Vetasi Cloud Services Summary
Contents:
Vetasi Cloud Services Summary ............................................................................................................................................. 1
Service Level Agreement and Services Management............................................................................................................. 2
Service Level Agreement .................................................................................................................................................... 2
Cloud Application Service Level Agreement ....................................................................................................................... 2
DEFINITIONS ....................................................................................................................................................................... 3
Service Level Exemptions ................................................................................................................................................... 3
Service Management ............................................................................................................................................................. 3
Emergency Notification ...................................................................................................................................................... 4
Miscellaneous..................................................................................................................................................................... 4
Disaster Recovery Plan ........................................................................................................................................................... 5
Scope .................................................................................................................................................................................. 5
Background ........................................................................................................................................................................ 5
Recovery Steps ................................................................................................................................................................... 5
Security................................................................................................................................................................................... 7
Overview ............................................................................................................................................................................ 7
Cloud Security Services....................................................................................................................................................... 7
Physical Data Center Security ............................................................................................................................................. 7
Virtual Data Center Security ............................................................................................................................................... 7
User Authentication and Authorization ............................................................................................................................. 8
Controlled Network Configuration ..................................................................................................................................... 8
Cloud Backup Services ...................................................................................................................................................... 10
Cloud Disaster Recovery Services ..................................................................................................................................... 11
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
1
Service Level Agreement and Services Management
Service Level Agreement
The Cloud Services will meet the service levels described in this Service Level Agreement. The Cloud Services are
provided using our Intelligent Computing Environment (“ICE”) Platform and underlying cloud hosting infrastructure. Our
secure data centers and networks are provided by third party suppliers including Amazon AWS, NTT Global-Dimension
Data and other data centers located in North America, Europe, Africa, Australia and Asia. All data centers are SAS 70
certified (or similarly certified) or have related certifications for security and related performance levels.
Cloud Application Service Level Agreement
As part of the Master Subscription Agreement that governs Customer’s purchase of services, we will meet the service
level agreements set forth below.
Application Service Uptime Standard
We intend to provide 99.9% availability of the Customer’s Application Services and use commercially reasonable efforts
to make the Application Services available for access by Customer 24 hours per day, 7 days per week, excluding any
Scheduled Downtime or Unscheduled Downtime, provided that the Customer agrees to meet the following Customer
obligations:









Allow us full access to the Customer's Cloud service and to deploy the application on our Platform infrastructure with
our System Monitoring tools and with our application support;
Customer's system is fully redundant at all tiers and is configured for failover operation;
Allow us to audit all managed components and complete redundancy steps stipulated by us under a mutually agreed
upon timeline;
Possess no users or third party accounts that grant administrative or 'root' access to services within the Cloud
systems;
Off-premise systems are functioning properly and acceptable industry standards for network latency levels to offpremise systems on which the hosted application is dependent;
Customer must provide licensed copies of any enabling software operating above the Operating System (OS) level on
any system in the architecture excluding software licensed as part of the Platform or our Application service;
Customer must maintain 24X7 support agreements with the software vendor or industry recognized third party
software support product;
Customer must not modify the hardware, system or application code configuration or content without our written
authorization;
Customer must not program, modify the OS, launch new content, or perform stage and/or test periods without
following our standard change control processes.
Server Uptime (for all geographic regions other than Africa)
We intend to provide 99.9% availability of individual virtual servers within our Cloud environment. For purposes of this
Infrastructure SLA, only failures due to hardware and hypervisor layers delivering individual virtual servers are covered.
The individual virtual server will be deemed 'available' if the virtualization hardware and hypervisor layers delivering
individual virtual servers are available and responding to our monitoring tools as designed and in a non-degraded
manner (as evidenced in the monitoring tool).
Service Credit Calculation
In the event of a failure to meet the Server Uptime or Application Service Uptime Standard, the duration of such failure
period will be considered downtime. We will credit customer at a rate of 5% of the monthly subscription fee for the
service per 1% below the availability. If we fail to meet its committed service level, customer must claim any penalties
within 60 days of such failure in writing or email with the specific details of the outage. For the purposes of any claim,
the duration of the outage will only count from the time that the outage was reported to us.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
2
The maximum penalty payable in any one month shall not exceed 100% of the applicable subscription fee. We will issue
the Customer a credit which will be applied to the invoice in the month following the applicable event. Service credits are
accumulated monthly with all SLA metrics being reset at the beginning of each calendar month. Our monitoring/ticketing
systems shall be the information source of record for the accumulation of Monthly Cumulative amounts.
DEFINITIONS
Scheduled Maintenance Window
Unless categorized as an emergency maintenance window, we follow a weekly maintenance schedule to be announced
by Cloud operations.
Scheduled Downtime
“Scheduled Downtime” means time that the Application Service is unavailable due to the performance of system
maintenance, backup and upgrade functions that has been scheduled in advance by us. A minimum of three days’
advance notice will be provided for all Scheduled Downtime. Scheduled Downtime will not exceed four (4) hours per
month and will be scheduled in advance during off-peak hours when commercially practicable.
Unscheduled Downtime
“Unscheduled Downtime” means the time outside of the Scheduled Downtime when the Application Service is not
available to perform the typical operations normally executed by the Customer. The Target Service availability is 99.9%
for each service during each month excluding:



Outages due to fire flood, acts of God and War;
Outages due to customer’s use of the system or any changes made by a third parties or their employees; and
Outages due to problems with internet access to the service either ours or customer’s.
Service Level Exemptions
The following items or situations are exempt from our availability calculations:





Unavailability of Customer's Cloud System during scheduled maintenance window, emergency maintenance or any
other agreed-to scheduled downtime activity.
Downtime that resulted from modifications or changes of the operating system, database, application code or other
customer code, not provided by us.
Attacks (i.e. hacks, denial of service attacks, viruses) by third parties, and other acts not caused by us, provided that
we make every reasonable effort to maintain current versions of software patches.
Events of force majeure, including acts of war, god, earthquake, flood, embargo, riot, sabotage, labor dispute (outside
of our own employees), government act, or failure of the Internet.
If we are providing Application Services to Customer:
o Modifications to hardware, system applications or application code configuration, or code not authorized by
us. Changes or modifications to code that contributed to downtime.
o Unavailability of Customer's System due to Customer programming, modifications to OS, content,
development, staging and/or testing period(s) or acts or omissions of Customer which are not performed in
accordance with our standard change control processes.
o Unavailability of Customer System caused by failures of third party systems or services that are not under
our control.
Customer must be current on all outstanding invoices to be eligible for the credits referenced in this SLA. No credits will
be extended if Customer is delinquent in its payment of outstanding invoices
Service Management
We provide support services via our Service Desk, which can be contacted through phone, email or direct entry into our
Online Customer Support Site. The Online Customer Support Site is available 7x24, providing a means of reporting,
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
3
tracking and communicating incidents to us. During subscription provisioning, we will create a unique user account for
the Customer organization, allowing access to the Online Customer Support Site so that the Customer may report postimplementation incidents to the support team. Once an incident has been reported online, its ongoing status may be
viewed through the Online Customer Support Site.
Support Services
Our support services include application and technology infrastructure support. Application support includes managing a
customer’s Application Service Subscription to meet agreed service levels and support related questions. Technology
infrastructure support includes managing the underlying physical hardware and embedded infrastructure software to
ensure secure and reliable access to the Application Services. Support services are provided to address technical
problems and do not include assisting or training users on the use of the application.
Standard Service Desk Support hours are 9am-5pm Monday to Friday local time for customer.
Service Request Process Flow
All service requests submitted to our Service Desk are assigned a ticket number. The Online Customer Service Center
allows for the tracking of all tickets. Every ticket will be assessed and assigned a status by our support team based on the
information reported by the Customer. We will manage the resolution of the problem until it is resolved and the ticket is
closed.
The Customer will provide us with all accurate and complete information concerning the request which is reasonably
required and requested to diagnose and evaluate the request, and will use commercially reasonable efforts to assist,
cooperate and facilitate the remedying of such request, which will include the provision to us of reasonable detail of the
nature of the request, all of the circumstances in which it occurred and any other available information, data and/or
documents reasonably relating to the request which might aid in the diagnosis and resolution.
The Customer will designate at least one (1) individual who will be authorized to request support. The Customer will
provide us with written notice of the identity and contact information of all designated users and may from time to time
replace a designated user with another individual by providing written notice of the change at least five (5) Business Days
prior to the proposed effective date of such change. For certainty, we will not be responsible to provide any software
support or services directly to Customer users other than the designated users.
In the event that an incident is reported which is:


an incident or situation that is caused by Customer or a user; or
an incident that proves to be due to or the result of or caused by Customer or a user or a fault or problem with any
Customer or user system,
Then to the extent of the foregoing, the correction of such problem by us will not be included in support services
provided as part of the Application Services subscription and we will charge Customer at our then current professional
services rates to remedy such reported problem. The Customer will pay us for same within thirty (30) days of receipt of
an invoice.
Emergency Notification
If an event occurs that causes one or many major services to stop being delivered to many Customers, we will create an
emergency email alert to all members of the Customer organization currently registered for this communication. The
Customer will be notified of the problem as soon as possible and continually updated by email and notified until
resolution. Prior to the contract coming into effect, the Customer must provide us with the names, telephone numbers
and email addresses for at least one contact person in the Customer organization.
Miscellaneous
Additional Support Services
The Customer may request from time to time that we perform certain services that do not expressly form a part of the
support services. Any agreement to provide any requested services may be subject to additional charge (at our then
current rates or on a mutually acceptable fixed charge basis). Any such additional services will be in writing and require
the prior written approval of the parties and may require the execution of a separate professional services agreement.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
4
Disaster Recovery Plan
Scope
This document describes the planned disaster recovery processes under different scenarios for the ICE Cloud application
services. It does not provide prescriptive steps for task assignments and executing the processes but is intended to serve
as an overview document to describe the safeguards and procedures which are in place to protect our customer’s data
and business activities in the event of a problem and the options to increase that protection.
Background
Our partners provide application hosting services for a number of business customers. These services are delivered from
a suite of servers located at contracted data centers. Each application service consists of a set of web based applications
running exclusive application servers coupled with an Oracle database on a shared database server. These servers are
provided as virtual machines (“VM”s) in VMware on a high availability hardware cluster. From a hardware perspective,
this environment reduces the risk of interrupting service due to a hardware failure to almost negligible. Virtual machines
can be moved seamlessly between one server to another to cope with any hardware issues.
Backups of the VM’s are taken once a day and copied to the geographically separate data center facilities.
The hosting environments operate independently of any partner offices or other infrastructure. All daily tasks are
automated. Our partner staff can only access the servers for administration tasks and can do so from any location with a
laptop and internet connection with appropriate credentials.
This reduces the likely disaster scenarios which will need to be actively managed to the following:
Catastrophic failure or damage to the primary facility. Serious fire, bomb or earthquake or similar event.
Earthquake or similar event interrupting internet access for all internet carriers.
Recovery Steps
Standard Service Level
Standard service level includes the off-site backups of all VMs and data but does not provide for any hot or cold
equipment on standby in another facility to deliver service. To recover the environment, the backup VMs will be
deployed on a new virtualization environment and the data will be recovered to an attached data storage system. All
software components required to recover the environments, are readily available at alternative data center
environments.
Any issues which impair the availability or cause an outage of the application hosted services will be reviewed by senior
staff for severity, likely time to recovery and risk of delays. Given the safe guards in place as noted above, the most
logical path will be to await service restoration and if required, recover from backups at the primary facility.
If the outage will be prolonged, more than 24 hours, and/or the risk of delays is high, our partner and its partners will
initiate steps to bring VM’s online at the hosted facility in the alternative data center using the most recent backups
available. The time frame for the recovery cannot be assured and will be dependent on the workload at the backup
facility.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
5
Premium Service Levels
Our partner and its partners offer various options for providing improved disaster recovery services. These can range:


From providing a set of VM’s at the backup facility to load a customer’s VM images to and provide a base level of
service on 1-2 hours’ notice
To maintaining a full mirrored environment with data synchronization allowing full failover within a matter of
minutes.
These services can be tailored to the customer’s specific requirements.
Customer Site Backups
As a further safeguard and security measure, our partner can provide customers with their own database backup copies
on a regular basis.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
6
Security
Overview
Vetasi’s Cloud Services leverage our patent pending Intelligent Computing Environment, the “ICE” Platform, to securely
provide software as a service solution to enterprise customers throughout the world. Our cloud services are deployed as
private cloud solutions that meet the security and data segregation requirements of enterprise customers.
Our cloud services are delivered from multiple data centres through-out the world. Our data centers are currently
located in Europe, North America and Africa. Within each region, two physical data centers in different cities provide the
facilities for full system failover for back up and disaster recover purposes.
The following section describes our Cloud Security, Backup and Disaster Recovery services and the underlying
infrastructure used to provide these services.
Cloud Security Services
With the constant threat of security breaches, having a clear and robust security implementation is a necessity, not an
option. Vetasi’s Cloud Services are guided by a “defense-in-depth” security strategy, in which a series of security layers
are implemented so that no single solution is relied upon to provide security.
Our Cloud Security Services address both physical and virtual security. For physical security, all data centers meet or
exceed Tier III security and resiliency requirements. For virtual data centers, all virtual servers and VLANs are secured
behind our authentication and identity management service, and multiple layers of firewalls and proxy servers. With our
cloud service, our customer’s data is thus encrypted and store behind multiple layers of security fabric.
Vetasi configures VLANs between servers, configures ACL-based firewalls, and controls and tracks administrative usage.
Data is encrypted while being transferred as well as at rest.
Physical Data Center Security
Our data center partners provide unique security features. The facilities meet or exceed Tier III standards, the highest
commercially available data center rating. Network connectivity is provided by Global Tier-1 IP Networks:




All areas within the facility are monitored 24x7x365 by closed-circuit cameras and onsite guards.
Data Center space is physically isolated and accessible only by site administrators.
Access is restricted to authorized personnel through biometric two-factor authentication.
CCTV digital cameras cover the entire center, including cages, with detailed 24x7 surveillance and audit logs.
Virtual Data Center Security
Our virtual data center security is implemented with multiple layers of defence to protect our customer’s data and
dedicated application servers.



A multiple VLAN design is used to where the web, application and database servers all exist on separate VLANs with
separate firewalls.
Access to the various servers is handled through our proxy servers thus further limiting external access to the servers.
Unlike many cloud application services, our Cloud services do not intermingle customer data. While database server
resources leverage shared infrastructure, each customer is provisioned with separate database schemas. Optional,
separate database servers can also be provided.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
7
User Authentication and Authorization
To authenticate and authorize individual user access, we have implemented a federated identity management system.
Our system can be configured to use any Identity Service Provider such as a customer’s Active Directory environment as
the primary identity services.



Each user has a unique user id and password with the ability to implement multi-form authentication such as security
tokens.
Each users is authenticated upon accessing our Cloud services. An complete entitlement management system is also
implemented to manage access authorization to the ICE Cloud services and third party Cloud services.
The ICE User Management can establish trust relationships with enterprise identity providers and cloud service
providers.
Controlled Network Configuration





Configurable Layer-2 VLANs based on Cisco-based switching fabric allows us to virtually segregate web, application,
data and management VLANS.
Customizable ACL-based firewall rules allow us to control access into each network VLAN
NAT and VIP functions expose private IP addresses to the public Internet only where necessary
Load-balancing and port translation across multiple virtual servers, with the ability to take servers in and out of
service manually, programmatically, or based on monitoring probes
Layer 2 Multicast supports high availability clustered server deployments for enterprise applications and the
underlying ICE Platform services.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
8
Encryption


Data is stored with 256-bit encryption at rest and 128-bit SSL encryption while in transit.
SSL Certifications are implemented for all access.
Secure Access

Access to our Cloud Services is provided via any of the Public Internet, MPLS, VPN, Carrier Ethernet or Private
Networks.
Firewall

Fully-managed, hardened, stateful inspection firewall technology is used with customized customer-specific firewall
rules. Firewalls exist at each VLAN access point as well as at the application server level.
Intrusion Detection

Fully-managed Intrusion Detection System (IDS) utilizing signature, protocol and anomaly based inspection methods
are deployed.
Edge-to-Edge Security Visibility

Edge-to-edge security, visibility and carrier-class threat management and remediation utilizing industry leading Arbor
Networks Peakflow to compare real-time network traffic against baseline definitions of normal network behavior,
immediately flagging all anomalies due to security hazards.
Denial of Service Protection

Protection against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, worms or botnets.
Security Compliance including SSAE 16 and PCI Compliance and adoption of ISO 27001/2



Our Data Center providers maintain SSAE-16 attestation. Our SSAE-16 attestation is based on an in-depth series of
documented controls covering the operational management of the Cloud infrastructure.
Vetasi can also offer a PCI-compliant environment that implements a number of security measures required for
applications storing, transmitting, or processing credit or debit card information.
Vetasi has adopted ISO 27001 and is committed to related quality management and security audits.
24x7 Incident Response


A Security Incident Response Team (SIRT) is in place to handle reports of security incidents. The SIRT escalates
incident to law enforcement and/or executive management as prescribed in security policies.
Our virtual operations center provides 7x24 monitoring of all cloud operations and layers within the infrastructure
services.
Reporting


Audit logs of all environmental changes are maintained.
Event logs are also maintained. These logs track CPU, RAM and related computer usage, as well as access times and
user ids.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
9
Cloud Backup Services
Our Cloud Backup Services utilize disk-to-disk backup with options for both onsite and off-site backup solutions to insure
a robust product that meets a wide range of backup needs.


The onsite option takes advantage of our private network to backup and restore data in a fast and efficient manner.
The off-site option provides data replication over an encrypted IP VPN connection to a secure remote Data Center.
Server Retention Scheme
The retention schemes for storage on the servers utilize a 28 day, father/son retention scheme:


Son: Daily backup – six (6) incremental copies kept for seven (7) days
Father: Weekly backup – Four (4) Synthetic Full backup copies and one (1) Full backup kept for twenty-eight (28) days
SAN/NAS Retention Scheme
For data in SAN or NAS storage, our cloud services offers 2 day, 28 day and 90 day retention options.
Database and Application Back-up
Database and application specific data has hourly incremental backups, daily snapshots and weekly full backups. The
backups are stored on separate server and data partitions and also sent to off-site storage within the region.
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
10
Cloud Disaster Recovery Services
Vetasi offers a fully-managed Disaster Recovery option that provides a path to recovery in the event of a natural or manmade disaster affecting the primary data center. Vetasi offers two different disaster recovery options:


“Cold” Disaster Recovery: This option utilizes offline servers prepositioned at a geographically dispersed data center
that can be activated in case of a disaster.
“Warm” Disaster Recovery: This option uses servers located in geographically dispersed offsite data centers that are
actively supporting either staging or production purposes, but are transitioned to a production role in case of a
disaster.
With either option, Vetasi offers Service Level Agreements that commit to a 48 hour Recovery Time Objective (RTO) and
24 hour Recovery Point Objective (RPO).
The Vetasi Disaster Recovery Service includes the following features and benefits:
Offsite data backup option

To ensure that data is available even after a disaster, Vetasi offers a disk-to-disk off-site option. Vetasi encrypts the
data, then transfers it to a secure remote storage facility. With the data stored off-site, customers can rest assured
that even a local disaster will not have global ramifications.
On-going simulated testing

No matter how well a Disaster Recovery product is designed and implemented initially, things change and that's why
the Cloud Disaster Recovery Service includes ongoing simulated testing with published results which are documented
and delivered directly to the customer.
24x7 DR Standby Servers

Vetasi maintains multiple offline servers at a geographically dispersed data center ready to be spun up as soon as the
customer declares a disaster.
Flexible Recovery Options

Should a disaster occur, Vetasi ensures a smooth transition to the new DR environment by working closely with the
customer over the next 30 days to determine the best solution going forward. Options include moving production
back to the original environment or transitioning the new DR environment in to the primary going forward (removing
the need to transition a second time back to the original data center and keeping the customer removed from the
aftermath of a widespread disaster).
Robust Service Level Agreements

DR planning requires guarantees and concrete objectives and Vetasi delivers that as part of the standard DR offering.
The Disaster Recovery Solution includes Service Level Agreements around multiple objectives, such as a 48 hour RTO
(Recovery Time Objective - the amount of time after a disaster to bring the application back up and running) as well
as a 24 hour RPO (Recovery Point Objective - the data that can be recovered as measured back in time prior to the
disaster).
Vetasi Limited
ICE Service Level Agreements
www.vetasi.com
11