On Direct Business Services Limited

Cloud Direct Azure Site Recovery

Your organization needs a business continuity and disaster recovery (BCDR) strategy that keep apps and data safe and available during planned and unplanned downtime. Azure Site Recovery contributes to your BCDR strategy by orchestrating replication of on-premises, virtual machines, and physical servers to the cloud.


  • Simple automated protection and disaster recovery to the cloud
  • Provides flexible and reliable workload replication
  • Eliminate the need for a secondary datacentre
  • Perform quick and easy replication testing
  • Full fail over and recovery for planned or emergency outages
  • Customised fail over for complex environments
  • Integrates with existing BCDR technologies
  • Proactive service monitoring
  • Expert BCDR consultancy and planing capability


  • Peace of mind that your environment is fully protected
  • Automation removes the risk of human error
  • Access to your data and applications in any emergency
  • Rapid service restore minimises business distruption
  • Service health is continuously monitored keeping you protected
  • Data is secured up to AES-256
  • Only pay for invocation VMs when you use them
  • Simple test invocations prove your BCDR plan works


£18.63 per server per month

Service documents

G-Cloud 9


On Direct Business Services Limited

Charlotte Margree

0800 0789 437


Service scope

Service scope
Service constraints Supported servers and virtual machines will need to meet the standard Microsoft Azure prerequisites, for example 16 disk maximum, 2008 R2 with Service Pack 1 or newer.

Certain low bandwidth connectivity solutions will also be a barrier to adoption.
System requirements
  • 2008 R2 Service Pack 1 or newer
  • Hyper-V - Windows Server 2012 R2 or newer
  • VCentre 5.5 or 6.0
  • VSphere 6.0, 5.5 or 5.1
  • Data disk count of 16 or less
  • Operating system disk size of up to 1023GB
  • Operating system disk count of 1
  • Hard disk format of VHD or VHDX
  • VM name between 1-63 characters
  • VM Type - Generation 1 or Generation 2 (Windows only)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Customers can email our support team 24/7 and our service management system will automatically create a support ticket and email them back the support reference number. Our support team will categorise issues as either standard, moderate, high or critical. An engineer will be assigned and begin working on the problem within 1 hour for critical issues.

Our Provide Portal also allows customers to log their own support tickets and set their own priority. Existing tickets can also be reviewed and updated via the same portal.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web Chat is provided by a third party service called LiveChat. It is a text only service.
Web chat accessibility testing N/a
Onsite support Yes, at extra cost
Support levels Our Azure Site Recovery Service is offered with a monitoring and support service. This provides 24/7 break-fix support via phone, email and our customer Provide service portal. The monitoring aspect of the service include:
- Weekly monitoring of the current system readiness
- Weekly traffic light reporting on system state
- Proactive incident raising
- Access to the Cloud Direct support knowledge base
- 4 test invocations per year

The service is on a monthly subscription basis and is charged from £300.00 per month (Depending on platform configuration).

An customer service account manager will be allocated to help our customers with any service or billing related issues.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started To ensure that your initial set-up and configuration of Azure Site Recovery is achieved without risk to the integrity of your systems and data, we offer a full implementation service.

We will work with you to complete an audit of your current system environment which identifies any potential issues with your Azure Site Recovery adoption.

Our project engineers will then complete the implementation of the service, sign off a test invocation with you and formally hand you over to our operations support team.

This process is overseen by a named project co-ordinator who will be responsible for ensuring that you are understand your new service and have access to the right tools and information to manage the service going forward.

We are also able to offer additional training (cost option) if required.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Azure Site Recovery holds a replication of your data and systems state. When a contract ends and the service is terminated all data held within the service will be permanently destroyed. Your data will remain on the VM's or physical servers that you were replicating into Azure, therefore no data extraction is required.
End-of-contract process Once a contract has been cancelled in line with the agreed terms and conditions, we will remove your access to the service and decommission the Azure Site Recovery platform. The decommission includes the permanent deletion of any data held on the platform.

No additional charges are applicable.

Using the service

Using the service
Web browser interface Yes
Using the web interface The Azure Site Recovery services can be managed via the Azure Management portal provided by Microsoft. This portal gives full access to set-up, make configuration changes and remove services.

It also offers a comprehensive dashboard to understand service usage, service issues and failures.

Customers are provided with their own dedicated administrator access to the Azure Management portal or can opt to delegate the management of the service to a third party.
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing We have not completed any testing, this has been completed by Microsoft.
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface Azure Site Recovery supports the Azure PowerShell command environment within the Azure Resource Manager.

The PowerShell cmdlets allow developers and administrators to develop, deploy and manage Microsoft Azure applications.

A full range of management functions including the ability to create, modify and delete recovery configurations, trigger restores and change backup schedules.


Scaling available Yes
Scaling type Manual
Independence of resources All Azure Site Recovery instances are managed within their own tenant. Microsoft proactively resource manage the use of Azure storage and interface resource across multiple data centres in the UK and EU.
Usage notifications No


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Other
Other metrics
  • The monitoring of current replication status
  • The monitoring of vault status
Reporting types
  • API access
  • Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • VMware VMs
  • Hyper-V VMs
  • Windows physical servers
  • Linux physical servers
Backup controls You will have full control over which components of your environment you wish to replicate into your Azure Site Recovery via the Azure Management Portal.

Once your Recovery Service vault has been set-up and a replication policy established, you can specify the replication source and target.

Machines will start replicating in accordance with the replication policy. You can amend this at anytime via the Azure Management Portal.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The following Service Levels and Service Credits are applicable to Customer’s use of each Protected Instance within the Site Recovery Service for On-Premises-to-On-Premises Failover:

Monthly uptime % < 99.9% triggers a 10% service credit.
Approach to resilience Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft services. Each facility is designed to be run 24x7x365 and employs various measures to protect operations from power failure, physical intrusion and network outages.

Azure has a defense system against Distributed Denial-of-Service (DDoS) attacks on Azure platform services. It uses industry standard detection and mitigation techniques.

To ensure that organisations meet data residency, sovereignty and compliance requirements, Microsoft has a worldwide network of more than 30 announced Microsoft managed data center regions and continues to make a significant investment in geo-expansion.

For data at rest, Azure offers a wide range of encryption capabilities up to AES-256. Microsoft have also adopted the first code of practice for cloud privacy ISO/IEC 27018.

Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.
Outage reporting Every operation within Azure Site Recovery is audited and tracked. The Azure Management portal will automatically identify any configuration, protection or recovery errors.

The Azure Management portal also displays the service health across all services and will therefore identify any wider service outages or maintenance.

Identity and authentication

Identity and authentication
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Cloud Direct controls access to customer systems and services in accordance to pre-defined ISO 20000 and ITIL processes.

Support engineers have access to only the services that are required to allow them to troubleshoot and manage the services we provide.

Access control systems are in place to control the enrollment, off-boarding and service rights for all members of staff. A full audit history of service access is maintained.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date Active
What the ISO/IEC 27001 doesn’t cover That would be discussed with Micrtosoft.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date Active certification
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover Nothing to note here.
PCI certification Yes
Who accredited the PCI DSS certification Microsoft uses a Qualified Security Assessor (QSA).
PCI DSS accreditation date Active certification
What the PCI DSS doesn’t cover It is, however, important to understand that Azure PCI DSS compliance status does not automatically translate to PCI DSS certification for the services that customers build or host on the Azure platform. Customers are responsible for ensuring that they achieve compliance with PCI DSS requirements. The Azure Customer PCI Guide specifies areas of responsibility for each PCI DSS requirement, and whether it is assigned to Azure or the customer, or if the responsibility is shared.
Other security accreditations Yes
Any other security accreditations
  • ISO 22301
  • ISO 27017
  • ISO 27018

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Cloud Direct have several policies around information security including vendor management, problem management, risk management, access control and information control. Every policy and process has an owner who is responsible to ensure it's followed as well as line-managers within the business. We have also built processes into our systems to help with adherence. Any time a process isn't followed a non-conformance is raised and investigated.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Cloud Direct hold ISO 27001 (Security) certification and follow annually audited processes for the management of change within the service.

Changes to the service are classified as either pre-defined change , i.e. changes that are documented as a standard procedure for example, adding in a new replication instance or authorisation change which must be approved.

All authorisation changes are reviewed by our change board before being allowed to proceed. Full documentation of these changes are retained within our service management system.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability management is covered under our ISO 27001 certification in conjunction with our Tier 1 Cloud Solutions Partnership with Microsoft.

Microsoft are responsible for the management of vulnerabilities and service patching.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Microsoft provides an extensive monitoring and protective service for the Azure platform. This includes an extensive defence system against Distributed Denial-of-Service (DDoS) attacks. It uses industry standard detection and mitigation techniques.

Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS
Incident management type Supplier-defined controls
Incident management approach Cloud Direct holds a ISO20000 certification for service management. This is an independent audit of a business’ ability to delivery consistently high-quality IT services.

Cloud Direct bases its processes on ITIL® - a comprehensive set of best practices for IT Service Management. The ethos behind ITIL is the recognition that organisations are increasingly dependent on IT in order to meet business needs. This leads to an increased requirement for high quality IT services.

All incident management processes are documented and audited in line with this certification.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Microsoft
How shared infrastructure is kept separate This is proactively managed by Microsoft using a unique tenant for each customer.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £18.63 per server per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑