Operating System upgrade
• Cloud migration tooling
• Legacy system remediation
|End-of-contract data extraction||
The customer should contact their Account Manager to cancel the service.
Our process extracts customer virtual machines from our service, transferred securely via network connectivity or via portable media, allowing you to import services on to another infrastructure.
Preparing and extracting images and data into a staging area at termination is included within the managed service price. The price of media and shipment of media to transfer data will be charged in addition to the managed service.
Further services are available to support off-boarding of your service from the service and are accessible at the rates detailed within the accompanying SFIA rate card.
The customer initiates the off-boarding process via a service request.
The initial task is to define the scope of VMs and data to migrate - typically these will be VMs hosting applications that have undergone significant customisation or which hold valuable data, databases and stored data. Transactional services that will need to be rebuilt because of locally significant customisation (such as domain controllers, load balancers) will likely be excluded.
Data is extracted and either presented in a staging area of made available on portable media.
Once extracted and confirmed as received by the customer, data is overwritten and released back for reallocation to other Public Sector customers.
Using the service
|Web browser interface||Yes|
|Using the web interface||
Services that are based on Microsoft Azure will be accessible and manageable via the Microsoft Azure web interface. See https://azure.microsoft.com/en-gb/ Where customers select a Basic service with Azure, customers will be provided with access to report and manage services using the full capabilities of the Azure platform.Where a managed service is procured with Azure, then access will be limited to reporting only.
The Agilisys IaaS platform and co-location is managed by Agilisys on the customers behalf. For services hosted on our VMWare managed environments, VSphere web access will be provided for reporting purposes.
|Web interface accessibility standard||WCAG 2.0 AA or EN 301 549|
|Web interface accessibility testing||N/A|
|What users can and can't do using the API||
Users are able to utilise the Azure API Management service to create their own API's for the solutions they deploy on to the platform. Additionally we have the Azure Service Management API which provides programmatic access to much of the functionality available through the Management Portal. Available here https://msdn.microsoft.com/en-us/library/azure/ee460799.aspx
As a managed service, Agilisys IaaS does not currently support APIs.
|API automation tools||
|API documentation formats||HTML|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||
Azure CLI 2.0 is optimized for managing and administering Azure resources from the command line, and for building automation scripts that work against the Azure Resource Manager. See https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
As a managed service, Agilisys IaaS does not currently support command line interface for users.
|Independence of resources||Our service is capacity managed to ensure that users are not adversely affected by other users. In addition, we provide uncontended memory and for larger customers, dedicated compute resources. We also validate designs for each client through a TDA approval process for their service, which would include performance requirements. Once in service, we proactively monitor and alert on service performance and share performance metrics with our customers.|
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||
http://download.microsoft.com/download/0/D/D/0DD8FB12-6343-4A50-80B2-545F2951D7AE/MicrosoftAzureDataProtection_Aug2014.pdf , https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Application and version aware, our backup service also offers client defined backup policies. Defined on a per system basis, these include customised:
• Recovery Point Objectives;
• Version retention based on number of versions and/or retention period; and,
• Retention periods
Backups are stored locally on dedicated backup disks, independent of production storage, to ensure recovery performance and replicated to an offsite tape library for Disaster Recovery purposes. Using an incremental forever approach, we provide an effective method of rolling back services to a specific point in time, without the need to maintain multiple full backups of your systems.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users contact the support team to schedule backups|
|Data protection between buyer and supplier networks||
|Other protection between networks||For data in transit, Azure uses industry-standard secure transport protocols, such as TLS/SSL, between user devices and Microsoft datacenters. You can enable encryption for traffic between your own virtual machines (VMs) and your users. With Azure Virtual Networks, you can use the industry-standard IPsec protocol to encrypt traffic between your corporate VPN gateway and Azure as well as between the VMs located on your Virtual Network.|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
Service levels are determined by the Management Service and infrastructure selected by the user. Measured on a monthly billing period basis, these are detailed below:
Gold Management Service Levels
• Agilisys IaaS (excluding OracleVM) and Microsoft Azure 99.99%
• Agilisys IaaS using OracleVM 99.95%
• Agilisys Colocation 99.90%
Service Level Guarantees
• 1% of the monthly charge for each 0.5% below the availability service level the whole actual service is delivered to. (Includes Microsoft Azure)
Basic, Bronze and Silver Management Service Levels
• Agilisys IaaS (excluding OracleVM) 99.99%
• Microsoft Azure – As per published Microsoft SLAs
• Agilisys IaaS using OracleVM and Colocation 99.90%
Service Level Guarantees
• 1% of the monthly charge for each 0.5% below the availability service level the whole actual service is delivered to.
• Microsoft Azure service credits will be passed through as per published Microsoft service credits.
See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=11745
|Approach to resilience||
With Locally Redundant Storage (LRS), data is stored locally within the users’ primary region, such as UK South. With Geo Redundant Storage (GRS), data is also stored in a secondary region, such as UK West, separated from the primary region whilst remaining within the United Kingdom.
The Agilisys Infrastructure as a Service Platform is hosted in two UK Tier 3 Data Centres, these centres maintain ISO 27001: 2013 certification. Both sites benefit from temperature and humidity management to industry standards, diverse power supply including substations and UPS, multiple carrier links, inert gas and Vesda smoke detection fire controls, 24/7 onsite security, car trap entrance to site, man trap entrance to data halls, secure delivery processes and areas and strict access control.
Within and between our data centres, our platform has been designed with a minimum of n+1 resilience across all infrastructure, services and connectivity (including network and storage) Where specified, we offer High Availability services, extending client networks between the two data centres, supporting active/standby services and Vmotion of guest servers. We also offer SAN replication between data centres.
|Outage reporting||Alerts are generated by our monitoring platform that are received by our 24x7 Operations Centre. SMS text alerts and email notifications are generated and dispatched to user stakeholders for affected services.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
Access to the management LAN is via a physically separate dedicated firewall with different contexts deployed to secure and separate the traffic. Management access is granted only to UK based engineers that hold current Security Check (SC) Clearances. Two factor authentication, and strict segregation of administrative privileges is used to further control access.
Management traffic is segregated using physically separate firewalls, physical switches and separate partitions within the secure switches.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||SGS United Kingdom Limited|
|ISO/IEC 27001 accreditation date||24/03/2017|
|What the ISO/IEC 27001 doesn’t cover||
Microsoft Azure is covered under a dedicated ISO27001 certification.
All aspects of our Agilisys IaaS and supporting Service Management are included within the scope of our ISO27001:2013 Certification.
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||
|Other security governance standards||
Microsoft Azure meets ISO-IEC 27001, ISO 27017, ISO27018, CSA STAR Gold Certification alongside other global compliance standards
Agilisys IaaS meets:
- PSN Code of Connection
- Cyber Essentials
- Compliant with the CESG 14 Cloud Security Principles
|Information security policies and processes||
The Agilisys IaaS Service is ISO27001:2013 certified and has appropriate governance and processes in place. Certificate No: GB14/91147
Agilisys has a comprehensive set of policies and standards covering our cloud services, these are supplemented with “How To” documents, which cover the range of services providing practical method statements for common procedures when implementing platform and client services.
Agilisys have invested in our own, UK based, PSN accredited cloud Infrastructure-as-a-Service (IaaS) platform that assures the security of information we host and manage for our customers.
We operate an Information Security Management System (ISMS), incorporating best practice guidance from SANS Top 20 CIS Critical Security Controls and Good Practice Guides, our architecture and ISMS is certified to ISO27001:2013, and we are a certificated PSN Service Provider, following the PSN Code of Connection for our cloud infrastructure services. Agilisys comply with the CESG 14 Cloud Security Principles and are certified against the Cyber Essentials Scheme.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our CMDB contains details of all the IT services delivered to our customers, together with relationships to the supporting services, shared services, components and Configuration Items (CIs) necessary to support the provision of the service.
Agilisys ensures the smooth running of operations using well-defined change management processes. Our Change Advisory Board (CAB) is managed to ITIL standards (assessed within the scope of ISO27001), with 98.5% of changes completing successfully.
Many of our processes are documented as standard changes, however service impacting or non-standard changes require a full change submission that may require communication with end customers via our servicedesk.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Agilisys engages accredited third parties to regularly conduct IT HealthChecks and conduct other testing of the IaaS and client environments. Timescales for implementing fixes and patches to address known and reported vulnerabilities are detailed in the Agilisys Patching Policy.Within VM's on Agilisys's datacenters ESET anti-malware and anti-virus is included in every virtual machine. Patches are deployed, once tested and signed off via CAB. Microsoft updates are received automatically. Other vendors (Adobe, Java, Citrix) are updates are assessed in response to alerts received.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Agilisys has a comprehensive incident Management Process and Security Operating Procedures in place.
A Security Information and Event Management (SIEM) tool has been deployed in addition to log capture on the IaaS Platform which monitors up to, but not within, tenant environments with logs filtered and supplied to our operations centre. The SIEM is configured in accordance with the our SIEM & GPG13 Protective Monitoring Audit Policy.
All firewalls (physical and virtual) and network switches are monitored by the SIEM tool and all Internet traffic is screened as part of a DDoS prevention system.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our Incident Management process is aligned to the ITIL Standard and has been audited and approved by external auditors as part of our ISO 27001 certification.
Agilisys’ Servicedesk function provides the single contact point for all Incidents, Requests and Changes. Operating 24x7 the service desk agents provide core services, including help and advice, and Major Incident Management. Accessible by telephone and email, once an incident call ticket has been raised, the desk retains control of the call. Escalations and communications including updates are accessible via the Servicedesk.
Major Incident reports are provided for all P1 incidents within 5 working days.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Third-party|
|Third-party virtualisation provider||Azure: Microsoft. Agilisys IaaS platform: we implemented and manage virtualisation.|
|How shared infrastructure is kept separate||
Within Azure unauthorized and unintentional transfer of information is prevented by using VLAN isolation, access control lists (ACLs), load balancers, and IP filters, along with traffic flow policies; network address translation (NAT) separates internal network traffic from external traffic.
Within our Agilisys IaaS platform, we use the same methods for for internal tenant security separation. Compute resources are allocated on a per-tenant basis or shared between tenants depending on load and security profile. When specified, Agilisys will implement the Key Lifecycle Manager software for key management and encryption of client disks using AES256 on Full Disk Encryption (FDE) drives.
|Price||£45 per server per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Trial options are available, please contact us to discuss your requirements.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|