CSC CloudCompute
Service Description
EMEA VERSION ISSUE 1.1
NOVEMBER 2011
a:
CSC
Dynamic Desktop
1.
Introduction
This Service Description describes the scope of the CSC CloudCompute services which are
provided from CSC data centers located in CSC’s EMEA region (“EMEA”). Specific details of the
countries covered by CSC’s EMEA region where CSC CloudCompute is available can be obtained
from CSC upon request. CSC reserves the right to update the CSC CloudCompute Service
Description at any time. CSC CloudCompute Services provided outside the CSC EMEA region may
differ in material respects.
The specific services to be provided to any individual client will be specified in the Order.
Certain expressions and acronyms are defined in the Glossary attached to this Service
Description.
2.
Overview
CSC CloudCompute is a web-based Infrastructure as a Service (“IaaS”) solution. CSC
CloudCompute combines multi-tenancy of the same physical infrastructure with logical
separation between clients to provide a dedicated compute and storage operating environment
that leverages CSC’s data center security services.
The Service is delivered via a web-based administrative portal which, after registration by
authorised administrators, can be accessed by users from a system with internet access. Clients
will be provided with additional information and guidelines on using CSC CloudCompute as part
of the CSC CloudCompute welcome kit.
Clients must choose one of the two tiers of service available for CSC CloudCompute:
CloudCompute Silver or CloudCompute Gold.
CSC CloudCompute Silver is designed to provide clients with a self-managed virtual data center
environment. Infrastructure capacity, including cpu, memory, storage, network and security
services, are allocated to the client and the client creates, manages and monitors its own virtual
environment.
CSC CloudCompute Gold provides the client with a virtual compute environment that is created,
managed and monitored by CSC.
The following matrix (Fig 1) is an overview of the features of these service tiers. A detailed
description of these service tiers is provided in sections 5 and 6. If a client requires both CSC
CloudCompute Silver and CSC CloudCompute Gold service tiers it must have multiple Org vDCs.
Fig 1
Feature
Silver
Gold
Copyright © CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
Feature
Silver
Gold
99.5%
99.9%
CSC Managed
CSC Managed
CSC Managed
CSC Managed
CSC Managed
CSC Managed
CSC Managed
CSC Managed
Client Managed
CSC Managed
Chargeable
Client managed
Chargeable
Client managed
Or CSC managed
(chargeable)
Security Services
Firewall Ruleset/Network Address Translation
Client Managed
CSC Managed VPN
NetworkIntrusion Detection Services
Host Based Intrusion Prevention Services
Included
Included
n/a
Client Managed or
CSC
Managed
(chargeable)
Included
Included
Cable
n/a
n/a
n/a
Required
Chargeable
Chargeable
Included
n/a
n/a
n/a
Included
Included
Included
Included in CSC
Managed Support
n/a
Included
Service Level
Availability Service Level
CSC CloudCompute Infrastructure
Data Center Network and Security Services
Server Hardware and Hypervisor Software
SAN Storage ( The client to choose from SATA or Fiber
Storage Options )
SATA Storage (in TBs)
Fibre Channel (in TBs)
Virtual Machine Management
Virtual Instance Management
(Start, Stop, Create, Modify, Delete, Clone)
O/S and Database/Middleware Applications
License (to be provided by the client)
Managed Support
Backup Service
Disk Based Backup
Replication to Remote Data Center
Tape Archiving
Monitoring
CSC CloudCompute Infrastructure
VM Availability
URL Monitoring
O/S and Applications
Reporting
VM – vCPU/Memory/Disk
The features designated as chargeable in Fig 1 are available at additional charge.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
1
3.
Implementation of CSC CloudCompute
Following acceptance of the Order by CSC, CSC will implement CSC CloudCompute for the client
in accordance with the client's requirements as stated in the Order.
The CSC Project/Service Manager will liaise with the client and with the appropriate CSC
personnel to:
Supply the client with the CSC CloudCompute Org VDc Administrator Guide;
Verify that the client has access to the Service;
Advise the client of the skill sets needed for the Org VDc Administrators;
Arrange and implement the training sessions as described in this Service Description;
Liaise with the client's service management team to complete service management
integration (change, incident, service level, event management and call handling
knowledge transfer).
Implementation will be complete when the following criteria have been met:
4.
4.1
The client’s CSC CloudCompute environment is provisioned in the CSC data center;
Monitoring (if applicable) has been activated and is reporting messages to the
appropriate CSC monitoring station; and
CSC verifies that the client has access to the CSC CloudCompute environment
CSC CloudCompute Services - General Description- all Service
Tiers
CSC CloudCompute Infrastructure
The CSC CloudCompute infrastructure is provided and maintained by CSC and consists of the
Server hardware, SAN Storage, network devices, and hypervisor software used to provide the
client’s virtual datacenter environment. The CSC CloudCompute infrastructure is N+1 and is
configured for automatic failover. CSC provides the Data Center Services described in section 8.
4.2
Organization Virtual Data Centers
CSC CloudCompute provides to each client a logically-isolated virtual datacenter called an
Organization Virtual Data Center (Org vDC) which contains the compute, storage and network
resources allocated to the client.
Org vDCs provide an environment where virtual machines can be stored, deployed and
operated.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
2
The client must appoint an Org vDC administrator (Org vDC Administrator) and a deputy who
will manage user access to the Org vDC and changes made to the Org vDC. The client can have
multiple Org vDCs that are configured separately or tied together through the client’s virtual
network configurations and the Org vDC Administrator can also create user accounts within the
client’s CSC CloudCompute infrastructure environment.
Any user who accesses the CSC Cloud Compute environment must use an SSL VPN that is
authenticated with Digital Certificates to access the CSC CloudCompute administrative console.
CSC will generate and distribute Digital Certificates as part of the implementation of CSC
CloudCompute. Org vDC Administrators will receive instructions on importing the CSC Digital
Certificate into a web browser and using it to establish a VPN into the environment for twofactor authenticated access into the management User Interface.
4.3
CSC CloudCompute Storage
CSC CloudCompute provides SAN-based storage. Clients can choose between two Options for
storage for each Org vDC as shown in Fig 2 below.
All virtual machines within an Org vDC must use the same storage Option. If a client requires
both storage Options it must have multiple Org vDCs.
Fig 2
CSC CloudCompute Storage Option
Description
File Systems/Database: Leveraging Fibre
Channel storage, this offers a solution for
databases and other applications that require
high performance from the storage.
Archive: The most cost-effective level of
storage aimed at multi-media and other
archive type applications. Clients may use this
level of service for applications that do not
require the high performance of fiber channel
drives
Fibre Channel
SATA
CSC provides the hardware, software, connectivity, facilities, systems administration, problem
management, and maintenance associated with the storage system. The client is solely
responsible for any client data (Content) maintained in the storage system, including but not
limited to data integrity, ensuring that malware or inappropriate Content is not stored and for
ensuring that Content complies with regulatory and legal requirements.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
3
Fig 3 below outlines the operational responsibilities of CSC and the client in respect of the
storage.
Fig 3
Task
CSC
Responsibility
Installation
Infrastructure installation and co-ordination
CSC project management and technical design
Installation and configuring I/O multi-pathing software, if
required
Installation of redundant FC adapters and wiring
Host I/O multi-path agent install/setup
Installation of additional Volume Manager and advanced
filesystem software, as appropriate
Creation and allocation of disk groups to be used by Org
vDCs
Creating datastores or disk file systems
Allocate Storage to Virtual Machines –CSC CloudCompute
Gold
Allocate Storage to Virtual Machines –CSC CloudCompute
Silver
Connectivity
Provision and management of connectivity within CSC data
center
Connectivity to CSC data center
Client network and client project management (if required)
Support and Maintenance
24/7 unplanned event support
Develop and maintain relevant service operational
documentation
Monitoring
24/7 fault monitoring
Service Management
Service Management using ITIL-3 processes
Client
Responsibility
Post-implementation storage expansion is available from CSC as a service request.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
4
The CSC CloudCompute storage expansion categories and responsibilities are outlined in Fig 4
below:
Fig 4
Service Tier
Silver
Gold
Silver
Gold
4.4
Storage Type
CSC
Responsibility
Virtual Data Store (Host)
Virtual Data Store (Host)
Virtual Machine Disk
Virtual Machine Disk
Client
Responsibility
Software Catalogs and Templates
CSC CloudCompute includes a public catalog of licensed templates for operating systems, virtual
appliances (e.g. firewalls and load balancers), and open source software applications. The public
catalog is accessible via the web-based administrative console. License fees are payable by the
client for use of the software. Software licensing for CSC CloudCompute is further described in
Appendix A.
As well as the public catalog, each Org vDC has a private catalog that acts as a content repository for the
client. Clients have the ability to create private templates by uploading and storing client-specific
applications in the private catalog using FTP (file transfer protocol). These private templates can be
shared with users within an Org vDC or with other Org vDCs within the same client environment. The Org
vDC Administrator controls who has access to the templates within the private catalog. Clients have the
ability to combine templates into a single virtual instance called a vApp. vApps simplify the deployment
and ongoing management of multiple servers that support a single application, including databases and
web servers, by encapsulating all the components into a single virtual service entity. The client can assign
to a virtual machine within a vApp an IP address from the IP pool allocated to the client by CSC. This
information is then available to all the other members of the vApp (for example, a database virtual
machine and a web server virtual machine automatically know about each other at power-on time).
5.
5.1
CSC CloudCompute Silver
Summary
CSC CloudCompute Silver is a client-managed service that provides clients with the ability to
automate the setup, configuration and administration of virtual servers and network topology
within their own Org vDC.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
5
5.2
Administration
CSC CloudCompute Silver requires primary contacts (Authorized Users) who are appointed by
the Org vDC Administrators who act as the client’s administrators for support and have the
authority to request changes to the client’s CSC CloudCompute environment. The Authorized
Users have the ability to create user accounts within the client’s CSC CloudCompute
environment and set associated user privileges for those users. Any requests for support that
do not come from Authorized Users will be redirected to the Authorized Users for validation and
approval.
With the ability to implement role-based access controls, the Org vDC Administrator can create
user accounts with specific privileges ranging from full administrative privileges to read-only
access.
The standard configuration for user accounts leverages CSC Active Directory Services. Clients
must follow the CSC Password Policy which will be provided to the client as part of the CSC
CloudCompute welcome kit.
5.3
Elements of CSC CloudCompute Silver
The CSC CloudCompute Silver Service consists of the following:
Access via the internet to the multi-tenant (shared) web-based administrative console
which allows authorized users to access their CSC CloudCompute environment for
management.
RESTful API access for control of the CSC CloudCompute environment. The features
available via the administrative console (e.g., upload VMs, instantiate, operate) are
accessible using the APIs.
A logically-isolated Org vDC which includes a virtual firewall to perform the following
functions:
-
Firewall: Supported rules include IP 3-tuple configuration with IP and port
ranges for stateful inspection for TCP, UDP, and ICMP
-
Network Address Translation: Separate controls for source and destination IP
addresses, as well as TCP and UDP port translation
-
Dynamic Host Configuration Protocol (DHCP): Configuration of IP pools,
gateways, DNS servers
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
6
-
5.4
VPN Tunnels: Subject to payment of an additional fee, CSC CloudCompute
supports IPSEC-compliant VPN tunnels to a client VPN termination point. If VPN
is the chosen connectivity between the client site and the CSC CloudCompute
environment, the client is responsible for coordinating the VPN implementation
in its environment, including network, router, switch and firewall procurement,
installation and configuration, and for providing the IP address of the VPN
termination point of the VPN tunnel. By managing all VPN tunnels from the CSC
CloudCompute environment, CSC provides network isolation for each client.
Compute Capacity
-
vCPU: a thread or processor cycle of the physical processors of the environment,
(for example a 2vCPU virtual machine would provide use of 2 concurrent
threads or cycles of the processors).
-
RAM: system memory on the physical infrastructure, for example, a 2GB RAM
virtual machine would provide use of 2GB RAM of system memory.
-
Storage : storage datastores are accessible from the client’s CSC CloudCompute
environment for allocation to virtual machines as hard disks (see section 4.3
Storage).
Networks
-
NIC: each virtual machine is configured with at least one virtual NIC and can be
connected to the client’s CSC CloudCompute networks.
-
Networks: Clients are provided with both internal and external networks.
Internal networks are non-routable and only accessible by the client. Internal
networks can be connected to external networks. External networks are routed
or directly connected to the internet, providing connectivity outside the CSC
CloudCompute environment.
-
Public IPs: Public IPs are available to be allocated to any virtual machines that
need to be accessed via the internet. However, the act of opening a virtual
machine to the internet by used of public IPs (ie without proper firewall
protection) can lead to security issues for which CSC is not responsible.
Virtual Machine Configurations
CSC CloudCompute Silver allows the client to configure its virtual machines as follows:
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
7
Each virtual machine, including disk storage, networking, CPU and RAM, can be
configured to run a full operating system and multiple applications.
The client can change its virtual machine hardware settings at any time:
- vCPU: between 1 – 8 cores
- RAM: between 1 GB and 255 GB RAM
- Disk: allocations of up to 1.8TB per virtual drive
- Drives: Up to 60 drives per virtual machine
The client can build its virtual machines with 1 external network interfaces and up to 10
internal network interfaces to enable advanced multi-tiered networks, including
firewalls, load balancers and multiple security zones.
The client has the ability to import its existing virtual machines and configurations or
build new operating system installations. CSC may, subject to agreement and payment
of an additional fee, provide ‘Physical to Virtual’ (P2V) and ‘Virtual to Virtual’ (V2V)
migrations.
The client can expose or “publish” individual virtual machine ports, individual URLs or
the entire virtual machine to the internet.
The client can use the CSC CloudCompute “cloning” feature, which allows the clients to
store its virtual machines at a point in time on the CSC CloudCompute Silver storage.
5.5
Operational Responsibilities
Fig 5 below details the operational responsibilities of CSC and the client for CSC CloudCompute
Silver. Items and tasks designated as “Chargeable” under CSC Responsibilities are available
subject to agreement and payment of an additional fee.
Fig 5
CSC CloudCompute Silver
CSC
Responsibility
Data Center Environment
Installation and Configuration of CSC CloudCompute
Infrastructure
Maintenance and break/fix of CSC CloudCompute
Infrastructure
Internet Connectivity
IP configuration
Data Center Security Services
Client
Responsibility
Assigns
Configures
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
8
CSC CloudCompute Silver
CSC
Responsibility
Org vDC Environment
Configuration of Virtual Machine (vCPU x vRAM and
Storage Combination)
vShield Firewall appliance
VPN Tunnel (CSC Managed Only)
Load Balancing (CSC Managed Only)
Software Licenses
Virtualization Software (License Only)
Operating System (License Only)
Web Server software (License Only)
Database (License Only)
Managed Services
Service Delivery: Project Management (Infrastructure
Only)
Event Management (Infrastructure Only)
Change Management (Infrastructure Only)
Management and Support of the virtualization
software
Management and Support of O/S
Management and Support of Web Server, Middleware
and Database applications
Monitoring and Reporting Services
Monitoring of CSC CloudCompute Infrastructure
CSC Hosting Portal Access
Virtual Machine Status/Performance
Security Services
VLAN segmentation
Utility Network Intrusion Detection
Vulnerability Alert Management
Hardened operating systems (CSC Licensed Only)
RDP for Windows and SSH for x86 Unix
Org vDC Administration
User Management
Asset and Resource Management
Content Management
Protection against, checking for and removal of
malware from Org vDCs
Client
Responsibility
Installs
Chargeable
Chargeable
Manages
n/a
n/a
Chargeable
Chargeable
Chargeable
Admin Account
Only
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
9
6.
6.1
CSC CloudCompute Gold
Summary
CSC CloudCompute Gold is a CSC managed service under which clients can also choose
additional value-added services such as licensing and CSC Managed Support for applications
from the operating system up through to database and middleware services. These options are
described further in this section.
6.2
CSC CloudCompute Gold Configurations
CSC CloudCompute Gold provides clients with a choice of 13 standard virtual machine
configurations ranging from 1 to 8 vCPUs and 1 to 32 GB RAM, as shown in Fig 6 below. Using
virtualization software and/or server partitioning, CSC will provide the client with the use of CPU
cycles, system memory and storage within a physical infrastructure, based on the configuration
selected.
Fig 6
Hardware
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual machine
Virtual CPU (vCPU)
1 vCPU
1 vCPU
2 vCPU
2 vCPU
2 vCPU
3 vCPU
4 vCPU
4 vCPU
5 vCPU
6 vCPU
8 vCPU
8 vCPU
8 vCPU
Memory (in GB)
1GB
2GB
2GB
4GB
8GB
6GB
8GB
16GB
10GB
12GB
16GB
24GB
32GB
For example, purchasing a 2 vCPUs x 2 GBs virtual machine would provide the use of 2
concurrent threads or cycles of the processors on the physical server and 2 GB worth of the
available physical system memory.
6.3
CSC CloudCompute Gold Security
In addition to the Data Center Security Services described in section 8.3, CSC CloudCompute
Gold clients are provided with additional security for their CSC CloudCompute environment:
VLAN segmentation, as defined by the client
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
10
6.4
Configuration of virtualization software (VMware)
Use of standard remote access protocols, as further described in section 8.6.
Cloud Compute Gold Operational Responsibilities
Fig 7 below details the operational responsibilities of CSC and the client for CSC CloudCompute
Gold. Items and tasks designated as Chargeable will be performed by CSC subject to agreement
and payment of an additional fee.
Fig 7
CSC CloudCompute Gold
CSC
Responsibility
Data Center Environment
Installation and Configuration of CSC CloudCompute
Infrastructure
Maintenance and break/fix of CSC CloudCompute
Infrastructure
Internet Connectivity
IP configuration
Data Center Security Services
Org vDC Environment
Configuration of Virtual Machine (vCPU x vRAM and
Storage Combination)
vShield Firewall appliance
VPN Tunnel – CSC Managed Only
Load Balancing (vShield license)
Load Balancing – CSC Managed Support
Software Licenses
Virtualization Software (License Only)
Operating System (License Only)
Web Server software (License Only)
Database (License Only)
Managed Services
Service Delivery: Project Management
Event Management
Change Management
Management and Support of the virtualization software
Management and Support of O/S
Management and Support of Web Server, Middleware
and Database applications
Monitoring and Reporting Services
Client
Responsibility
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
11
CSC CloudCompute Gold
Monitoring of CSC CloudCompute Infrastructure
Virtual Machine Status/Performance
Security Services
VLAN segmentation for client confidentiality and data
privacy
Utility Network Intrusion Prevention
Vulnerability Assessments
Hardened operating systems
RDP for Windows and SSH for Unix
Org vDC Administration
User Management
Asset and Resource Management
Content Management
7.
CSC
Responsibility
Client
Responsibility
CSC CloudCompute Support Bundles
The following levels of support are available for each virtual machine:
For CSC CloudCompute Silver:
Standard :
CSC manages the infrastructure from the hypervisor down
including compute, storage and network. All CSC CloudCompute Silver virtual
machines receive Standard support.
For CSC CloudCompute Gold:
Enterprise:
CSC manages the infrastructure and the operating system, and
if applicable, the web server software.
Enterprise Plus: CSC manages the infrastructure, the operating system, the web
server if applicable, and the database.
Fig 8 below shows the support bundles available for CSC CloudCompute Gold. Section 9
describes CSC Managed Support for the operating system, web server software and databases
listed in Fig 8.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
12
Fig 8
*Client must provide licenses for RedHat Linux and for all other operating system software. CSC
may subject to agreement and at additional charge, provide Windows operating system licenses.
Support Bundle
CSC Managed
CSC Managed
CSC Managed
Operating
Web Server
Database
System
CSC CloudCompute Gold Enterprise
Windows
n/a
n/a
Windows Service
CSC CloudCompute Gold Enterprise
Windows
IIS
n/a
WindowsWeb Service
CloudCompute Gold Enterprise Plus
Windows
n/a
SQL
Windows-SQL Service
CloudCompute Gold Enterprise
RedHat Linux*
n/a
n/a
RedHat Linux Service
CloudCompute Gold Enterprise
RedHat Linux*
Apache
n/a
RedHat Linux Web Service
CloudCompute Gold Enterprise Plus
RedHat Linux*
n/a
MySQL
RedHat Linux-MySQL Service
CloudCompute Gold Enterprise
RedHat Linux*
n/a
n/a
RedHat Linux Service
CloudCompute Gold Enterprise
RedHat Linux*
Apache
n/a
RedHat Linux-Web Service
CloudCompute Gold Enterprise Plus
RedHat Linux*
n/a
Oracle
RedHat Linux-Oracle Service
8.
CSC CloudCompute Data Centers and Data Center Services
8.1
CSC CloudCompute Data Centers
8.1.1 Overiew
The CSC CloudCompute infrastructure is located in a SAS70 audited, Tier 2 or Tier 3 data centers
in a locked room, accessible only via keycard access to a restricted subset of CSC personnel.
Visitors to CSC- controlled data centers are not allowed physical access to servers/equipment
and are accompanied at all times by CSC personnel. Each data center is manned 24x7x365 and is
configured with:
Raised floors
Proactive fire detection and suppression systems;
Redundant air handlers supported by redundant chillers;
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
13
Uninterrupted Power Supply (UPS) (redundant) and diesel generation capacity sufficient
to operate the facility at full load, even with the loss of a single unit (N+1);
Physical security measures, typically including exterior proximity sensors, key card
access and closed circuit surveillance.
8.1.2 Monitoring Services
CSC CloudCompute includes 24x7x365 fault monitoring for the CSC CloudCompute
Infrastructure and CSC Managed operating systems, web server software, databases and
middleware applications. Clients are notified of all service-impacting conditions in accordance
with CSC’s ITIL-aligned Event Management procedures.
Fig 9 below shows the standard capabilities available:
Fig 9
Category
Network and Security
Virtual Machine
URL
Operating System
Web
Servers
and
Applications
Databases
Service Availability
Silver
Included
n/a
n/a
n/a
Middleware n/a
n/a
Gold
Included
Included
Included
Included
Included
with
Managed Support
Included
with
Managed Support
CSC
CSC
CSC also provides custom monitoring solutions based on client requirements. Custom solutions
require design review and are subject to additional charges
8.2
Data Center Network Services
8.2.1 Standard Network Infrastructure Environment
CSC provides the data center network infrastructure required to host the CSC CloudCompute
service. Clients are provisioned on a leveraged, multi-client network infrastructure environment
(Standard Network Infrastructure or SNI), described in more detail below:
The components of the SNI are:
Routers:
resilient managed routers with built-in redundancy
throughout the SNI.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
14
Switches:
resilient managed switches with built-in redundancy
throughout the SNI supporting numerous network segments (Virtual
Local Area Networks or VLANs) per switch.
Firewalls:
resilient and managed firewalls with built-in
redundancy throughout the SNI.
Load Balancers: resilient with built-in redundancy and managed load
balancers throughout the SNI.
Management Infrastructure: internal management functionality via a
management network within the SNI through the data center firewalls
and/or private VLANs (PVLANs) to monitor and manage the entire SNI
environment.
The on-going operational service for the data center network infrastructure environment
consists of:
Network administration and management for network elements
Problem and change management
Configuration management
Software code upgrades to resolve bugs or security issues (vendor-supplied)
CSC monitors 24x7x365 for the following events:
8.2.2
Network element interface status
Network element hardware environmental status
Abnormal routing configuration changes
Network element CPU utilization
Network element interface utilization
Network element memory utilization
Hardware and interface errors
Data Center Internet Connectivity
CSC installs and manages the ISP network connections to the CSC data center via resilient
network routers and switches with built in redundancy.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
15
During implementation of the CSC CloudCompute service for the client, CSC provides the
following Data Center Internet Connectivity services:
Ordering and provisioning of circuit capacity from CSC’s ISP suppliers
Project management for the Data Center Internet Connectivity implementation and
testing
Anti-spoofing configuration
BGP configuration including AS number administration
Monitoring implementation
The on-going operational service for Data Center Internet Connectivity consists of:
Problem management and fault isolation
Capacity management and planning
Service management
Security incident response
Redundancy testing during specified operational maintenance windows on regular basis
CSC monitors 24x7x365 for the following events:
8.3
ISP circuit availability from pre-specified Internet points
ISP router device and switch port availability
Router and switch internal statistics (e.g. router CPU consumption)
Data Center Security Services
8.3.1 Utility Network Intrusion Detection Services- Summary
CSC’s utility Network Intrusion DetectionServices (NIDS) technology examines unencrypted
traffic entering and leaving the CSC CloudCompute environment. CSC monitors these sensors for
malicious/unauthorized activities on a 24x7x365 basis. When unauthorized access attempts or
attacks are detected, CSC security operations personnel are alerted and they investigate the
alert. After false positive alerts are ruled out, remaining critical security alerts are escalated,
following CSC’s Security Incident Response procedures as outlined below.
8.3.2 Utility NIPS - Incident Response
When an alert of suspicious activity is raised, CSC addresses and manages the incident to
completion and mitigation as follows.
Event Detection: Utility NIDS analyze, correlate and compare traffic for suspicious
patterns and generate a security event:
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
16
Security event detection leverages management infrastructure common to each data
center. Alert data flows from the Utility NIDS probes to the local management
infrastructure. The management infrastructure then correlates event information and, if
appropriate, sends alerts to a centralized monitoring database. Alerts are then displayed
at a central Security Operating Center and, based on the severity of the event,
forwarded to senior security engineers for further analysis and confirmation.
Event Confirmation: CSC security personnel confirm a security event or rule it out as a
false positive:
Prior to notifying the client of a security event, CSC works to investigate and confirm
that a security event has taken place. CSC’s policy is to avoid unnecessary escalation to
the client for unconfirmed alerts, and dedicates senior security resources towards the
confirmation of the security event. Once a security event is confirmed, CSC’s
Information Risk Management team will notify clients and engage them for event
response and resolution.
Event Response: CSC security personnel escalate confirmed security events to internal
subject matter experts and engage the client to take joint mitigating action to eliminate
risks, contain, and recover from the security event.
Once suspicious activity is confirmed (e.g. the activity is impacting the CSC
CloudCompute infrastructure or clearly has the potential to do so), CSC:
Assesses the impact and categorizes the severity
Minimizes risk to life first, then to the client’s business assets and data
Engages all required resources to support incident response
Informs stakeholders per Response Time SLA requirements
Minimizes business impact to the client during investigation and mitigation
Records decisions and approaches for future reference
Follows procedures for maintaining confidentiality
Final resolution of any security event is managed by CSC’s security team in conjunction with the
affected clients, other CSC support teams and third-party suppliers as required. Final resolution
may also involve temporary shutdown of affected virtual machine images, patching, firewall rule
restrictions, and identification of the root cause of the attack for future forensics or law
enforcement purposes as appropriate. CSC reserves the right to take any immediate action it
deems appropriate without notice or consultation with clients if CSC believes such action is
necessary to minimize serious harm.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
17
8.3.3 NIDS Maintenance
CSC updates its Utility NIDS signature database within 24 hours of the supplier’s release of a
new signature.
8.4
Backup and Restore Services- CSC CloudCompute Gold only
Backup and Restore is available for CSC CloudCompute Gold only and provides file system
backups through the use of a secure backup facility. The service is a disk-based backup service
with the option of replication to a remote data center or archiving to tapes. A full file system
backup is taken on initial installation of a virtual machine and thereafter on a monthly basis and
a copy of incremental changes is taken daily. All backups are retained for 30 days in the data
center disk array.
Clients can request restores from the disk backups, but cannot receive the actual disks.
Archiving to tapes and / or the ability to recover physical tapes back to clients’ facilities may be
available from CSC as a separate project at additional charge.
The CSC CloudCompute backup service has a variable service fee, invoiced monthly in arrears,
based on the amount of data stored on the backup device each month.
During implementation of the CSC CloudCompute service for the client, the following services
are provided:
Installation of backup client on virtual machines
Network access to backup infrastructure
Initial test of backup service
The on-going operational services for Backup and Restore consists of :
Problem management and fault isolation
Restorations upon request
CSC monitors 24x7x365 for the following events:
Scheduled backup status
Backup network availability
The following chart (Fig 10) indicates CSC’s standard schedule for backups, tape retention and
offsite storage:
Fig 10
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
18
Retention Tapes Stored
Period
Offsite
Remote Disk
Replication
Backup Level
Frequency
Full Backup Image
Monthly
30 days
Optional
Optional
Image Snapshots
Daily Incrementals
30 days
Optional
Optional
Restores are provided as part of the CSC CloudCompute Gold backup service. Clients request
restores by logging a service request. Timeframes to begin a restore are governed by the
severity of the service request and completion time for a restore is dependent on the size and
amount of files to be restored.
The charge for backup services includes restores for the purpose of data recovery only. Data
recovery is defined as the restoration of data lost or corrupted due to system crashes,
erroneous deletions, or other unplanned events, from the copy of the data which was made in
accordance with the frequency / retention periods stated above.
8.5
Monitoring Services
CSC CloudCompute includes 24x7x365 fault monitoring for the CSC CloudCompute
infrastructure and CSC Managed operating systems, web server software, databases and
middleware applications. Clients are notified of all service impacting conditions in accordance
with CSC’s Event Management procedures.
Fig 11 below shows the following standard capabilities:
Fig 11
Category
Network and Security
Virtual Machine
URL
O/S
Web Servers and
Middleware Applications
Databases
Silver
Included
n/a
n/a
n/a
n/a
Service Availability
Gold
Included
Included
Included
Included
Included with CSC Managed Support
n/a
Included with CSC Managed Support
CSC can provide custom monitoring solutions based on client requirements. Custom monitoring
solutions are provided after a design review and are subject to additional fees.
8.6
Remote Access Services
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
19
Based on the specific platform, CSC provides security tools and several methods (e.g. firewalls,
intrusion detection) for the client to manage their Content. This section describes the remote
access methods.
8.6.1 x86 UNIX Remote Access
SSH allows remote terminal access to virtual machines and uses an encrypted
connection. SSH is included in the standard operating system build for Linux. CSC has
approved version 2 of the SSH protocol for use on CSC managed virtual machines. SSH is
available as an Option on the Windows platform for an additional fee. It uses an
encrypted connection for telnet and FTP services.
FTP (including SSH SFTP) is a file transfer protocol that allows clients to upload and
update web content. SFTP and FTP are included in the standard operating system build
as part of thefor Linux, but are disabled in the default configuration. CSC will enable
SFTP and/or FTP upon client request at no additional charge.
8.6.2
Windows Remote Access
Terminal Services is the primary remote management solution supported by CSC for
Windows and enables clients to remotely connect to their vDC hosted servers for content
and service management. Clients use their Windows account with Microsoft’s Terminal
Services Client (128-bit encryption). This software is available as a download from
Microsoft.
RDP is a secure Windows protocol and is the primary method for application
maintenance and content updates in the CSC CloudCompute environment. CSC requires
users of RDP to use a static or fixed IP address at the user end of the secure connection,
as CSC filters RDP connections by IP address range. The combination of using a secure
protocol such as RDP and filtering based on IP addresses provides a very high level of
security for content updates.
8.6.3 Remote Access for Client Managed Servers
The client has system administration-level access to all virtual machines with a Client Managed
operating system and the client is responsible for installing, configuring, and managing the Web
content access and security tools of its choosing.
The client is responsible for configuring its own logon account and providing for any security
measures (such as one-time password protection) associated with those logons.
9.
CSC CloudCompute Optional Services
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
20
9.1
CSC Managed Support for Operating Systems and Software
9.1.1 Summary
These services are available only under Enterprise and Enterprise Plus support and are subject
to additional charges.
9.1.1.1 CSC Managed Support
CSC provides CSC Managed Support services for the operating systems supported as part of
Enterprise and Enterprise Plus, web servers, databases, and middleware software. Unless
specifically stated in the order to be CSC Managed, or otherwise expressly supported by CSC
under separate arrangement, all other software is treated as Client Managed and CSC has no
responsibility in respect of this software.
For CSC Managed software, CSC is responsible for the initial installation of the software with a
default configuration and for software administration. CSC will provide patch installs (the
installation of patches provided by the software supplier to solve specific problems with the
software) on the client’s request (provided that such patches are supportable by CSC) or on
CSC’s recommendation. CSC will install all non-critical patches in accordance with CSC’s
standard schedule for the specific application. Installation of client-requested patches or
installation of non-critical patches outside CSC’s standard schedule is subject to CSC approval
and an additional charge. CSC Managed Support does not include the license to or the
installation of any upgrades to the software or any change that requires re-installation or
migration of the software nor debugging client scripts, content or similar.
9.1.1.2 CSC Managed Support for Client Provided Software
In order for CSC to provide CSC Managed Support for Client Provided Software (that is, software
which is not provided by CSC), the client must (i) ensure that client has a valid license for the
software and appropriate maintenance and support agreements are in place; (ii) provide CSC
with the license and maintenance contract number(s); and (iii) name CSC as a technical support
contact for Client. CSC reserves the right to refuse to provide CSC Managed Support for Client
Provided Software if the client fails to fulfill these responsibilities or if the license provided by
the client is inappropriate for the client’s use of the software (e.g., the client provides a
development license for production use). In these circumstances, no reduction in CSC’s charges
and no credit for time that the software in question is not supported by CSC will apply and any
applicable Service Level will not apply with respect to that software.
9.1.1.3 CSC Support for Open and Open Plus Software (as described in Appendix A)
CSC support for software licensed under the Open Option is limited by the support available
from the applicable supplier and consists of the initial installation and configuration of the
software and provision of “break-fix” on a reasonable efforts basis given limited support from
the supplier. For Open Plus Software, if CSC is able to obtain patches and technical support
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
21
from a third-party supplier, CSC will provide CSC Managed Support (as described in section
9.1.1.1). For clarity, Service Levels do not apply to any Open Software.
9.1.1.4 CSC Basic Support
CSC will provide Basic Support for certain software applications, subject to CSC approval of such
applications as suitable for such support. Basic Support consists of (i) initial installation; (ii)
standard monitoring (as described in section 8.5) for the type of application; (iii) installation of
CSC required patches and service packs; and (iv) break-fix support provided on a reasonable
efforts basis. For purposes of Availability Service Levels, software with Basic Support is not
treated as CSC Managed Support.
9.1.1.5 Client Managed Support
The client is the administrator and solely responsible for the application, including all
maintenance and support, including, but not limited to, installation, patching, monitoring,
configuration and tuning, troubleshooting and repair, application-specific backups and
administration.
The client is responsible for maintaining appropriate patch and security fix levels for all Client
Managed software and for installing all CSC required patches and service packs. If the client
does not install CSC required patches and service packs in a timely manner, any relevant Service
Levels will be suspended or terminated. CSC will provide relevant support to the client for
client’s installation or support of the Client Managed software which requires
root/administrative privileges to a CSC Managed operating system , subject to CSC’s approval a
and at additional charge.
If requested by the client and agreed by CSC, CSC will at additional charge, provide specific
support services for a Client Managed application (such as installation or database backups).
9.1.2
CSC Managed Operating System Service
The CSC Managed Operating System Service consists of a reproducible, tested and consistent
environment that provides a uniform software system for Microsoft Windows 2003 and 2008 Standard
and/or Enterprise and Red Hat Standard and /or Enterprise Linux.
CSC has full responsibility for installation, operational support and maintenance of the operating
system. Although the specific system requirements vary according to the operating system, CSC
restricts clients from performing system administration tasks that may compromise the
reliability of a system or that interfere with CSC’s ability to manage the system. These restricted
tasks include installing software, patches, and configuring network settings.
The CSC Managed Operating System Service consists of:
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
22
Tested software configurations
Hardened operating system configurations for Windows and UNIX
Library of software modules
Monitoring software
Standard naming conventions for directories, users, and groups
System management tools
Uniform security model
Standard operating procedures
9.1.2.1 Standard Operating System Builds
The following lists show the standard software included in the CSC Managed Operating System
Service used for all compute environments, although exact builds may vary slightly depending
on the specific version of the operating system.
Windows:
Microsoft Windows Server Standard or Enterprise edition, 32 or 64 bit
Microsoft Indexing Service
.Net Framework (Optional)
Support for Windows Scripting Host
Microsoft Terminal Services for remote management
Default Active Directory domain
Anti-virus agent
Backup client
Performance reporting agents
Server-based monitoring agents
Linux:
Red Hat Enterprise Linux
SecurID for one-time user authentication
Remote access via WU-FTPD and OpenSSH
TCP wrappers for FTP, Telnet, SSH
Secure RPC services
Outgoing mail only
Common UNIX user utilities, including Perl 5.8 or later
Backup client
Performance reporting agents
Server-based monitoring agents
For clarity, not all versions of the operating systems listed above are fully supported by CSC. CSC
will advise the client which versions are supported.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
23
Support for the client’s other applications may depend on the client having a specific version of
the operating system.
The standard operating systems builds listed above contain software tools that are licensed
under the GNU General Public License or other Open Source licenses. See Appendix A
for more details.
9.1.2.2 Operational Responsibilities
Fig 12 below outlines the operational responsibilities of CSC and the client for the CSC Managed
Operating System Support. The CSC Responsibilities designated as Chargeable may be
performed by CSC subject to agreement and payment of an additional fee.
Fig 12
Task
CSC
Client
Responsibility Responsibility
Servers (Hardware)
Provisioning and configuration
Maintenance, break/fix
IP configuration
Operating System Services
Operating System installation and configuration
Track and install patches and security fixes
Root/administrative privileges
Systems administration
Operating System fault/process monitoring
Problem management and fault isolation (troubleshoot and
repair)
Installation of client-requested patches / service packs
Installation of CSC-required patches / service packs
Maintain license and support contract and escalate to vendors
Backup Services
Installation of backup client software
Configuration of backup client software
Maintenance, patching of backup client software
Verifying client software is functional, not deleted or altered
Troubleshooting and maintenance of backup client
Backup/restores of system files
Chargeable
*
n/a
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
24
Task
CSC
Client
Responsibility Responsibility
Content and Client Information
Content management
Content mirroring
Updating client contact information
Installation, development and maintenance of content and code
Configuration of business rules
Content migration
Chargeable
Chargeable
Chargeable
Chargeable
* CSC installs all non-critical patches/service packs in accordance with CSC’s standard schedule
for the specific application. Installation of patches/service packs outside the standard schedule
is subject to CSC’s approval and may require additional fees.
9.1.3 CSC Managed Web Server Service
CSC offers a chargeable CSC Managed Web Server Support Service for the following web
servers:
IBM HTTPD Server (Open Plus Apache Web Server)
Apache Web Server (Open software)
Oracle Java System Web Server
Microsoft Internet Information Server (IIS)
Other Web server software, subject to CSC’s approval and payment of applicable
fees
In addition to the general CSC Managed Support tasks described above:
CSC’s initial installation of the web server includes the initial installation of clientprovided digital certificates and initial configuration changes to component
parameters (such as buffer size or names on an access control list).
CSC Managed Support for Web Server software includes routine maintenance and
configuration of up to 10 managed URLs per server. Additional instances are
available for an additional fee.
Fig 13 below outlines the operational responsibilities for CSC Managed Web Server Service. The
CSC Responsibilities designated as Chargeable may be performed by CSC subject to agreement
and payment of an additional fee.
Fig 13
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
25
Task
CSC
Client
Responsibility Responsibility
Installation
Recommendations for web server architectures
Coordination of resources to install and configure
environment
Installation of web server software
Configuration of web server software to client requirements
Installation of client-provided digital certificates for SSL
Configuration of log archiving
Development and maintain service operational
documentation
Configuration of web server monitoring
Support and Maintenance
Ongoing systems administration
Routine maintenance (e.g. log file rotation) and configuration
Configuration changes to component parameters
Problem management and fault isolation (troubleshoot and
repair)
Installation of client-requested patches / service packs
Installation of CSC required patches / service packs
Maintaining license and support contract and escalating
problems to vendors
Performing start/stop of server
Capacity management and planning
Software Release Management
Software Lifecycle Management (including code promotion)
Monitoring
24x7x365 URL monitoring of each web instance
Chargeable
Chargeable
Chargeable
Chargeable
9.1.4 CSC Managed Database Service
CSC offers a Chargeable CSC Managed Database Support Service for the following database
servers:
Oracle Standard or Enterprise Database (including Real Application Cluster)
Microsoft SQL Standard or Enterprise
Other database server software, subject to CSC’s approval and applicable fees.
In addition to the general CSC Managed Support tasks defined above, the following applies:
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
26
Unless an alternative database configuration is specifically agreed with the client,
CSC creates the database to an industry standard. CSC performs daily backups of
the database as part of CSC’s backup service and restores the database in the case
of an outage, including point-in-time recovery. In the event that client requests a
restore for reasons other than an outage, then the restore is subject to CSC’s
approval and may require payment of an additional fee. In order to complete
backups in a timely manner, CSC recommends that the database size for Oracle
Standard be limited to 30GB. For databases larger than 30GB, Oracle Enterprise is
recommended. Remaining on Oracle Standard if the database size exceeds 30GB
may result in delays in completing backups and restores of the database.
For SQL, CSC creates the databases within the instance as required by the client and
provide the client with Database Owner access (a level of access which allows the
party with such access to manage the application independently) to all user
databases.
CSC provides monitoring of the database which includes availability of database
server processes; database consistency checks; table and database device
utilization; deadlock detection; database dump and transaction log dump status;
cluster status (if applicable).
CSC provides 24x7x365 support only for all critical and unplanned events. Planned
maintenance work must be scheduled with CSC in advance with at least two (2)
business days’ prior notice.
CSC installs, configures and supports database client software and connectivity.
Client connectivity is not monitored.
CSC assists with performance tuning and provides and implements
recommendations to improve overall database performance. The tuning of client
code and SQL queries is the responsibility of the client (including creation of indexes
and other objects considered to be client content).
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
27
The client does not have administrative access to the database. Client access to the
database is limited to the access only as necessary to create and maintain
application objects. CSC reserves to right to refuse the client access to or modify
(add, delete, change, install, etc.) database packages, procedures, privileges, etc. if
CSC believes the access or modification will adversely impact the security or
availability of the database.
CSC Managed Database Support is priced on a per database instance basis. CSC will
install up to four (4) database clients for each database instance; additional
database clients are subject to additional fees.
If the client requests CSC to install additional instances, CSC will review the current
hardware and software configurations for the applicable server. If, in CSC’s
reasonable judgment, the server cannot accommodate the additional instances
without an adverse impact on performance or availability, CSC will notify the client.
If the client directs CSC to install the additional instances against CSC’s
recommendation, and the client experiences outages or performance degradation
due to a lack of system resources, the Availability Service Level will not apply. CSC
reserves the right to charge the client on a time-and-materials basis for work
performed to resolve any problems that arise as a result of installation against CSC
advice.
Fig 14 below outlines the operational responsibilities for CSC Managed Database Service. The
CSC Responsibilities designated as Chargeable may be performed by CSC subject to agreement
and payment of an additional fee.
CSC
Responsibility
Task
Installation
Recommend database server architectures
Coordination of resources to install and configure
environment
Develop and maintain relevant service operational
documentation
Installation and initial configuration of database server
Creation and provisioning of database-relevant file systems
Configuration of database monitoring
Integration with CSC Managed Web Server and CSC Managed
Middleware services, where applicable
Database dumps and log file archiving
Client
Responsibility
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
28
Task
Installation and configuration of database client software and
connectivity
Support and Maintenance
Database backups and restores (via CSC backup service)
Installation of CSC-required patches / service packs
Installation of client-requested patches / service packs
Stop and restart the database and agent
Problem management and fault isolation
24x7x365 support for critical and unplanned events
Routine database maintenance
Security and user administration
Database layout design and alterations
Administrative access
Database Owner level access (SQL only)
Consistency checks on database objects
Transaction logging and point-in-time recovery
Support of database client software and database server
connectivity
Database software version upgrades (patches and service
packs are included, but not version upgrades)
Database migration (moving database from one instance to
another and/or any type of database structural change)
Database performance tuning and recommendations
Application and SQL query performance tuning and
recommendations
Capacity management and planning
Database enhancement (e.g. installation and configuration of
add-on modules; changes requiring rebuild of database)
scripted changes, device expansion, database space
additions)
Assistance with migration of new releases of the client’s code
from staging or integration environment to the production
database site
Custom script development
Test patch upgrades against content in a non-production
environment
CSC
Responsibility
Chargeable
Client
Responsibility
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
29
CSC
Responsibility
Task
Monitoring
Database monitoring (instance availability, log monitoring
and fault monitoring)
Database performance monitoring
Client
Responsibility
Chargeable
9.1.5 CSC Managed Middleware Service
CSC offers a Chargeable CSC Managed Middleware Support Service for the following
applications:
Access Management Applications
IBM Policy Director / Tivoli Access Manager
IBM Secureway
CA SiteMinder Policy Server
Oracle Java System Directory Server
Application Servers
Apache Tomcat
Oracle WebLogic Server
IBM WebSphere Application Server
JBoss Application Server
Portal Applications
Oracle WebLogic Portal
CSC Managed Middleware Support is available upon request for other middleware applications,
subject to CSC’s approval and applicable fees.
In addition to the general CSC Managed Support tasks defined above, the following applies:
Any application specific requirements for CSC Managed Middleware Support will be as
agreed between CSC and the client.
If the client has multiple instances of the application (whether on one server or multiple
servers), then CSC Managed Middleware Support is required for all instances.
CSC installs the middleware components and validates base functionality prior to
handing off to client for application deployment.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
30
Installation is considered complete when the application instances have been
configured to the base specifications agreed between CSC and the client. Any
application-specific requirements for the installation of the middleware component will
be as agreed between CSC and the client. Significant changes to the agreed
configuration requirements made by the client prior to installation may result in
additional fees.
Installation does not include deployment of any code or service configurations. Any such
deployment will be performed after installation is complete.
CSC works with the client to recommend and implement performance improvements to
the middleware configuration to meet the requirements specified by the client.
CSC provides 24x7x365 support only for critical and unplanned events. Planned
maintenance work must be scheduled with CSC in advance with at least two (2) business
days’ prior notice.
CSC Managed Support for Middleware includes up to four managed instances per
administrative domain. Additional instances and/or instances in more than one domain
are available for an additional fee.
Fig 15 below outlines the operational responsibilities for CSC Managed Database Service.
The CSC Responsibilities designated as Chargeable may be performed by CSC subject to
agreement and payment of an additional fee.
Fig 15
Task
CSC
Client
Responsibility Responsibility
Installation and Configuration
Provide configuration criteria for middleware (e.g. criteria for
application domains, clustering/ replication services, and
managed server instances)
Install application server software and license
Install application server SSL certificates
Implement middleware configurations (e.g. domains, instances,
schemas)
Initial deployment and launch of client application (e.g. ear files,
ldifs)
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
31
Task
Integrate middleware with CSC Managed applications (e.g.,
database, web server, access/identity control System)
Integrate middleware with Client Managed applications
Support and Maintenance
Middleware administration consoles
Start/stop middleware servers/services
Respond to unplanned middleware problems 24x7x365
Diagnose/resolve problems related to CSC Managed software
Diagnose/resolve problems with client-developed content/code
Diagnose/resolve problems related to Client Managed software
Install client-requested patches / service packs (subject to
supportability)
Install CSC required patches / service packs
Middleware product upgrades and migrations
Develop and maintain relevant service operational
documentation
Code deployment services
Log maintenance and retention
Configuration and maintenance of middleware backup services,
beyond standard filesystem and operating system backups (e.g.
scripts for ldap backups)
Value-add services (e.g. capacity planning, load testing, custom
scripting, application profiling)
User management (e.g. LDAP, portal applications)
Monitoring
Installation of CSC monitoring components
Middleware monitoring services (e.g. process availability,
log/pattern, URL, depending on the application)
Development and implementation of custom monitoring
9.2
Security Services
9.2.1
Intrusion Detection/ Services
CSC
Client
Responsibility Responsibility
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
Chargeable
In addition to the Core NID service described in section 8.3 CSC offers further Intrusion
Detection/ Services ("IDS") as part of CSC’s “Defense-in-Depth” approach to securing internetconnected CSC CloudCompute environments. IDS is critical to capturing attack signatures that
get through firewalls on web-enabled services and rounds out a well- balanced security
architecture. All IDS devices are monitored 7x24x365 by security analysts for real-time
dispatching of security incidents and escalations.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
32
9.2.1.1 Dedicated Host IPS
CSC’s advanced Dedicated Host-Based Intrusion Prevention Service ("HIPS") is a Chargeable
security monitoring service for servers and is based upon near real-time monitoring by security
analysts. HIPS agents are centrally managed and monitored by CSC 24x7x365.
HIPS provides the following three layers of protection that increase the level of security:
Behavioral-based prevention- protects against zero-day or buffer overflow exploits.
Server-based firewall
Signature-based prevention- blocks known hostile traffic through vulnerability shielding
(e.g. Windows software vulnerabilities) and web and database server protection (e.g.
directory traversal or SQL injection).
These features can detect and block against local privilege escalation attacks and internet-based
attacks.
This service requires a minimum of a 12 month contract.
9.2.1.2 Monitoring and Reporting
Significant security events noted by the IDS systems described above are captured and retained
for future reference and internal reporting in a centralized logging database. Ad hoc security
reports are generated by CSC support personnel for each security escalation to CSC’s
Information Risk Management (IRM) team and provided to the client.
10.
10.1
CSC CloudCompute Service Management Services
Training
CSC will provide two 2-hour training sessions via live web conference or other delivery
mechanism chosen by CSC. Participants will be able ask CSC questions in real time. Clients may
invite other end users to the two training sessions at their discretion. After completion of the
two training sessions, the client’s authorized users are then responsible for any training of other
client personnel and creating any other client accounts. Any additional training by CSC
personnel will be provided on a time-and-materials basis.
10.2
Service Delivery
CSC provides service management services to CSC CloudCompute clients during implementation
of CSC CloudCompute. These services are provided by CSC’s Service Managers who adhere to
common methodologies in accordance with ITIL- 3 processes. The Service Manager acts as the
client’s primary point of contact during the implementation of the client’s CSC CloudCompute
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
33
environment. During the delivery of the training sessions referred to above, the Service
Manager interacts with the client and with the appropriate CSC personnel to support the client.
The Service Manager provides:
Verification of order details
Identification of client’s key personnel to act as liaison between client and CSC
Identification of specifics of the client responsibilities upon which the completion of the
implementation and operation of the CSC CloudCompute service for client depends
Creation of training schedules
Depending on the complexity of the implementation, further service and / or project
management services may be provided for an additional fee.
10.3
Change Management
A change is any action (upgrade, modification, or addition) to the CSC CloudCompute
infrastructure which alters the system configuration or the current state of the CSC
CloudCompute environment.
CSC’s Change Management process involves a formal review of each proposed change by a
cross-functional team of managers and/or technicians who are responsible for approving the
steps for all qualified change-control activities. This approval process is part of a checks-andbalances approach to make sure that appropriate planning has taken place and proper advance
notice has been given to relevant parties before the change activity begins.
From time to time CSC may make changes or install software updates and patches to the CSC
CloudCompute infrastructure. CSC will also be entitled to install emergency updates and
patches as necessary.
CSC CloudCompute service is a shared service and scheduled changes and maintenance services
for the CSC CloudCompute infrastructure will be performed at the same time for all clients
during the defined maintenance window of every other Sunday between 0100 and 0600 GMT
(subject to local adjustments for daylight saving times in summer). If a break-fix change is
required, and CSC needs to implement the change outside the defined maintenance window,
CSC will notify the client as soon as possible.
10.4
Event Management
CSC uses a comprehensive Event Management process for detecting, reporting, addressing,
resolving, closing and preventing problems impacting the CSC CloudCompute Service.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
34
When a service event or problem occurs, CSC’s primary goals are:
10.5
To resolve the problem and/or return the CSC CloudCompute Service to an operational
state in the minimum time possible in accordance with the Service Levels. This may not
be full operability of the service and for the avoidance of doubt, CSC is not responsible
for restoring the client’s applications or data nor, except in the case of CSC
CloudCompute Gold, for restoring the client’s virtual servers. ;
To provide timely notification and ongoing communications with the client.
Asset and Configuration Management
Asset Management covers the management of the CSC- provided assets used to deliver the CSC
CloudCompute Service to clients and provides a complete inventory of these assets and who is
responsible for their control.
10.6
Incident Management
An Incident is an unplanned interruption to the CSC CloudCompute Service or a reduction in the quality of
the CSC CloudCompute Service. Failure of a configuration item that has not yet impacted the service is
also classed as an Incident.
The purpose of Incident Management is to restore normal service as quickly as possible, and to minimize
the adverse impact on business operations. Incidents are often detected by event management, or by
users contacting the service desk. Incidents are categorized to identify who should work on them and for
trend analysis, and they are prioritized according to urgency and business impact. If an incident cannot be
resolved to meet Service Levels it is escalated to a technical support team with appropriate skills;
hierarchical escalation engages appropriate levels of management.
10.7
Problem Management
A Problem is a cause of one or more Incidents. The cause is not usually known at the time a problem
record is created, and the Problem Management Process covers the further investigation.
The Problem Management Process manages the lifecycle of Problems. The key objectives of Problem
Management are to prevent Problems and resulting Incidents from happening, to eliminate recurring
Incidents and to minimize the impact of Incidents that cannot be prevented. Problem Management
includes diagnosing causes of incidents, determining the resolution, and ensuring that the resolution is
implemented. Problem Management also maintains information about Problems and the appropriate
workarounds and resolutions.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
35
This includes the determination of the root cause of Incidents and ensuring that actions are implemented
to eliminate a recurrence of the same issue. In addition, Problem Management seeks to proactively apply
solutions thereby preventing Incidents from occurring
Problems are categorized in a similar way to Incidents, but the goal is to understand causes, document
workarounds and request changes to permanently resolve the problems. Workarounds are documented
in a Known Error Database.
10.8
Service Request Fulfillment
Service Request Fulfillment Management is the process of qualifying, accepting, managing and closing
requests changes to the Services.
A Service Request is a request from a user for information or advice, or for a standard change, or for
access to the Service. The purpose of Request Fulfillment is to enable users to request and receive
standard services; to source and deliver these services; to provide information to users and customers
about services and procedures for obtaining them; and to assist with general information, complaints and
comments. All requests are logged and tracked and the process includes checking for appropriate
approvals before fulfilling the request.
11.
Service Levels
CSC provides standard Service Levels for Availability and Response Times and provides clients
with defined service credits if CSC fails to meet these Service Levels.
11.1
Definitions
For the purposes of this section 11 the following definitions apply:
Availability means that the CSC CloudCompute Service is available to the internet at the point
where the CSC Data Center connects to the internet.
Unavailable means that the CSC CloudCompute Service is not available to the internet at the
point where the CSC Data Center connects to the internet.
Notify means that CSC will call back or respond electronically to the designated client contact.
Respond means that CSC will begin working on the problem and/or ticket item, e.g. by calling
the client back to clarify the issue or by starting the technical investigation. It does not mean the
time it takes to resolve the incident. Time to Respond is calculated from the time at which CSC
receives the ticket and depends upon the Severity Rating (as described below) and does not
include resolution.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
36
Mean Time is defined as the arithmetic mean; all occurrences for a severity level will be
averaged over a calendar month.
Business Day means Monday to Friday (public and bank holidays excluded) 0900-1700 at the
location of the CSC data center that hosts the CSC CloudCompute infrastructure.
Applicable Monthly Recurring Charges means the standard monthly recurring fees for the CSC
CloudCompute services (less any discount that is applied for vRAM volume or order duration),
are limited to the charges for the specific virtual machine instances to which the Service Level
failure applies, and do not include any charges made for excess usage.
11.2
Availability Service Level and Credits
There are different Availability Service Levels and Credits for CSC CloudCompute Silver and for
CSC CloudCompute Gold.
CSC CloudCompute Silver Availability Service Level and Credit
Availability Service Level:
Service Credit:
99.5%
1/30th of the applicable Monthly Recurring Charges for any
calendar month in which the client’s CSC CloudCompute
environment is Unavailable for a cumulative total of 3.6 hours
(216 minutes) over that calendar month.
CSC CloudCompute Gold Availability Service Level and Credit
Availability Service Level:
Service Credit:
99.9 % *
1/30th of the applicable monthly recurring charges for any
calendar month in which the CSC CloudCompute service is
Unavailable for a cumulative total of forty-three (43) over that
calendar month.
* In order to qualify for this Service Level, the client’s applications within the client’s virtual data
center must be capable of failover to separate virtual machines. Software other than the
operating system and web servers may require redundant virtual machines in order to achieve
99.9% uptime.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
37
In the normal course of a failover, the time to it takes for one server to fail over to another may
take several minutes. This failover timeframe is considered normal and is therefore not included
in the calculation of non-Availability.
11.3
Response Time (“Time to Respond”) and Notify Service Levels and Credits
The Response Time and Notify Service Levels for CSC CloudCompute are as shown in Fig 15
below:
Fig 15
Severity
Level
1
2
Description
Mean Time to Respond
Mean Time to Notify
Complete loss of the
CSC CloudCompute
Service; or
a critical security
event such as a CSCconfirmed
security
incident on a CSC
Managed server.
If the client calls the CSC Call
Center, the ticket is logged realtime and CSC will Respond by a
hot hand-off to the appropriate
technician while the client is
still on the phone.
If CSC has received notice
through a monitoring alert or
the client has opened the ticket
by any means other than calling
the CSC Call Center, CSC will
Respond within 30 minutes
from the initial alert or receipt
of the ticket
If the client calls the CSC Call
Center, the ticket is logged realtime and CSC will Respond by a
hot hand-off to the appropriate
technician while the client is
still on the phone.
If CSC has received notice
through a monitoring alert or
the client has opened the ticket
by any means other than calling
the CSC Call Center, CSC will
Respond within one (1) hour
from the initial alert or receipt
of the ticket
Once
CSC
has
confirmed that a
Severity 1 event has
occurred, CSC will
Notify the client of
the issue within 30
minutes from the
initial
monitoring
alert.
Degradation
of
performance that has
a material adverse
effect on the client’s
ability to access the
CSC
CloudCompute
service, but does not
result in a total loss of
service; or
a circumstance that ,
in
CSC’s
sole
reasonable discretion,
that if not corrected
could result in an loss
of service or loss of
Once
CSC
has
confirmed that a
Severity 2 event has
occurred, CSC will
Notify the client
within one (1) hour
from
the
initial
monitoring alert.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
38
3
4
client data; or a major
security event that
degrades or could
degrade the service.
The
CSC
CloudCompute
service is functioning
normally, but an
individual or a several
individuals experience
a problem; or
the occurrence of a
non-critical security
event that does not
impact performance
of the service.
A service request that
is not a problem, for
example, a request to
install
software,
change firewall rules,
open accounts or
provide access.
CSC will Respond within one (1) Once
CSC
has
business day from receipt of confirmed that a
the ticket.
Severity 3 event has
occurred, CSC will
Notify the client
within
one
(1)
business day from the
initial
monitoring
alert.
CSC will Respond within four (4) n/a
business days from receipt of
the ticket.
The client is entitled to a credit of 1/30th of the applicable Monthly Recurring Charges for each
day in a calendar month in which the client’s CSC CloudCompute for any calendar month that
CSC fails to Respond or Notify the client of a planned outage according to the schedule above.
11.4 Limitations and Conditions
The total amount of the client’s Service Credits will be limited to the client’s Monthly Recurring
Charges for the CSC CloudCompute service in any billing period.
The client must apply for Service Credits using CSC’s reimbursement claim process notified to
the client and claims must be made by the end of the calendar month to which the claim relates.
Service Credits will be applied to the client’s invoice for CSC CloudCompute services in the
calendar month after the month of the claim. CSC reserves the right to reject Service Credit
claims made outside of this period.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
39
CSC’s failure to meet any Service Level agreement will be excused to the extent the failure is due
to any of the following:
regularly scheduled maintenance or service upgrades;
intentional shutdowns due to emergency interventions and/or responses to security
incidents;
problems with third-party components for which fixes have not been provided by the
supplier; the applications and/or data placed by the client on its virtual servers
(Content);
any components that are not managed by CSC;
configuration changes initiated by the client;
the client’s failure to observe CSC’s support and upgrade policies as set forth in
Appendix B (as may be amended and advised to the client from time);
acts or failures to act by the client or third parties;
factors outside the reasonable control of CSC, including internet access problems
beyond the boundary of the CSC CloudCompute service, or force majeure events;
suspension of access due to manual and automated protection systems.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
40
Appendix A - Software
A1.
Software Licensing
CSC offers the following software license options for the operating systems for the client’s
virtual server and applications used by the client on the client’s virtual machines.
A2.
Use : CSC retains all rights to the software, and grants the client a license to use the
software only in connection with CSC CloudCompute service and only during the client’s
service period. The client has no rights to the software after the expiration or
termination of the client’s hosting agreement with CSC and/or the applicable Order. To
the extent any software provided under a Use license includes components licensed
under open source licenses, those components are provided under the Open Optional
described below.
Open: Software that is freely licensed under a GNU General Public License or other Open
Source license, including but not limited to various UNIX utilities that are part of the
Standard O/S Build, is provided to the client under the terms of the applicable GNU or
Open Source license. The client has all rights to the software granted by the applicable
license, including any rights to the source code of the software.
Open Plus: CSC obtains maintenance and/or technical support for an Open software
application from a third-party supplier. The client has the same rights to the software as
under the Open Option above.
Client-Provided : The client retains ownership of the license to the software. If the client
requests CSC to install the software, the client is responsible for providing any necessary
the license contract numbers or license keys to CSC prior to installation.
Software Maintenance
For the Use, Purchase and Open Plus Options, software maintenance is included in the fees for
the software
For Client-Provided licenses, the client is responsible for obtaining maintenance and support
from the software vendor.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
41
Appendix B: CSC CloudCompute Policies
B1.
Support & Upgrade Policy
B1.1 Support Policy for CSC-Provided Software
If The terms apply with respect to third party software installed in the client’s CSC
CloudCompute environment:
Reduced Vendor Support: CSC will continue to support CSC-Provided Software based
on the level of support provided by the software vendor, for example, CSC will continue
to install necessary patches for as long as the vendor continues to supply them. If
Reduced Vendor Support results in an increase in CSC’s costs to support theCSCProvided Software , then CSC may, at its sole discretion, either increase the client’s
service fees or make a corresponding reduction in CSC’s level of support for that
software.
End of Support Life: CSC will cease provide support for the CSC-Provided Software when
the vendor ceases such support. CSC may allow the CSC-Provided Software to remain
installed in the client’s CSC CloudCompute environment until the end of the client’s
then-current service period, provided that the CSC-Provided Software poses no security
or operability risks to the client’s CSC CloudCompute environment or to the CSC
CloudCompute infrastructure.
B1.2
Upgrade Policy
If CSC informs the client that a component of the client’s CSC CloudCompute environment
whether such component is managed and/or maintained by CSC or by the client) needs to be
upgraded because:
the applicable component is CSC-Provided Software subject to Reduced Vendor Support
or End of Support Life, and/or:
failure to upgrade is causing or is likely to cause a degradation of the client’s CSC
CloudCompute environment or operational problems in the CSC CloudCompute
infrastructure, (whether or not the component is CSC-Provided or Client-Provided
Software) and/or:
failure to upgrade poses an actual or potential security risk to the client’s CSC
CloudCompute environment, and/or the CSC CloudCompute infrastructure, and/or
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
42
other CSC clients (whether or not the component is CSC-Provided or Client-Provided
Software),
then the client shall permit CSC to upgrade the software (if CSC-Provided) or upgrade it (If
Client-Provided) in accordance with CSC’s reasonable timeframe requirements.
If the client declines to to upgrade Client-Provided Software or to allow CSC to upgrade CSCProvided Software, then the client assumes all risks related to the failure to upgrade, including
any increased costs to CSC. may include, but are not limited to, the cost of fixing any problems
on the client’s CSC CloudCompute environment caused by the failure to upgrade. CSC reserves
the right at client’s cost to remove the software and/or suspend the client’s access to the
applicable virtual machine to mitigate any security or operability risks. Any third party early
termination or cancellation charges from the vendor will be charged to the client.
The client’s Service Levels will not apply to any Service Level failure caused by the failure to
allow the upgrade. Service Levels will not apply and no Service Credits will be paid to the extent
that CSC would have met the requisite Service Level if the software had been upgraded and the
client shall not be entitled to any rebate or reduction of fees for the affected services..
If the client does not upgrade the applicable software there may be a material adverse impact
on CSC or its other clients and a failure or refusal by the client to so upgrade shall be
considered a material breach of the]Service Agreement by the client (whether or not a material
adverse impact arises).
For clarity all software upgrades are at the client’s expense for both CSC Provided Software and
Client Provided SoftwareCSC required software patches and service packs are included in CSC Managed Support forCSCProvided Software , but will be at the client’s expense if the software is Client Managed.
B2.
Chronic Problem Policy
A Chronic Problem is any problem that:
Sets off CSC’s monitoring alerts and/or causes CSC to expend resources identifying the
cause of the problem; and
has been identified by CSC as having a root cause that requires the client to take action
(e.g., the problem is caused by client Content and/or client managed software needs to
be upgraded, etc.); and
has been communicated to the client by CSC.
In the case of a Chronic Problem, the client has the following choices:
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
43
The client may fix the Chronic Problem.
The client may remove the relevant content from the client’s CSC CloudCompute
environment.
For an additional fee, the client may request help from CSC to address the Chronic
Problem
If the client has not remedied the Chronic Problem within forty-eight (48) hours of notification,
then CSC, in its sole discretion, may take any necessary action to mitigate the Chronic Problem
and make a reasonable charge to client in respect thereof.
The client shall not be entitled to any rebate or reduction of fees for the affected services.
Service Levels will not apply and no Service Credits will be paid to the extent that CSC would
have met the requisite Service Level if not for the Chronic Problem.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
44
Appendix C: Other Terms and Conditions
C1.
Client Responsibilities
In addition to the specific responsibilities stated in this document and in the related agreement,
the client is responsible for:
C2.
Providing accurate and complete information to CSC upon CSC’s request.
Designating the technical and administrative contacts required by CSC.
Supporting the provisioning process as required.
Performing all operational tasks that are the client’s responsibility under the services
chosen by the client.
Abiding by CSC’s standard policies and procedures for CSC CloudCompute services.
Time and Materials Services
Where CSC performs tasks that are the client’s responsibility as described in this document, such
provision will be on a time and materials basis. CSC will provide the client with a quotation for
such services and rates when the client requests the task to be performed by CSC.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
45
Appendix D: Glossary
Order
a document containing the details of the Services to be delivered
to the client, the term of the Services, the Charges and other
relevant details;
N+1 Redundancy
a form of resilience that ensures system availability in the
event of component failure. Components (N) have at least
one independent backup component (+1).
RESTful API
A web service implemented using HTTP and the principles
of Representational State Transfer (REST))
ITIL
the proprietary ITSM (Information Technology Service
Management) approach developed by the UK Office of
Government Commerce (OGC);
CSC Data Centre
a data centre which is within CSC’s exclusive control;
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
46
Confidentiality Notice
The information contained in this document constitutes valuable and confidential proprietary
information of COMPUTER SCIENCES CORPORATION (CSC) and/or its subsidiaries and affiliates).
No license to any technology or intellectual property rights of CSC, or its affiliates, subsidiaries or
licensors, is granted or to be implied through receipt of this document. This document may be
used only in connection with your evaluation and use of the services that are the subject of this
document. This document may not be copied except as necessary for the purpose stated above.
If the document is copied, all confidentiality and proprietary notices are included in each copy
and that all copies are treated as the Confidential Information of CSC. This document may not be
otherwise used or reproduced or any of its contents without the express prior written
permission of CSC.
Copyright © 2011 Computer Sciences Corporation. All rights reserved. Other company and
product names may be trademarks or service marks of their respective owners.
Copyright ©CSC Computer Sciences Limited 2011
EMEA ISSUE 1.1 NOVEMBER 2011
47
