Agilisys Managed Cloud - Azure, provides access to Microsoft Azure services through the Cloud Service Provider (CSP) programme on a utility basis with a commoditised management service based on ITIL and ISO27001 management processes. Designed for the UK public sector, the managed service ensures compliance and efficient use of resources.
- Managed resource; OS, patching, AV, backup and incident management
- Managed by UK based Security Check (SC) cleared staff
- Tiered support - working hours to 24x365 response and remediation
- Managed in accordance with ITIL 2013 processes
- Designed to be managed as part of a multi-cloud solution
- Access to full range of Microsoft Azure Services
- Microsoft Azure resources charged at the prevailing Microsoft list price
- Part of a comprehensive range of cloud services on Gcloud
- Licensing, Information Security and GDPR Compliance
- Optimisation and right-sizing recommendations to drive cost savings
- Agilisys are an experienced UK Public Sector cloud specialist
- Ensures compliance with Official and Official Sensitive requirements
- Training and architectural patterns/guidance
- Optimises your cloud services to ensure best value is obtained
- Clear, straightforward monthly cloud billing and management information
- Licensing advice and optimisation to ensure best value
- Ongoing optimisation, consolidation and right-sizing, reduces cloud spend
- Rapid scalability and deployment enables leverage of innovative cloud services
- Provides cloud skills to supplement your internal skills and capability
- Compliant with 14 Cloud Security Principles, ISO27001 and GDPR
£0.2 per virtual machine per hour
- Free trial available
Planned maintenance may take place between the hours of 22:00 and 06:00. Where maintenance is identified as potentially service impacting, 14 days notice will be provided to the customer.
The customer is responsible for, and remains liable for ensuring that their licensing is compliant with deployment in a virtualised cloud environment.
The customer is responsible for agreement and complying with the Microsoft Azure client agreement and acceptable usage rights. This can be found at https://azure.microsoft.com/en-gb/support/legal/subscription-agreement/
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Reponse times within service hours as per selected management service are:
P1 15 minutes, P2 30 minutes, P3 2 hours, P4 4 hours
Gold - 24x365 Servicedesk and P1 Incident resolution in addition to silver
Silver - 24x365 Servicedesk in addition to Bronze
Bronze - 08:00-18:00 M-F Excl Holidays for all calls
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Agilisys operates a Service Desk to provide a single contact point for all service related Incidents, Requests and Changes. Our service desk agents are available as detailed within the Management Service option selected.
Our management options are selected on a server by server basis, including management of storage, backup and underlying network and security. Basic management layer is included within the cost of each infrastructure element and provides service desk, subscription support, billing and reporting. Each layer builds on the service provided by the layer below to provide service support options from basic incident management with working hours’ support, to proactive management with 24x7 support with enhanced service levels and a named technical lead for your service.
These management options can be selected on a server by server basis, to ensure that your tailored solution exactly meets your requirements. Charges apply per server, per month.
Gold - As Silver, plus enhanced Service Levels, including 24x7 incident management, named technical lead and architectural review.
Silver - As Bronze, plus managed Antivirus, patching, proactive and capacity management and 24x7 Service desk.
Bronze - 0800:1800 Monday to Friday (excluding holidays) support, account management and no predefined support per server time limit.
|Support available to third parties||Yes|
Onboarding and offboarding
• new build of VMs;
• tool driven physical/virtual to virtual migration;
• professional services managed migrations.
New build is typically best for new projects or new implementations where a clean build will provide a useful break from previous environments. This process is led by the customer unless Agilisys are also engaged to provide professional services via Lot 3.
Tool driven migration takes advantage of vendor supplied utilities that package existing deployments for migration. In this case, the customer is responsible for deploying the tool, providing the data to Agilisys then commissioning and testing once the images have been uploaded.
Agilisys offers broad migration planning and implementation capabilities via Lot 3. Our tailored approach enables us to rationalise and transform your systems, migrating them onto our own UK based cloud services, Microsoft's Azure platform or as a hybrid which Agilisys also offer via on Lot 1. Typically, we can accommodate >90% of legacy systems within our hybrid approach, removing the need for dedicated local data centres and releasing significant savings. Options include:
• Cloud Readiness, Cloud Due Diligence and Cloud Design
• Transformation, consolidation and optimisation
• Operating System upgrade
• Cloud migration tooling
• Legacy system remediation
|End-of-contract data extraction||
The Customer should contact their Account Manager to cancel the service.
Our process extracts customer virtual machines from our service, transferred securely via network connectivity or via portable media, allowing you to import services on to another infrastructure.
Preparing and extracting images and data into a staging area at termination is included within the managed service price. The price of media and shipment of media to transfer data will be charged in addition to the managed service.
Further services are available to support offboarding of your service from the service and are accessible at the rates detailed within the accompanying SFIA rate card.
The customer initiates the off-boarding process via a service request.
Azure services supplied via a CSP agreement can be moved to another Microsoft CSP provider via Microsoft.
The initial task is to define the scope of VMs and data to migrate - typically these will be VMs hosting applications that have undergone significant customisation or which hold valuable data, databases and stored data. Transactional services that will need to be rebuilt because of locally significant customisation (such as domain controllers, load balancers) will likely be excluded.
Data is extracted and either presented in a staging area. Once extracted and confirmed as received by the customer, data is and subscription is deleted.
Using the service
|Web browser interface||Yes|
|Using the web interface||
Agilisys cloud services are managed by Agilisys on the customers behalf. Our self- service portal provides access to manage services across Microsoft Azure, AWS and the Agilisys IaaS platform. The portal provides access to:
• Power up/down and reboot, including console access onto virtual machines
• Self-provision virtual machines
• Manage allocated resources
• Access inventory and compliance information
• Access billing information
• Access right-sizing recommendations
Currently, environment build, network and firewall processes and co-located services are not supported on the self-service portal.
|Web interface accessibility standard||WCAG 2.0 AA or EN 301 549|
|Web interface accessibility testing||N/A.|
|What users can and can't do using the API||Standard Azure API services are supported.|
|API automation tools||
|API documentation formats||
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||The Azure CLI 2.0 is a command-line tool providing a great experience for managing Azure resources. The CLI is designed to make scripting easy, flexibly query data, support long-running operations as non-blocking processes, and more.|
|Independence of resources||Our service is capacity managed to ensure that users are not adversely affected by other users. In addition, we provide uncontended memory and for larger customers, dedicated compute resources. We also validate designs for each client through a TDA approval process for their service, which would include performance requirements. Once in service, we proactively monitor and alert on service performance and share performance metrics with our customers.|
|Infrastructure or application metrics||Yes|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Microsoft|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
Microsoft adheres to independently validated privacy, data protection, security protections and control processes. Please refer to https://azure.microsoft.com/en-us/overview/trusted-cloud/
Microsoft is responsible for the security of the cloud; customers are responsible for security in the Microsoft. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their Microsoft environment will be managed).
Wherever appropriate, Microsoft offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. Microsoft offers flexible key management options and dedicated hardware-based cryptographic key storage.
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||In-house destruction process|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Application and version aware, our backup service also offers client defined backup policies. Defined on a per system basis, these include customised:
• Recovery Point Objectives;
• Version retention based on number of versions and/or retention period; and,
• Retention periods
Backups are stored locally on dedicated backup disks, independent of production storage, to ensure recovery performance and replicated to an offsite tape library for Disaster Recovery purposes. Using an incremental forever approach, we provide an effective method of rolling back services to a specific point in time, without the need to maintain multiple full backups of your systems.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users contact the support team to schedule backups|
|Data protection between buyer and supplier networks||
|Other protection between networks||Express Route connectivity is available|
|Data protection within supplier network||Other|
|Other protection within supplier network||
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Microsoft Azure gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.
Azure enables customers to open a secure, encrypted channel to Azure services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use.
API calls can be encrypted with TLS/SSL to maintain confidentiality; the Azure Console connection is encrypted with TLS.
Availability and resilience
|Guaranteed availability||Availability Service Levels and Guarantees are provided in accordance with the Microsoft Azure Service-level Agreements statements and are product specific. These are detailed at the following location: https://azure.microsoft.com/en-gb/support/legal/sla/.|
|Approach to resilience||Availability Zones is a high-availability offering that protects your applications and data from data centre failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more data centre equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from data centre failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. The full Azure SLA explains the guaranteed availability of Azure as a whole.|
|Outage reporting||Alerts are generated by our monitoring platform that are received by our 24x7 Operations Centre. SMS text alerts and email notifications are generated and dispatched to user stakeholders for affected services. For Azure, the following are supported: Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging)|
Identity and authentication
|Access restrictions in management interfaces and support channels||Management access is granted only to UK based engineers that hold current Security Check (SC) Clearances. Two factor authentication, and strict segregation of administrative privileges is used to further control access.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||SGS United Kingdom Limited|
|ISO/IEC 27001 accreditation date||09/04/2018|
|What the ISO/IEC 27001 doesn’t cover||All aspects of our Cloud Services are included within the scope of our ISO27001:2013 Accreditation.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
CESG 14 Cloud Security Principles
Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2
|Information security policies and processes||
The Agilisys Cloud Service is ISO27001:2013 certified and has appropriate governance and processes in place.
Certificate No: GB14/91147
Agilisys has a comprehensive set of policies and standards covering our services, these are supplemented with “How To” documents, which cover the range of services providing practical method statements for common procedures when implementing platform and client services.
We operate an Information Security Management System (ISMS), incorporating best practice guidance from SANS Top 20 CIS Critical Security Controls and Good Practice Guides, our architecture and ISMS is certified to ISO27001:2013, and we are a certificated PSN Service Provider, following the PSN Code of Connection for our own infrastructure services. Agilisys comply with the CESG 14 Cloud Security Principles and are certified against the Cyber Essentials Plus Scheme.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our CMDB contains details of all the IT services delivered to our customers, together with relationships to the supporting services, shared services, components and Configuration Items (CIs) necessary to support the provision of the service.
Agilisys ensures the smooth running of operations using well-defined change management processes. Our Change Advisory Board (CAB) is managed to ITIL standards (assessed within the scope of ISO27001), with 98.5% of changes completing successfully.
Many of our processes are documented as standard changes, however service impacting or non-standard changes require a full change submission that may require communication with end customers via our Servic edesk.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Agilisys engages accredited third parties to regularly conduct IT Health Checks and conduct other testing of the IaaS and client environments. Timescales for implementing fixes and patches to address known and reported vulnerabilities are detailed in the Agilisys Patching Policy. Within VM's on Agilisys's datacenters ESET anti-malware and anti-virus is included in every virtual machine. Patches are deployed, once tested and signed off via CAB. Microsoft updates are received automatically. Other vendors (Adobe, Java, Citrix) are updates are assessed in response to alerts received.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Agilisys has comprehensive incident Management Processes and Security Operating Procedures in place.
A GPG 13 compliant Security Information and Event Management (SIEM) service has been deployed in addition to log capture on the IaaS Platform which monitors up to, but not within, tenant environments with logs filtered and supplied to our operations centre. The SIEM is configured in accordance with the our SIEM & GPG13 Protective Monitoring Audit Policy.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Our Incident Management process is aligned to the ITIL Standard and has been audited and approved by external auditors as part of our ISO27001 certification.
Agilisys’ Service desk function provides the single contact point for all Incidents, Requests and Changes. Operating 24x7 the service desk agents provide core services, including help and advice, and Major Incident Management. Accessible by telephone and email, once an incident call ticket has been raised, the desk retains control of the call. Escalations and communications including updates are accessible via the Service desk.
Major Incident reports are provided for all P1 incidents within 5-working days.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Other|
|Other virtualisation technology used||Proprietary Microsoft Hypervisor.|
|How shared infrastructure is kept separate||Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.|
|Price||£0.2 per virtual machine per hour|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Trial options are available, please contact us to discuss your requirements.|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|