![CIT/DCSS SLA Number _______________ Appendix A
recovery plan
Apache Web
Hosting
[Descriptions to be added upon rollout of this future service]
Services
If contracted
SERVICE AVAILABILITY
Service CIT will provide coverage for the Hosted Services, 24 hours a day, 7 days a week. See the
Coverage contact personnel listed in Appendix A for the CIT emergency after business hours contact(s).
CIT will provide 99.9% system availability within the agreed service hours.
CIT will provide 99.9% availability of resources to support services, exclusive of scheduled
maintenance activities.
Service
Installation and configuration of services within time frames agreed to with the customer
Availability
If CIT is unable to meet system availability target levels due to CIT/DCSS negligence, CIT
will provide the Customer reimbursement for unavailable services based on a calculated
formula, upon request.
SERVICE OPERATIONS
System
CIT will manage and monitor the servers, which are part of the Hosted Services, 24 hours, 7 days
Monitoring and
a week.
Support
Certifications DCSS will send out 90 and 60 day advance notifications to all hosting customers
Renewals informing them that their certification(s) is/are about to expire. If DCSS does not receive
an authorized request (ASR/ticket) back from the customer indicating the certification
should not be renewed, DCSS will automatically renew the certification on behalf of the
customer and bill the customer back for this cost.
All services and/or related system components require regularly scheduled maintenance
(“Maintenance Window”) in order to meet the establish service availability levels.
These maintenance window activities will or may render the systems and/or applications
unavailable for normal user interaction for the following locations and timeframes:
Type: Scheduled Maintenance
Location(s): Data Center Building 12
Timeframe: Quarterly; Dependent on type of maintenance
Notification:
Coordinate with the customer as needed prior to the scheduled maintenance window
System Will specify the servers and location affected
Maintenance
Routine OS patching will be performed on a schedule coordinated with the customer, with a goal
of quarterly patching. In the event of a needed security patch, we will coordinate to apply the
patch as soon as possible.
Type: Patching
Location(s): Data Center Building 12
Timeframe: Quarterly, as needed, depending upon the type of alerts
Notification:
Coordinate with the customer
Will specify the servers and location affected
If services and/or related components require emergency maintenance in order to meet the
FY2010](https://image.slidesharecdn.com/unix-hosting-servicelevel-description1033/85/Unix-Hosting-Service-Level-Description-3-320.jpg)
Unix Hosting Service-Level Description
- 1. CIT/DCSS SLA Number _______________ Appendix A Unix Hosting Service-Level Description STANDARD SERVICE DESCRIPTION Physical Facility Data center temperature and humidity maintained within conventional, vendor recommended Services limits for computing and telecommunications equipment Sufficient power for all installed equipment, with an uninterruptible power supply and standby Location: generator to maintain normal business operations during a utility outage Physical security of the computer room with bio-metric and badge controlled access limited to Building 12, approved personnel Room 1100 Security guards at entrance for Operations staff 24x7 Facility monitored by video cameras Qwest Monitoring systems for detecting water leaks, smoke and fire as well as a fire suppression Facility in system Sterling, VA Ongoing administration including management of user accounts and management of storage System on the equipment provided Administration Timely diagnosis and resolution of hardware and system software problems within the limits Services of vendor provided assistance Hosted Services are monitored 24 hours per day, 7 days per week Monitoring Monitoring includes hardware status and system performance (e.g., CPU, memory, disk space Services utilization, services, selected ports and processes) System problem diagnosis/resolution by systems experts either on site or on call In the event an adverse incident is detected by system monitors, CIT will contact the Customer as per the Customer requirements Operating system and supported utility software installed and configured following CIT standards. Tuning and custom modifications discussed and implemented upon completion of technical review and impact analysis. Operating Operating system upgrades and patches to versions fully supported by the vendor and System and compatible with application software. Upgrades to be done on a schedule acceptable to both Utility Software CIT and the Customer. Services Regular updates and upgrades of other CIT-provided software at times which are coordinated with the Customer. Security patches applied to CIT-provided software in a timely manner coordinated with the Customer. Basic protection of hardware and software through NIH border firewalls and network intrusion detection in accordance with the data center security architecture Secure management in accordance with NIH security polices and guidelines located at: http://irm.cit.nih.gov/security/sec_policy.html Security Federal Information Security Management Act (FISMA) and Certification and Accreditation Services (C&A) security reviews of the hosting services SAS 70 audit review for servers hosting financial applications Host-based security solutions installed, maintained, and monitored to prevent system compromises (e.g., virus infections, intrusions, etc.) Backup All backups administered in accordance with CIT standards and Customer requirements. Services Backups of Customer-managed applications may require additional coordination with the Customer. In the event of a system problem causing loss of data, CIT will restore data from the most FY2010
- 2. CIT/DCSS SLA Number _______________ Appendix A recent backup. In the event of an accidental deletion or corruption of data by the Customer, CIT will restore data from the Customer requested backup date. Daily incremental backups of system data; monthly backups of system data to tape and taken offsite. Onsite backup library data copied across private network to offsite library located in secure data center (Sterling). Application data backed up as coordinated with application owner. Database backups are performed only as coordinated with database administrators (CIT or customer as appropriate). Other data is backed up by default. Default backup retention is such that the current copy will remain in the backup system as long as it does not change. Prior versions of files are kept by default for 6 weeks. The length of time prior versions are maintained and the number of prior versions that are kept can be coordinated. Preliminary consultation with the Customer to determine needs and performance requirements, leading to an agreement on equipment to be provided for the Customer’s use. Additional meetings with the Customer, as needed, to revise equipment requirements based on Hardware changing business needs and/or new technical requirements. Services Equipment acquired and configured to meet identified Customer requirements. Timely delivery of equipment when needed. Consult and coordinate with the Customer on equipment refreshes. Server Hosting ____: 2 Processor Commodity Sun Server(s) Server ____: 4 Processor Commodity Sun Server(s) Specifications ____: Solaris Virtual Machine (VM) ____: Solaris Logical Domain(s) (LDoms) If contracted ____: Entry-level Multi-core Commodity Sun Server(s) ____: Custom Server(s) Specify: Software Operating System: Solaris HP Unix Tru64 Specifications Managed Storage Storage is provided in a redundant configuration as coordinated with the customer. Services Space provided on a SAN is billed based on the amount allocated to the customer. If contracted Application Firewall Application firewall services are provided to meet specific Customer security requirements. Services Customer collaboration is required to establish application security architecture and to create and review firewall rule sets. If contracted Local Traffic Provides load balancing and SSL acceleration support through the use of BigIP F5 devices. Management Provides unique load sharing and failover support for customer applications and servers Services through application server pooling and custom rules. If contracted Provide SSL digital certificates to customers through arrangements with Verisign and the HHS PKI program to authenticate application servers. Disaster In collaboration with the Customer, prepare, implement, and test a disaster recovery plan Recovery within the scope of the NIH Computer Center disaster recovery program as described in the Services Computer Center Disaster Recovery Plan. Provision of off-site data storage and warm site availability If contracted Provide Oracle Database and Middle Tier disaster recovery services per agreement Recovery of the Customer’s systems in case of a disaster in accordance with the disaster FY2010
- 3. CIT/DCSS SLA Number _______________ Appendix A recovery plan Apache Web Hosting [Descriptions to be added upon rollout of this future service] Services If contracted SERVICE AVAILABILITY Service CIT will provide coverage for the Hosted Services, 24 hours a day, 7 days a week. See the Coverage contact personnel listed in Appendix A for the CIT emergency after business hours contact(s). CIT will provide 99.9% system availability within the agreed service hours. CIT will provide 99.9% availability of resources to support services, exclusive of scheduled maintenance activities. Service Installation and configuration of services within time frames agreed to with the customer Availability If CIT is unable to meet system availability target levels due to CIT/DCSS negligence, CIT will provide the Customer reimbursement for unavailable services based on a calculated formula, upon request. SERVICE OPERATIONS System CIT will manage and monitor the servers, which are part of the Hosted Services, 24 hours, 7 days Monitoring and a week. Support Certifications DCSS will send out 90 and 60 day advance notifications to all hosting customers Renewals informing them that their certification(s) is/are about to expire. If DCSS does not receive an authorized request (ASR/ticket) back from the customer indicating the certification should not be renewed, DCSS will automatically renew the certification on behalf of the customer and bill the customer back for this cost. All services and/or related system components require regularly scheduled maintenance (“Maintenance Window”) in order to meet the establish service availability levels. These maintenance window activities will or may render the systems and/or applications unavailable for normal user interaction for the following locations and timeframes: Type: Scheduled Maintenance Location(s): Data Center Building 12 Timeframe: Quarterly; Dependent on type of maintenance Notification: Coordinate with the customer as needed prior to the scheduled maintenance window System Will specify the servers and location affected Maintenance Routine OS patching will be performed on a schedule coordinated with the customer, with a goal of quarterly patching. In the event of a needed security patch, we will coordinate to apply the patch as soon as possible. Type: Patching Location(s): Data Center Building 12 Timeframe: Quarterly, as needed, depending upon the type of alerts Notification: Coordinate with the customer Will specify the servers and location affected If services and/or related components require emergency maintenance in order to meet the FY2010
- 4. CIT/DCSS SLA Number _______________ Appendix A established service levels, CIT will conduct the following activities: Type: Emergency Maintenance Location(s): Data Center Building 12 Timeframe: Dependent on type of emergency Notification: Will immediately attempt to notify the Customer as requested Will specify the servers and location affected Will coordinate with the Customer to develop a priority scheme if a shut down of servers is necessary SERVICE DELIVERY Service Delivery of Unix server(s) to customer: Dependent on the customer’s implementation Delivery timeframe and time to procure custom server requests Metrics Backup Restores: Based on customer’s urgency and dependent on customer’s retention needs CUSTOMER SUPPORT CIT will respond to the customer based on the severity level selected, which is indicated on the service request ticket: Severity Levels of Service Standard Fulfillment CIT will respond to customer within timeframe Request (Non- selected on the service request ticket. Level 4 Emergency/Non-Expedited Requests) CIT will respond to the customer within in one working day of notification time. CIT will attempt Level 3 Expedited Request to meet special/expedited timing requests included in COMMENTS section of ASR Request when Response Times possible. Major Business Impact Non-Production Emergencies - 1 hour call-back Level 2 (Non-Production Server)* window after receiving a service request ticket. Major Business Impact Production Emergencies -1 hour call-back window Level 1 (Production Server)* after receiving a service request ticket. * Emergency Requests must include details explaining the Emergency designation. A review of all Emergency Tickets submitted will be performed to determine if additional support fees should be applied to the application. If Emergency Requests are deemed to be non- emergencies, follow-up will occur with customer to determine if premium support fees are needed for this application. CIT DCSS Management Name Title Contact Number Escalation Paula Moore Unix Team Lead, Hosting Services Branch 301-402-1237 Contacts Laura Bennett Branch Chief, Hosting Services Branch 301-435-5493 Adriane Burton Director, Division of Computer System Services 301-451-4553 FY2010