managed services for virtual private cloud solution pack ... · networking service options for...
TRANSCRIPT
© 2018 DXC Technology. All rights reserved. Confidential Page 1
Managed Services for Virtual Private Cloud Solution Pack Selections and Prerequisites
Subject Requirements
Governing Agreement FastTrack Modular Contract including:
• Base Terms • Cloud and SaaS Module Terms
DXC Services Managed Services for Virtual Private Cloud (“Managed VPC”), Release 10.0, as set out in this Solution Pack (“Services”)
Mandatory Addenda Managed Services Acceptable Use Policy
Optional Add-On Service Features
Customer has chosen to receive the following Add-Ons and will be invoiced accordingly. While all these selectable Add-Ons are described in this Solution Pack as Schedules, only those specifically selected below in an Order will be delivered. ☐ Managed VPC Continuity Services
☐ Managed VPC Backup and Recovery Services ☐ Managed VPC Storage Services
☐ Managed VPC Networking Services
☐ Managed VPC SAP and SAP HANA Management Services
☐ Managed Database Services
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 2
Table of Contents 1. Statement of Work ........................................................................................ 3
1.1 Introduction 3 1.2 Scope of Service 3 1.3 Commencement of Services 3 1.4 Managed Services Portal Access 4 1.5 Network Access 4 1.6 Managed Services for Virtual Private Cloud 5 1.7 Additional Optional Services 8 1.8 Additional Optional Add-Ons 10 1.9 Maintenance Windows 11 1.10 Customer Audits 12 1.11 Support Services 13
2. Service Levels ............................................................................................. 16 2.1 Overview 16 2.2 Measurement and Reporting 16 2.3 Service Levels and Credits 16 2.4 Service Level Objectives 18
3. Pricing.......................................................................................................... 23 3.1 General 23 3.2 Expenses 23 3.3 Currency 23 3.4 Charges Generally 23 3.5 Service Volume Discount 24 3.6 Minimum Order Term Commitments 25 3.7 Termination Charges 25
4. Definitions ................................................................................................... 26 Schedule 1. Pricing Schedule ............................................................................... 40 Schedule 2. Security Services .............................................................................. 41 Schedule 3. Continuity Services .......................................................................... 65 Schedule 4. Backup and Recovery Services ....................................................... 73 Schedule 5. Managed VPC Storage Services ...................................................... 85 Schedule 6. Managed VPC Networking Services ................................................ 88 Schedule 7. Managed VPC SAP and SAP HANA Management Services ........... 92 Schedule 8. Managed Database Services .......................................................... 108
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 3
1. Statement of Work
1.1 Introduction This Solution Pack will apply to each Order placed under this Solution Pack and will remain in effect unless it is terminated or expires in accordance with the terms of the Governing Agreement. In the event of any conflict or inconsistency between this Solution Pack and the Governing Agreement, this Solution Pack will prevail with respect to the subject matter of this Solution Pack. General descriptions or references to particular services in this Solution Pack or elsewhere in the Governing Agreement are subject to the more detailed descriptions below.
All capitalized terms shall be defined in the Governing Agreement and/or this Solution Pack. References to DXC’s policies, procedures, technical, and other standards refer to the latest versions in effect which may change from time to time.
1.2 Scope of Service DXC will provide to Customer the Services described by this Solution Pack following submission of Orders. The Services are limited to the activities described within this Solution Pack as DXC Responsibilities.
The Services consist of the provision of Physical or Virtual Servers, related storage and other resources, and support services, all as described below. Optional items and Services are provided to the extent specified in an Order.
Customer will use the Managed Services Portal to submit Orders for the Services offered under this Solution Pack. A complete list of orderable items available in the requested data center may be viewed in the Managed Services Portal.
1.3 Commencement of Services
1.3.1 DXC Responsibilities:
a. Designate at least one Authorized Representative.
b. Provide notice to the Customer when DXC’s Authorized Representative changes.
c. Provide access to a virtual private compartment dedicated to Customer, isolated with Virtual Local Area Network (“VLAN”) technologies and protected by a dedicated virtual firewall according to Schedule 2 (“Security Services”).
d. Provide notice to Customer when the Services are available for use.
e. Provide all communications, documentation, and support in English only.
1.3.2 Customer Responsibilities:
a. Designate two Authorized Representatives (and backups to be used when designated Authorized Representatives are unavailable).
b. Provide notice to DXC whenever Customer’s Authorized Representatives change.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 4
c. Check the Managed Services Portal regularly, and at least monthly to review notices provided by DXC.
d. Install software, tools, and utilities (other than software that DXC is required to provide).
e. Deliver to DXC license keys and/or other information as DXC may reasonably request if required for DXC to install Customer’s software on a Virtual Server.
f. Load Customer Data.
g. Test the Services.
h. Provide technical and other information as DXC may reasonably request as necessary to perform the Services.
i. Maintain responsibility for all authorized and unauthorized use of the Services by and behalf of the Customer.
j. Comply with DXC’s policies and procedures and related documentation as provided by DXC to Customer.
k. Perform all Customer Responsibilities set out in this Solution Pack at Customer’s own cost.
1.4 Managed Services Portal Access
1.4.1 DXC Responsibilities:
a. Provide Customer and its Authorized Representatives access to the Managed Services Portal.
1.4.2 Customer Responsibilities:
a. Maintain responsibility for granting access to Portal Users through an identity management system or request that DXC grant access to Portal Users on Customer’s behalf.
b. In all cases, retain responsibility for designating the individuals to be granted access to the Managed Services Portal or to revoke a Portal User’s access for any reason. Customer is responsible for all actions taken by a Portal User.
1.5 Network Access
1.5.1 DXC Responsibilities:
a. Allow Customer access to the Managed VPC network and provide technical requirements to Customer as needed.
b. Provide Customer access to a virtual private compartment dedicated to Customer that is initially provisioned with a single VLAN.
1.5.2 Customer Responsibilities:
a. Acquire access to the Managed VPC network. This can be accomplished through a virtual private network (“IPSec”), dedicated circuits, the public internet, or a combination of these means. All such network access will comply with technical requirements communicated by DXC, and are at Customer’s expense. Once this connection is established, Services will commence.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 5
b. Order additional VLANs as needed via the Managed Services Portal. Networking service options for Managed VPC are further described in Schedule 6 (“Networking Services”).
1.6 Managed Services for Virtual Private Cloud DXC will provide Customer the following Services, subject to availability and in accordance with the terms of this Solution Pack and the applicable Order.
1.6.1 DXC Responsibilities (Physical and/or Virtual Servers):
a. Perform the responsibilities as follows in accordance with the applicable Order:
DXC Responsibilities Managed Servers
Unmanaged Servers
i. Provide Customer with access to the Physical and Virtual Servers, storage, and other resources through the standard connectivity option chosen by Customer at the time(s) specified.
X
ii. Provide Customer with administrative access to the Physical and Virtual Servers through the standard connectivity option chosen by Customer at the time(s) specified. This administrative access is provided upon request and Customer is responsible for all actions performed with this access.
X
iii. Install operating system(s) under a DXC provided Operating System License or a Customer provided Operating System License (for Physical Servers or Virtual Servers on Customer Dedicated Virtual Host Clusters only.)
X X
iv. Pre-configure Physical and Virtual Servers to provide application interconnects necessary to support Customer Middleware requirements.
X X
v. Provide and manage the Virtual Host (for Virtual Servers only).
X X
vi. Maintain hardware in good working condition. This includes periodic upgrade and/or replacement of hardware as DXC deems appropriate.
X X
vii. Provide operating system support and maintenance. This includes periodic update of operating system(s) as DXC deems appropriate.
X
viii. Monitor Availability of the servers, DXC supplied operating system, and DXC’s network (up to the Customer’s entry connection point with DXC).
X
ix. Provide a bandwidth capacity of 200 Mbps per Customer virtual firewall.
X X
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 6
x. Provide a Virtual Firewall Instance with a capacity limit of 15,000 concurrent connections.
X X
xi. Investigate outages, perform appropriate corrective action to Restore the hardware, DXC-supplied operating system, and related DXC tools.
X
xii. Investigate outages reported by Customer, and perform appropriate corrective action to Restore the server hardware, connectivity, and operating system provided by DXC.
X
xiii. Deploy and update commercial anti-malware tools, investigate Incidents, and undertake remedial action necessary to Restore servers and operating systems to operation.
X
xiv. Change the current DXC defined Virtual Server configuration to a larger or smaller DXC defined Virtual Server configuration if requested by the Customer. (For Virtual Servers using VMware only)
X X
1.6.2 Customer Responsibilities (Physical and/or Virtual Servers):
a. Perform the responsibilities as follows in accordance with the applicable Order:
Customer Responsibilities
Managed Servers
Unmanaged
Servers i. Obtain and maintain the DXC supported
network access option chosen by Customer.
X X
ii. If Customer has elected to use its own Operating System License for a Physical Server or a Virtual Server on a Customer Dedicated Virtual Host Cluster, obtain (at its expense) such extensions, modifications, or additional licenses and support contracts as required by DXC to provide the Services.
X X
iii. Maintain operating system(s), using patches supplied by the appropriate vendor(s).
X
iv. Install its non-DXC managed applications and Customer Data on data disks, rather than the system disk, and, if necessary, re-install its applications and Customer Data as needed following any outage.
X X
v. Perform all installations in accordance with requirements as communicated by DXC.
X
vi. Correct any security concerns regarding Customer installed applications that are identified by DXC vulnerability scans.
X
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 7
vii. If Customer has elected to install an Oracle or Microsoft SQL Server database managed by DXC under a separately executed DXC contract or statement of work, use such databases only on Unmanaged Servers.
X
viii. Deploy and update commercial anti-malware tools, investigate Incidents, and undertake remedial action necessary to Restore servers and operating systems to operation.
X
ix. Comply with the terms of all its software licenses and support contracts including any open source license terms that apply to Middleware in its Order (see Section 1.6.3.2).
X X
1.6.3 Middleware
1.6.3.1 Managed Services
DXC offers optional managed services for Middleware platforms listed below to supplement Customer’s existing Managed VPC infrastructure.
Middleware service options can change at any time and are subject to availability and may be limited to available releases.
Middleware is subject to current license terms from the Middleware provider as specified below.
1.6.3.2 License Terms
The following license terms shall apply to any Customer ordered Middleware applications and tools listed below:
Middleware Options License Terms
Apache HTTP server, Apache Tomcat server, Apache ANT software
http://www.apache.org/licenses/
JBOSS Wildfly software
GNU Lesser General Public License available at: https://www.gnu.org/licenses/lgpl.html
Visual Studio Community 2015 Software
Microsoft Visual Studio 2015 License available at: https://www.visualstudio.com/support/legal/mt171547
Java Software Oracle license available at: http://www.oracle.com/technetwork/java/javase/terms/license/index.html
PHP https://secure.php.net/license/ OpenSSL https://www.openssl.org/source/license.html Mozilla NSS https://www.mozilla.org/MPL/ Nginx http://nginx.org/LICENSE
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 8
Microsoft IIS Service
Microsoft ISS Terms of Use at: http://www.iis.net/terms-of-use
Eclipse Service Eclipse Public License available at: https://www.eclipse.org/legal/epl-v10.html
Jenkins Service MIT Public License available at: https://jenkins.io/license/
Nexus Repository Manager Service
Sonatype Master EULA available at: http://www.sonatype.com/usage/master-eula
1.6.4 Operating System License Terms
1.6.4.1 Red Hat Enterprise Linux
If Customer has elected to use Red Hat Enterprise Linux as its operating system, Customer agrees to accept, sign, or assent to Red Hat’s Software Subscription Agreement for End Users in the Cloud at www.redhat.com/licenses/cloud_cssa/ and permit DXC to supply Customer information to Red Hat if requested by Red Hat.
1.6.4.2 SUSE Linux Enterprise Server
If Customer has elected to use SUSE Linux Enterprise Server as its operating system, Customer agrees to review SUSE Subscription Offering Terms and Conditions at https://www.suse.com/products/server/policy.html and permit DXC to supply Customer information to SUSE if requested by SUSE.
1.7 Additional Optional Services DXC will provide the Optional services specified in this Section following Customer’s submission of an Order. These Optional services will be subject to the rates specified in the Managed Services Portal or in an Order and are subject to availability in the data center from which the Services are provided to the Customer.
1.7.1 Customer Dedicated Virtual Host Cluster
The Customer may order a Customer Dedicated Virtual Host Cluster in single or Dual Data Centers which consists of two to eight DXC defined and managed Virtual Hosts per data center and DXC defined Virtual Servers that can be managed by DXC (“Managed”) or Customer (“Unmanaged”). Virtual Hosts and Virtual Servers provided in a Customer Dedicated Virtual Host Cluster are not shared with other customers. Customer can select DXC defined Virtual Server sizes as required to run Customer applications. High Availability applies to Customer Dedicated Virtual Host Clusters purchased in Dual Data Centers only.
1.7.2 Virtual Server Snapshot Service for Customer Dedicated Virtual Host Cluster using VMware - Single Data Center (“Virtual Server Snapshot Service”).
Customer may order the Virtual Server Snapshot Service for Customer Dedicated Virtual Host Clusters using VMware for Services provided out of a Single Data Center. If Customer orders the Virtual Server Snapshot Service the Parties will have the following responsibilities.
1.7.2.1 DXC Responsibilities:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 9
a. Create a new Snapshot of a Virtual Server that is part of a Customer Dedicated Virtual Host Cluster.
b. Remove the Snapshot and delete any associated storage.
c. Change the state of the Virtual Server to the state of the Snapshot.
d. Maintain the Virtual Server Snapshot for up to 48 hours, or remove earlier if requested by Customer.
1.7.2.2 Customer Responsibilities:
a. Submit an Order to purchase the Virtual Server Snapshot Service for Customer Dedicated Virtual Host Cluster using VMware - Single Data Center through the Managed Services Portal.
b. Notify DXC to request a new Snapshot of a Virtual Server as required.
1.7.3 Windows OS Cluster - Single Data Center
Customer may order an OS Cluster which consists of two to sixteen DXC defined and managed Physical Servers that are identically configured and a Windows Server operating system.
1.7.4 Linux OS Cluster - Single Data Center
Customer may order an OS Cluster which consists of two to four DXC defined and managed Physical Servers that are identically configured and a Red Hat Enterprise Linux Server or SUSE Linux Enterprise Server operating system.
1.7.5 Dual Data Center Service
In DXC data centers designated by DXC in the Managed Services Portal, Customer may order:
a. An OS Cluster that consists of a DXC defined Physical Server configuration running a Windows Server, Red Hat Enterprise Linux Server or SUSE Linux Enterprise Server operating system managed by DXC which is located in paired primary and secondary DXC data centers to provide the Customer High Availability; or
b. Managed or Unmanaged Virtual Servers that are configured by DXC to provide the Customer High Availability in the event of a data center failure.
1.7.6 Virtual Server Resizing
Customer may order Virtual Server resizing for Unmanaged Virtual Servers using VMware. This Service allows Customer to change the size of an existing VMware based Unmanaged Virtual Server to one with increased or decreased capacity as required to meet fluctuating workload demands. Any price change resulting from Virtual Server resizing will take effect when the resized Virtual Server becomes available for use. Resizing of an Unmanaged Virtual Server using this Service will have no impact on Customer Data which will transition to the resized Virtual Server.
1.7.7 Managed VPC Virtual Server Suspend and Resume
Customer may order Managed VPC Virtual Server Suspend and Resume to temporarily suspend (shut down) or resume (power on) any Unmanaged Virtual Server(s) using VMware. When an Unmanaged Virtual Server has
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 10
been suspended, the only operations available to the Customer are to resume or terminate the Managed VPC Service for that Virtual Server.
When a suspended Unmanaged Virtual Server is resumed, Customer will be responsible for bringing the Virtual Server up to the current DXC requirements for Unmanaged Virtual Servers. Recurring Charges will be reduced when Customer Managed Virtual Servers are suspended for more than one hour beginning at the top of the hour and are fully reinstated for resumed Unmanaged Virtual Servers.
Customer’s ability to resume a suspended Unmanaged Virtual Server can only be exercised within the term of the Contract. Any suspended Unmanaged Virtual Server that is not resumed within the term of the Contract will be subject to DXC disengagement terms specified in Section 1.11.3 and Customer’s right to remove Customer Data and Customer software from the suspended Unmanaged Virtual Server will be revoked.
1.7.8 Customer Provided VMware Virtual Server Image
This Optional Add-On allows the Customer to extend the catalog of Operating System Image choices that can be ordered by the Customer in the Managed Services Portal to include Customer provided Virtual Server images that the Customer has uploaded to the Managed Services Portal.
Customer provided Virtual Server images are subject to DXC formatting requirements and will only be available for ordering by Customer in the DXC data centers where the Customer has been on-boarded. This Optional Add-On is currently available for Unmanaged Virtual Servers using VMware. Customer provided Virtual Server images are limited to certain Operating Systems Images. Variable recurring Charges apply based on the size and number of Customer supplied Virtual Server images being hosted in the Managed Services Portal for Customer use only.
1.8 Additional Optional Add-Ons
1.8.1 Customer may Order the Optional Add-Ons that are described within this Solution Pack. These Optional Add-Ons will be subject to the rates specified in the Managed Services Portal or in an Order.
1.8.2 DXC Responsibilities:
a. Provide the Optional Add-Ons as selected by Customer in an Order, and described as follows: i. Security Services as described in Schedule 2 that are not
designated as part of the Base Services, including; A. Optional Security Services reports; B. Encryption options; C. E-Discovery and Cloud Forensics services; D. Copies of data or evidence appropriate for chain of custody
requirements, E. Antivirus software for Linux; F. HIPPA security measures; and G. Additional perimeter and firewall options.
ii. Continuity Services as described in Schedule 3, including; A. Replication based disaster recovery; and
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 11
B. Recovery Rehearsals. iii. Backup and Recovery Services as described in Schedule 4,
including; A. Protection Services for servers; and B. Long-Term Protection and Archival Services.
iv. Managed VPC Storage Services as described in Schedule 5, for Multi-Tenant options including: A. Ultra-High-Performance Storage; B. High-Performance Storage; C. Performance Storage; D. Bulk Storage, and E. File Enhanced Storage.
v. Managed VPC Networking Services as described in Schedule 6, including; A. Network Switch as a Service; B. Bandwidth services; C. Leveraged internet service; D. Firewall concurrent sessions; E. Customer provided internet protocol; and F. Additional firewall and load balancing options.
vi. Managed VPC SAP and SAP HANA Management Services as described in Schedule 7, including; A. Installation, semi-automated application template
provisioning, monitoring, and management of the SAP Application up to the basis layer;
B. Installation, configuration, administration, and maintenance of the SAP landscape for SAP Basis; and
C. Installation, monitoring, and maintenance of DXC or Customer provided SAP HANA Appliances, and DXC provided and SAP HANA Systems and SAP HANA databases.
vii. Managed Database Services as described in Schedule 8, including: A. Installation, configuration, administration, monitoring, and
management of the DB Instance; B. Maintenance of the DB Instance; and C. Support of the DBMS environment via the Managed Services
Portal.
1.8.3 Customer Responsibilities:
a. Review the available Optional Add-Ons and Order the desired or required Services on the Managed Services Portal as described in Section 1.2.
1.9 Maintenance Windows DXC performs maintenance during two types of Maintenance Windows and provides notification of Maintenance Windows as set forth below:
1.9.1 DXC Maintenance Window
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 12
1.9.1.1 DXC Responsibilities:
a. Maintain Services’ provisioning and management systems during DXC Maintenance Windows.
b. Schedule DXC Maintenance Windows between 22:00 hours Saturday and 4:00 hours Sunday, local time at the relevant DXC data center, and at other times outside DXC local business hours, during nights, on weekends or holidays applicable to the DXC data center. DXC Maintenance Windows may occasionally be extended in DXC’s discretion (e.g., to accommodate major infrastructure changes) after notice to affected customers. The primary impact of this Maintenance Window, will be on the Managed Services Portal and provisioning of new services, which may not be available during a DXC Maintenance Window.
1.9.1.2 Customer Responsibilities:
a. Acknowledge notice of DXC Maintenance Windows as necessary.
1.9.2 Customer Maintenance Window
1.9.2.1 DXC Responsibilities:
a. Maintain Customer’s Managed VPC systems (e. g., Virtual Server, Physical Servers, Load Balancer Service, etc.) during Customer Maintenance Windows.
b. Schedule Customer Maintenance Windows for servers and other infrastructure provided to Customer as part of the Services at the same time as DXC Maintenance Windows or at other times as communicated by DXC.
c. Maintain a twelve-month rolling schedule of Customer Maintenance Windows that can be made available to the Customer upon request.
d. Notify Customer of any Maintenance Window that might impact Customer’s use of the Services.
1.9.2.2 Customer Responsibilities:
a. Acknowledge that there will be scheduled down time during Customer Maintenance Windows.
1.10 Customer Audits
1.10.1 DXC Responsibilities:
a. Following at least 30 days’ notice, provide Customer’s auditors and regulatory auditors with electronic or logical access to Customer Data and Customer’s dedicated environments in order to audit Customer’s systems, data, controls, and other matters pertinent to Customer’s business. Customer is not permitted to audit anything covered by a DXC conducted audit for the Services as described in Schedule 2.
b. Escort Customer auditors upon reasonable request for physical access to the DXC facilities.
1.10.2 Customer Responsibilities:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 13
a. Provide DXC with at least 30 days’ notice of a request for a Customer audit.
b. Conduct no more than a single annual audit (absent unusual circumstances, such as investigations that may warrant additional audits).
c. Request physical access to DXC facilities and acknowledge requirement to be escorted by DXC personnel.
d. Retain financial responsibility for DXC Charges for Customer requested audits and audit support.
e. Require Customer’s auditors and regulatory auditors to enter into confidentiality and other appropriate agreements reasonably requested by DXC.
f. Provide audit software to DXC for review and approval at Customer’s expense prior to installation.
g. Acknowledge that Customer’s auditors shall have no access to any shared infrastructure or to data concerning other DXC customers or DXC operations. Customer’s auditors may not be competitors of DXC or its Affiliates. Customer’s audits are at Customer’s sole expense.
1.11 Support Services
1.11.1 Liaison between DXC and Customer
1.11.1.1 DXC Responsibilities:
a. Provide a DXC help desk to respond to Customer’s submission of support tickets related to Incidents or service requests (“Operations Center”). The Operations Center is open 365 days a year, 24 hours a day, 7 days a week and can be contacted by telephone or through a secure internet website.
b. Conduct business at the Operations Center in English.
1.11.1.2 Customer Responsibilities:
a. Contact DXC to submit support tickets related to Incidents or Services’ requests via the Managed Services Portal or by contacting the DXC Operations Center.
b. Acknowledge that the secure internet website is the preferred method for contacting the Operations Center.
c. Designate up to five representatives authorized to contact the Operation Center. Customer may replace any of these designated representatives by giving notice to the Operations Center.
1.11.2 Incident Management
1.11.2.1 DXC Responsibilities:
a. When Incidents are either detected by DXC or reported by Customer, DXC will classify Incidents according to the following priorities:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 14
Priority Description Examples Customer
Updates
Priority 1 Emergency Incident
Site down, degraded single point of failure, site security breach, etc.
Initial acknowledgement within 15 minutes and hourly updates thereafter
Priority 2
Business critical Incident
Site degradation not related to single point of failure, suspected security vulnerability, etc.
Initial acknowledgment within 30 minutes and updates every 2 hours thereafter
Priority 3
Important Incident requiring action within 12 hours
Preventive work, such as restarting servers, troubleshooting errors, etc.
When scheduled and at status change thereafter (e.g., completion)
Priority 4
Standard Incident requiring action within 1 business day
Routine preventive work
When scheduled and at status change thereafter (e.g., completion)
b. Investigate the causes, undertake appropriate remedial action to Restore affected Services as quickly as reasonably possible and in compliance with applicable Service Levels, and thereafter take appropriate action to prevent recurrence. Remedial action may include workarounds and later corrective action.
c. Inform Customer of the status of Incidents reported by Customer at the intervals specified above and otherwise at reasonable intervals in accordance with DXC’s standard practice.
d. Inform Customer of the resolution of Incidents reported by Customer (subject to reopening if the resolution is unsuccessful). Resolution may include determinations that Incidents were caused by defects in Customer’s software or data, user errors, or other matters outside the scope of the Services and DXC’s responsibility.
1.11.2.2 Customer Responsibilities:
a. Inform DXC of an Incident by notifying the Operations Center as quickly as reasonably possible following discovery of the Incident.
1.11.3 Disengagement
Beginning 90 days before the Contract, the Governing Agreement and/or this Solution Pack is scheduled to expire or promptly following issuance of notice to terminate the Contract, the Governing Agreement, this Solution Pack, and/or an Order for Services, the Parties will have the following responsibilities.
1.11.3.1 DXC Responsibilities:
a. Give periodic notice to Customer of pending expiration or termination of the Contract, the Agreement, and/or this Solution Pack resulting in cessation of Services.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 15
b. Provide any backup and Restore or archive services the Customer has purchased as described in Schedule 4 (“Backup and Recovery Services”) where additional requirements applicable to expiration or termination of these Services are provided. Requests for these Services must be made prior to termination of the Contract, the Governing Agreement, this Solution Pack or cancellation of an Order.
c. Ensure Customer Data associated with an Order is removed from all storage Media (including backups, if any) or rendered unreadable upon cancellation of that Order. The method used to remove Customer Data from storage Media varies based on the type of storage being used.
d. Following expiration of the Contract, the Governing Agreement or this Solution Pack, DXC will honor open Orders during a grace period for up to 90 days. No new Orders will be accepted during the grace period until/if the Contract is renewed. If the Contract is not renewed before completion of the grace period, all open Orders will be cancelled and Customer Data will be removed as noted above. Service charges will continue to apply until completion of the grace period, cancellation of any open Order(s), or transition to a renewed Contract; whichever occurs first.
1.11.3.2 Customer Responsibilities:
a. Provide notice to DXC of Customer’s termination of the Contract, the Governing Agreement and/or this Solution Pack in accordance with the applicable termination and notice provisions of the Contract.
b. Remove all Customer Data and Customer software prior to cancellation of an Order in the Managed Services Portal once all Minimum Order Term Commitments have been met.
c. Disconnect from the DXC data center.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 16
2. Service Levels
2.1 Overview This Section 2 describes Service Levels for the Services, the way they are measured and reported, and the consequences of Faults.
2.2 Measurement and Reporting
2.2.1 Effectiveness
Service Levels are measured and reported from the date and time servers are made available for Customer’s use. Service Credits may be assessed for Faults beginning within the first full calendar month thereafter.
2.2.2 Service Level Reports
DXC will provide reports of Service Level performance and applicable Service Credits, if any, including relevant calculations. Service Level performance calculations are based on Availability. For Managed Servers, monthly Service Level reports are made available to the Customer in the Managed Services Portal. For Unmanaged Servers, reports will be provided to the Customer upon request and Service Levels are provided up to the hypervisor for Virtual Servers and up to the hardware on Physical Servers.
2.3 Service Levels and Credits
2.3.1 Service Level Commitments
DXC will meet or exceed the applicable Service Levels as specified below. Any delivery requirements that fall outside criteria specified below will not be subject to any Service Level commitments. Service Level performance is based on Availability, which is calculated per tier as: ((Scheduled Infrastructure Uptime minus Unexcused Infrastructure Downtime) divided by Scheduled Infrastructure Uptime) multiplied by 100. The “Service Requirements” column in the following table lists the Add-Ons that Customer must elect and obtain in order to qualify for that Service Level.
2.3.2 Managed Server Service Levels
Service Level Name
Service Level Description
Service Requirements
Service Level
Standard Service Credit
SL Tier 2 (Option A) Single Data Center Availability
The following items are Available: (1) Physical Server, (2) storage for the Physical Server, and (3) operating system installed on the Physical Server.
Managed Physical Servers and associated services.
99.00% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Physical Server, pro-rated for the duration of the Unexcused Infrastructure Downtime.
SL Tier 2 (Option B) Single Data Center Availability
The following items are Available: (1) Virtual Server, (2) storage for the Virtual Server and (3) operating system
Managed Virtual Servers and associated services.
99.90% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Virtual Server, pro-rated for the
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 17
Service Level Name
Service Level Description
Service Requirements
Service Level
Standard Service Credit
installed on the Virtual Server.
duration of the Unexcused Infrastructure Downtime
SL Tier 3 (Option A) Single Data Center Availability
The following items are Available: (1) OS Cluster
Windows OS Cluster or Linux OS Cluster and associated services.
99.95% Two times the applicable monthly Charge (in the month the failure occurred) for the affected OS Cluster, pro-rated for the duration of the Unexcused Infrastructure Downtime
SL Tier 3 (Option B) Single Data Center Availability
The following items are Available: (1) Virtual Server, (2) storage for the Virtual Server, and (3) operating system installed on the Virtual Server
Managed Virtual Servers and associated services.
99.95% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Virtual Server, pro-rated for the duration of the Unexcused Infrastructure Downtime
SL Tier 4 (Option A) Dual Data Center High Availability
The following items are Available: (1) OS Cluster
OS Cluster including two Physical Servers and associated services.
99.99% Two times the applicable monthly Charge (in the month the failure occurred) for the affected OS Cluster, pro-rated for the duration of the Unexcused Infrastructure Downtime
SL Tier 4 (Option B) Dual Data Center High Availability
The following items are Available: (1) OS Cluster
OS Cluster including four or more Physical Servers and associated services.
99.999% Two times the applicable monthly Charge (in the month the failure occurred) for the OS Cluster, pro-rated for the duration of the Unexcused Infrastructure Downtime
SL Tier 4 (Option C) Dual Data Center Availability
The following items are Available: (1) one Virtual Server, (2) storage for the Virtual Server, (3) operating system installed on the Virtual Server
Managed and associated services.
99.95% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Virtual Server, pro-rated for the duration of the Unexcused Infrastructure Downtime
Note: DXC does not offer an SL Tier 1 option for the Services.
2.3.3 Unmanaged Servers
Service Level Name
Service Level Description
Service Requirements
Service Level
Standard Service Credit
SL Tier 2 (Option A) Single Data Center Availability
The following items are Available: (1) Physical Server, and (2) storage for the Physical Server
Unmanaged Physical Servers and associated services
99.00% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Physical Server, pro-rated for the duration of the Unexcused Infrastructure Downtime.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 18
SL Tier 2 (Option B) Single Data Center Availability
The following items are Available: (1) Virtual Server, and (2) storage for the Virtual Server
Unmanaged Virtual Servers and associated services
99.90% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Virtual Server, pro-rated for the duration of the Unexcused Infrastructure Downtime
SL Tier 3 (Option B) Single Data Center Availability
The following items are Available: (1) Virtual Server, and (2) storage for the Virtual Server
Unmanaged Virtual Servers and associated services
99.95% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Virtual Server, pro-rated for the duration of the Unexcused Infrastructure Downtime
SL Tier 4 (Option C) Dual Data Center Availability
The following items are Available: (1) one Virtual Server, and (2) storage for the Virtual Server
Unmanaged Virtual Server and associated services
99.90% Two times the applicable monthly Charge (in the month the failure occurred) for the affected Virtual Server, pro-rated for the duration of the Unexcused Infrastructure Downtime
Note: DXC does not offer a SL Tier 1 option for the Services.
2.3.4 Service Credits
In the event of a Fault, Customer will receive a Service Credit by way of a compensatory credit to its Managed Services Portal account in an amount equal to two times the applicable Charges (in the month the failure occurred) for the affected Physical or Virtual Server or the OS Cluster, pro-rated for the duration of the Unexcused Infrastructure Downtime. For example, if DXC fails to meet the SL Tier 2 (Option A) Service Level due to 2 hours of Unexcused Infrastructure Downtime of a Physical Server, Customer will receive a credit equal to 4 hours’ Charges for that server. Service Credits are usable for future Orders or can be applied to a future invoice for Services but expire 12 months after issuance. Service Credits are Customer’s sole remedy for Faults except in case of a material breach.
2.4 Service Level Objectives
2.4.1 All Service Level objectives set out in this Section are targets and failure by DXC to achieve them is not subject to payment of Service Credits or other credits to the Charges. DXC’s failure to meet a Service Level objective does not constitute a breach of Contract.
2.4.2 Managed Services for VPC – Continuity Services
DXC will use commercially reasonable efforts to meet the following Service Level objectives for the Managed Services for VPC Continuity Services (“Continuity Services”) described in Schedule 3:
Recovery Time Objective Recovery Point Objective Replication Based Disaster Recovery
4 hours (measured from Invocation to operating system start) for up to 200 Servers (greater number of Servers may take longer).
15 minutes for applications capable of recovering to latest point in time. For customers choosing Tag Recovery Point, the
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 19
Recovery Point Objective will probably be longer with the exact time dependent on Customer’s requirements and configuration choices.
For Replication Based Disaster Recovery, Customer acknowledges that achievement of the Recovery Point Objective Service Level may depend upon network capacity and Availability, the rate of change in Customer’s data and other circumstances beyond DXC’s reasonable control. The Recovery Time Objective relates to a single Invocation event; should multiple events occur simultaneously the recovery time could be longer.
DXC will be excused from these Service Level objectives if the Customer does not have the number of Process Servers advised by DXC as required for meeting the Service Level objectives. DXC will not be responsible for providing Service Credits to the Customer in the event these Service Level objectives are not met.
2.4.3 Backup and Recovery Services
DXC will use commercially reasonable efforts to meet the following Service Level objectives for the Backup and Recovery Services described in Schedule 4:
2.4.3.1 Backup Success Rate (“BSR”)
Backup jobs should be successfully completed without errors and result in creation of a valid backup Image for the applicable Protection period at minimum of 98% of the time. Backup success is measured on a per server basis by accumulation of backup success/failure data for filesystem and database backups (including logs) down to an Object level within a billing cycle (30 days).
All backup jobs are monitored in real time 24 hours a day, 7 days a week for uninterrupted execution and smooth progress of all backup jobs (within or outside of Backup Windows). Backup jobs are adjusted, tuned up, and load balanced to maximize backup efficiency and minimize time required to complete backup. Upon failures, an Incident ticket is generated automatically and anomalies are thoroughly investigated and remediated.
2.4.3.2 Restore Success Rate (“RSR”) and Service Level Objective (“SLO”)
DXC will initiate Restore jobs by opening a ticket and assigning it to a backup administrator within four hours after receipt of a Customer Restore request. This Restore SLO is limited to measurement of time taken by DXC to assign the Restore request to the backup administrator. Actual time to initiate and complete the Restore job will vary due to priority, size of Restore job, and backlog of Customer Restore requests.
Restore jobs should be successfully completed at minimum of 98% of the time. Restore success is measured on a per request basis within a billing cycle (30 days).
2.4.3.3 Prioritization of Restore Requests
Restore request tickets will be prioritized by DXC based on Customer assigned business impact and severity level subject to the following criteria:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 20
P1 Total loss of server, Service, or Service functionality. IMPACT: Significant financial loss, damage to reputation, risk to life/limb, or legal exposure and affects a majority of users at one or more Customer facilities. URGENCY: Loss or exposure is immediate with no available workaround options.
P2 Degradation of a server, Service, or Service functionality. IMPACT: Noticeable effect on the Customer’s ability to conduct business and affects a group of users. URGENCY: Loss or exposure is imminent or immediate, but can be reduced with workarounds.
P3 Some performance degradation or loss of Service or Service functionality. IMPACT: No impact on the Customer’s business operations and affects one to several users. URGENCY: No business loss or exposure. User inconvenience.
P4 A question or support request for a supported Service. IMPACT: No impact on the Customer’s business operations and affects one user. URGENCY: No business loss or exposure. User inconvenience.
2.4.3.4 DXC will act on each Restore request according to the priority of the ticket. DXC reserves the right to revisit the accuracy of each Restore request’s prioritization and the right to apply Charges if the prioritization is misused.
2.4.3.5 Backup and Recovery Services:
DXC will use commercially reasonable efforts to meet the following Service Level objectives for the Backup and Recovery Services described in Schedule 4.
2.4.4 Backup Success Rate
Backup jobs should be successfully completed without errors and result in creation of a valid backup Image for the applicable Protection period at minimum of 98% of the time. Backup success is measured on a per server basis by accumulation of backup success and failure data for filesystem and database backups (including logs) down to an Object level within a billing cycle (30 days).
All backup jobs are monitored in real time 24 hours a day, 7 days a week for uninterrupted execution and smooth progress of all backup jobs (within or outside of Backup Windows). Backup jobs are adjusted, tuned up, and load balanced to maximize backup efficiency and minimize time required to complete backup. Upon failures, an Incident ticket is generated automatically then thoroughly investigated and remediated.
2.4.5 Restore Success Rate and Service Level Objective
For all Restore and recovery requests not covered by self-service, DXC will initiate Restore jobs by fulfilling a service ticket created by the Customer via the Managed Services Portal and assigning it to a backup administrator within four hours after receipt of a Customer Restore request.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 21
This Restore SLO is limited to measurement of time taken by DXC to assign the Restore request to the backup administrator. Actual time to initiate and complete the Restore job will vary due to priority, size of Restore job, and backlog of Customer Restore requests.
Restore jobs should be successfully completed at minimum of 98% of the time. Restore success is measured on a per request basis within a billing cycle (30 days).
2.4.6 Reconciliation
An integral part of monthly SLO reporting of Backup and Recovery Services is audit and adjustment of BSR and RSR reports delivered to Customer.
DXC can reconcile status of backup or Restore jobs before SLO reports are delivered to the Customer. Backup or Restore jobs can be either marked as successfully completed, ignored, or added if an attempt was not captured by the reporting.
DXC can set failed backup or Restore jobs as successful if failure is due to something outside of DXC’s control. A common example would be a backup failure due to network issues where the customer supports their own networks, password changes, account lockouts, removal of storage etc. These jobs could be marked as a success, since the expectation would be that the job would have completed successfully otherwise if these inhibiting factors were not present delivering a Service Level agreement (“SLA”) measure of 100%.
DXC can ignore failed backup or Restore jobs when multiple job attempts have been executed while the final one succeeded. A common example would be automatic restart of the backup job or an addition of new backup clients to the backup environment. As part of this change, the backup administrator attempts several test backups to validate connectivity. Several of these attempts could fail. These backup jobs could be ignored, excluding them from monthly SLO reporting.
2.4.7 Prioritization of Restore Requests
Restore request tickets will be prioritized by DXC based on Customer assigned business impact and severity level subject to the following criteria:
P1 Total loss of server, Service, or Service functionality. IMPACT: Significant financial loss, damage to reputation, risk to life/limb, or legal exposure and affects a majority of users at one or more Customer facilities. URGENCY: Loss or exposure is immediate with no available workaround options.
P2 Degradation of a server, Service, or Service functionality. IMPACT: Noticeable effect on the Customer’s ability to conduct business and affects a group of users. URGENCY: Loss or exposure is imminent or immediate, but can be reduced with workarounds.
P3 Some performance degradation or loss of Service or Service functionality. IMPACT: No impact on the Customer’s business operations and affects one to several users. URGENCY: No business loss or exposure. User inconvenience.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 22
P4 A question or support request for a supported Service. IMPACT: No impact on the Customer’s business operations and affects one user. URGENCY: No business loss or exposure. User inconvenience.
DXC will act on each Restore request according to the priority of the ticket. DXC reserves the right to revisit the accuracy of each Restore request’s prioritization and the right to apply Charges if the prioritization is misused.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 23
3. Pricing In consideration for the Services described by Section 1 (“Statement of Work”) as DXC responsibilities, Customer agrees to pay the Charges specified below. Customer remains responsible for all its other costs and expenses related to receipt and use of the Services, including (without limitation) telecommunications, infrastructure, and service charges (except to the extent covered by optional leveraged internet service) and license, support and other charges for software of all kinds (excluding only software that DXC expressly agrees to provide).
3.1 General For the Services set out in this Solution Pack, Customer agrees to pay the Charges specified below, and to pay or reimburse the other costs specified as Customer Responsibilities.
3.2 Expenses Customer will pay or reimburse DXC for reasonable travel and travel-related expenses and other out-of-pocket expenses incurred by DXC in connection with DXC’s performance of the Services set out in this Solution Pack, including any purchases by DXC on behalf of Customer. DXC will invoice Customer separately for all such expenses and will include a reasonable description of the expenses.
3.3 Currency Charges will be invoiced and payable in United States Dollars (“USD”).
3.4 Charges Generally Customer will be charged for servers, storage, Optional Add-Ons, and other resources when those resources become available for Customer use. DXC reserves the right to increase Charges to support significantly outdated technology or software.
3.4.1 One-Time Charges
One-time Charges consist of the Unit Charge less any applicable volume discount. One-time Charges will be invoiced in the next monthly invoice following DXC’s delivery of the Service that is subject to a one-time Charge.
3.4.2 Recurring Charges
Recurring Charges consist of (i) Unit Charges specified in the Managed Services Portal for Orders that are accepted by DXC for servers, storage, Optional Add-Ons, and other resources (ii) times the relevant volumes of resources then in use (iii) less any applicable volume discount. Recurring Charges continue until the Services are cancelled by the Customer after any minimum order term that applies under Section 3.6 (“Minimum Order Term Commitment”) has been met. Customer billing may be in daily or hourly increments. Recurring Charges will be pro-rated on a daily or hourly basis for partial months.
3.4.2.1 Backup and Recovery Services’ Service Charges
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 24
a. Customer agrees to pay one-time Charges and recurring Charges applicable to Services described in Schedule 4 when the Backup and Recovery Services are purchased. Charges are calculated based on the volume of backup storage consumed by Customer’s backups.
b. Customers consuming Backup and Recovery Services will have the ability to purchase four tiers of backup storage; as follows: i. On-line virtual disk storage:
A. Primary Disk – used to store primary backup copies; or B. Secondary Disk – used to store replicated backup copies off-
site. ii. Physical Tape storage:
A. Off-site Tape – uses Tape cartridges to store backup copies off-site; or
B. Compliance Archive – supports yearly Compliance Archival.
3.4.3 Unit Charge Adjustments
Unit Charges for the Services are market-based and may be adjusted by DXC in the Managed Services Portal as DXC deems necessary to align with then current market-based pricing for equivalent cloud services. Any market-based pricing adjustments made by DXC resulting in increases or decreases to Unit Charges will be applied to all future and open Orders, as applicable, beginning with the next monthly invoice issued to the Customer. For Services available for Order in the Managed Services Portal, Unit Charges specified in the Managed Services Portal will prevail and Schedule 1 attached to this Solution Pack is for information purposes only. For Services not available in the Managed Services Portal, Unit Charges will be as specified in Schedule 1.
3.5 Service Volume Discount DXC’s Unit Charges for Services will, as applicable, be reduced by a volume based discount percentage as provided in this Section.
a. The initial discount will equal the applicable discount rate percentage listed in the table below based on the corresponding monthly quantity of Operating System Images initially ordered by Customer. The initial discount will be set on the Contract effective date.
b. Thereafter, the discount rate applicable to DXC’s Unit Charges will be determined as follows: i. Beginning with the first full three months after the effective date,
and for each three-month period thereafter within the term of the Contract, DXC will determine the actual quantity of Operating System Images procured by Customer in all data centers under this Solution Pack.
ii. After the end of each such three-month period, the discount will equal the applicable discount rate percentage corresponding to the lowest monthly quantity of Operating System Images procured by the Customer during such three-month period. If that lowest monthly quantity of Operating System Images is less than the monthly quantity of Operating System Images initially ordered by Customer, then for six months following the end of such three-month period, the discount rate percentage will not be increased above the discount rate percentage corresponding to that lowest
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 25
monthly quantity (regardless of higher actual quantities of Operating System Images).
Volume Discount
Monthly Quantity of Operating System
Images Discount Rate
1-24 0.0% 25-49 2.0% 50-74 4.0% 75-99 6.0%
100-249 8.0% 250-499 10.0% 500-749 12.0% 750-999 14.0%
1000 and above 18.0%
3.6 Minimum Order Term Commitments The following minimum order term commitments apply when any of the following Services are purchased (“Minimum Order Term Commitments”):
Service Minimum Order Term
Customer Dedicated Virtual Host Cluster 1 Year
Physical Server 1 Month
Virtual Server (including those used in a Customer Dedicated Virtual Host Cluster)
1 Day
The Order term begins when the Service is first made available to the Customer.
3.7 Termination Charges Customer is responsible for any Minimum Order Term Commitments specified in Section 3.6 applicable to the Services purchased. Customer can terminate Services subject to the following prior notification requirements:
Server Type Minimum Prior Notice Physical Server(s) 30 Days
Virtual Server(s) Upon notification
If Customer terminates any Managed VPC Service that is subject to a Minimum Order Term Commitment prior to completion of the minimum Order term, it will be liable for an amount equal to the full Charges for such Services for the remaining Service period within the Minimum Order Term Commitment.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 26
4. Definitions Active Directory Server means a hosted virtual machine providing Microsoft™ Active Directory functionality.
Add-On means an Optional Service feature that may be ordered by Customer and provided by DXC at an additional Charge outside of the Base Services. Affiliate means an entity controlled by, controlling, or under common control with a party.
Alert means a telephone call from Customer requesting commencement of recovery-related activities and services.
Allocated Hypervisor means a hypervisor that is installed on hardware that is not allocated to the shared pool.
Always on Availability Groups Instance means a Microsoft SQL Server DB Instance that allows groups of databases to be managed in defined groups and to fail over between nodes in the cluster.
Audit Day means one business day in which access to DXC facilities or DXC personnel is required to respond to auditor questions or provide evidence of compliance to controls.
Authentication Authority means a service or technology whose purpose is to verify the identity of a user through at least one authentication factor (see Multi-Factor Authentication).
Authorized Representative means DXC’s representative authorized to act for DXC and to serve as Customer’s principal point of contact concerning the Services, and Customer’s representative authorized to act for Customer and its Affiliates and to serve as DXC’s principal point of contact as designated by each party.
Availability or Available means any time during the calendar month when the applicable item subject to Service Levels as described in Section 2 is operational and functional.
Backup Window means a daily timeframe, during which the backup will be executed for a server.
Base means a Service that is provided by DXC when the Services are purchased. These Services are always provided and the Customer is not required to select them and may not decline them. Bulk Storage means a lower level of performance with high reliability.
BUR Vault means the dedicated storage area for Customer’s backup data in conjunction with the Backup and Recovery Services outlined in Schedule 4. Calculation Period means the first to the last day of the calendar month.
Change means an alteration or modification to the way the Services are provided, as requested by Customer or DXC.
Change Management or Change Management Process means the practices and methods described in the Statement of Work for the applicable Solution Pack or Schedule.
Change Type means the following classification: Normal Change, Routine Change, Emergency Change, and Project Change.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 27
Charge means the amount payable by Customer to DXC for Services, as described by and adjusted pursuant to the applicable provisions of this Solution Pack.
Compliance Archive Service means the Service feature that provides a copy of Customer Data written to write once read many (“WORM”) Tape.
Compute Resources means the Virtual Servers and related infrastructure available at DXC’s facility for Rehearsals and recovery.
Configuration Item or CI means the components that need to be managed in order to deliver the SAP and SAP HANA Management Services. Information about each CI is recorded in a configuration record within the Configuration Management system and is maintained and controlled by DXC through Change Management.
Configuration Management means the process that tracks individual CI in accordance with this Solution Pack for the applicable Services. Continuity means the Base and Add-On Services described in Schedule 3.
Continuity User Guide means the written guide describing use of the Continuity Services made available to customers, as revised and updated from time to time. Contracted Continuity Storage Capacity means the storage available for Replication of Customer Data, as determined by DXC based upon the Replicated Data Sets specified by the Customer and the Compute Resources required to recover the systems being protected.
Customer Compartment means a Managed VPC compartment dedicated to the Customer.
Customer Data means all information provided by or on behalf of the Customer or any Customer Affiliate to DXC for use or access in providing the Services.
Customer Dedicated Virtual Host Cluster means a Virtual Host Cluster dedicated for use by a single customer.
Customer Responsibilities mean the responsibilities and obligations set out in this Solution Pack under those Sections headed ‘Customer Responsibilities’.
Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the way any Personal Information are, or are to be, Processed. Data Copy means the copy of Customer Data created by Replication.
Data Transport Service means the Add-On Service feature that allows Customer to transport data in and out of their Managed VPC compartment using a transportable NAS device.
Database Instance or DB Instance means a set of process and memory segments that run on a Database Server node to manage and control access to the data, which resides in the database.
Database Management System or DBMS means a collection of programs that enable the storage, modification, and extraction of information from a database.
Database Server means a Physical Server or Virtual Server used to run Database Instance(s).
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 28
DB means a database.
Deployment Phase means the second of three phases of the Continuity Services as more fully described in Schedule 3.
Dialog Response Time means the percentage of the dialog steps with a DINOGUI Time of less than one second in the Calculation Period.
DINOGUI Time means the Dialog Response Time minus the graphical user interface time during the Calculation Period. DAS means digital storage directly attached to the server accessing it.
Discovery Phase means the first of three phases of the Continuity Services as more fully described in Schedule 3.
Dual Data Center means a pair of two data centers from where DXC provides High Availability.
Dual Data Center High Availability means the Service Level description that measures the Availability of the Services when Customer purchases the use of Dual Data Centers.
DXC Responsibilities mean the responsibilities and obligations set out in this Solution Pack under those Sections headed ‘DXC Responsibilities’.
E-Discovery and Cloud Forensics mean the Optional Security Services provided by DXC as more fully described in Section S2.3.7.
Emergency Change means a Change needed as a result of sudden loss of service or CI failure. An Emergency Change derives from a business-critical Incident and is the only reactive Change Type.
End User means any individual, agent or other third party that uses or receives the Services or acts on behalf of the Customer in using or receiving the Services or otherwise in performing Customer’s obligations under this Solution Pack.
Event means a change of state, which has significance for the management of a Configuration Item or the Services. The term Event is also used to mean an alert or notification created by any IT Service, Configuration Item, or monitoring tool. Events typically require DXC personnel to take actions and often lead to Incidents being logged.
Excused SAP Downtime means the circumstances where a SAP Application or SAP HANA Appliance that is subject to measurement is considered “available” in accordance with Section 2.
Excused Infrastructure Downtime means (i) Maintenance Windows; (ii) periods of downtime requested by Customer for administrative access or otherwise; (iii) outages excused by this Solution Pack; (iv) outages or unavailability of Customer managed operating systems and Customer Data, applications, software, peripheral devices, equipment, and networks; (iv) outages caused by Customer’s failure to apply security patches as instructed by DXC for Unmanaged Servers or where Customer does not allow DXC to apply security patches for Managed Servers; (v) outages caused by Customer’s continued use of an operating system version when general support for that version is no longer available from the operating system provider; and (vi) outages caused by Customer, Customer Affiliates, or their respective officers, employees, agents, or contractors. All other downtime is Unexcused Infrastructure Downtime.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 29
Excused Managed Database Downtime means the circumstances where the Managed Database Services are considered “available” in accordance with Section 2.
Fail-Over means designation of the Data Copy as Primary Data and operation from servers within DXC’s facility after Invocation.
Fault means an unexcused failure to meet a Service Level. Faults may be excused for the reasons described by this Solution Pack.
FIPS means a set of federal information processing standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military US government agencies and by US government contractors and vendors who work with the agencies.
File Enhanced Storage means a file system level storage option that provides the attributes outlined in Section S5.2.3.
Force Majeure Event means circumstances beyond a party’s reasonable control that cause delays or failures in the party’s performance.
Full Server Backup means Protection that is applied to the operating system, Customer Data, Customer applications, and Customer databases without any Customer designated exclusions.
Gold Image means a predefined Operating System Image hardened to a level that in DXC’s opinion provides an acceptable balance between security and functionality for the majority of DXC customers. This Image is a starting point for Managed Servers and the Customer may request modifications to individual servers through the agreed change control processes where necessary.
Governing Agreement means the set of terms and conditions identified in the Selections and Prerequisites Table that govern this Solution Pack.
High Availability means the Services and Optional Add-Ons that provide the High Availability Service Levels in accordance with Section 2.
High-Performance Storage means one of the Performance Storage options as described in Section S5.2.3.
HIPAA means the United States Health Insurance Portability and Accountability Act of 1996 that provides data privacy and security provisions for safeguarding medical information.
HPE 3PAR means computer data storage products, including hardware disk arrays and storage management software used by DXC to provide the Services.
Image means copy of the state of a computer system stored in some non-volatile form such as a file.
Incident means any event which is not part of the standard operation of the Service and which causes or may cause an interruption to, or a reduction in, the quality of the Service.
Incident Management means the process of restoring normal service operations in response to Incidents in accordance with the applicable Statement of Work.
Infrastructure and Virtualization Security means those Security Services provided by DXC for the infrastructure as more fully described in Section S2.3.6.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 30
ITIL means a set of detailed practices for IT service management that focuses on aligning IT services with the needs of business. Formerly it was an acronym for “Information Technology Infrastructure Library”.
In-Guest Backup means a backup agent installed on the host server for execution and processing of backups that creates certain load on the host server and effectively consumes CPU, RAM, network, and storage resources. Backup data is transferred from the host server to a backup Media server without involvement of Off-host Backup proxy servers.
Invocation means commencement of Continuity Services as described in Schedule 3 after DXC receives telephone notice from Customer directing DXC to commence delivery of Continuity Services due to the occurrence of a Force Majeure Event.
IOPS (input/output operations per second) means the standard unit of measurement for the maximum number of reads and writes to non-contiguous storage locations.
IO (input/output) means the communication between an information processing system, such as a computer, and the outside world, possibly a human or another information processing system.
IT means information technology, having to do with an entity’s computer hardware, software, or cloud environment.
LDAP means a lightweight directory access protocol.
Load Balancer Service means the Optional Add-On described in Section S6.2.9 that allows the Customer to distribute incoming application traffic among two or more servers within the same Customer Compartment at a DXC location in order to improve availability and scalability.
Local Cache Device means a Customer installed device on Customer’s dedicated network to separate Customer’s environments from other customers’ environments as part of the Backup and Recovery Services.
Logical Unit Number or LUN means a number used to identify a logical unit relating to computer storage. A logical unit is a device addressed by protocols and related to fiber channel, small computer system interface (“SCSI”), internet SCSI, and other comparable interfaces.
Long-Term Protection and Archival Services mean backup service options provided by DXC to address the Customer’s long-term backup and recovery service requirements.
Maintenance Windows mean actual time periods used by DXC for maintenance and similar purposes. Maintenance Windows may result in Services, servers, software, network connectivity, and equipment not being Available.
Managed Database means a Database Management System installed on Managed VPC infrastructure which is supported, monitored, and maintained by DXC.
Managed Database Availability means, with respect to the Managed Databases, the availability of the Database Instance, expressed as a percentage of Scheduled Managed Database Uptime for the relevant Database. This is calculated monthly using 24x7 monitoring as follows: Managed Database Availability = [Scheduled Managed Database Uptime
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 31
minus Unexcused Managed Database Downtime] divided by Scheduled Managed Database Uptime.
Managed Server means a Physical Server or Virtual Server that is managed by DXC.
Managed Services Portal means the web portal(s) from time to time established and maintained for Customer’s interaction with the Services.
Managed VPC Continuity Services Recovery Center means the DXC data center used to deliver Continuity Services.
Managed VPC Virtual Server Suspend and Resume means the Optional Add-On described in Section 1.7.7.
Management Infrastructure means servers and network devices used to provide cloud services to Managed VPC customers. For the avoidance of doubt, server instances (whether physical or virtual) are not Management Infrastructure, however the virtualization layer is.
Mandatory Addenda means those standard policies and/or supplemental terms and conditions Customer must agree to when purchasing the Services described in this Solution Pack as set out in the Selections and Prerequisites Table. Media means the material in a storage device on which data is recorded.
Middleware means software applications that facilitate exchanges of data between two or more application programs within the same environment, or across different hardware and network environments. Mbps means megabytes per second.
Microsoft SQL Server means a Server using Microsoft SQL as an operating system.
Mongo Database means the free and open-source cross-platform document-oriented database program known as MongoDB. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schema. MS means millisecond.
MySQL means an open-source relational Database Management System which may be used in connection with the Managed Database Services described in Schedule 8.
Multi-Factor Authentication means requiring at least two types of authentication with at least one being something the user knows (such as a password) and at least one being something the user has (such as a fingerprint or a device).
Multi-Tenant means the use of a shared infrastructure or storage in which logical compartmentalization of data is achieved to prevent unauthorized access to data in one compartment from another. Access to each logical compartment is managed and limited by each customer.
NetApp means a file storage product used by DXC in providing the Backup and Recovery Services.
Network Address Translation or NAT means a methodology of remapping one Managed VPC private IP address space into another, routable on the internet by modifying network address information in IP datagram packet headers while they are in transit across the firewall.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 32
NAS means a file-level computer data storage server providing data access across a network to users, servers, or applications on the network such as application and/or database software and web services.
NDMP means a network data management protocol to transport data between NAS devices and backup devices.
Network Switch means a network switch provided by DXC at an additional Charge that connects the Managed Servers to Customer’s network.
Normal Change means any temporary or permanent change to one or more Configuration Items within a managed IT environment that carries a risk higher than 'Low' and is not of a complexity to require use of formal project management methods.
Object means the smallest backup unit (i.e., E:\ drive, database log, or sub directory). For example, if a server has 10 filesystems, each backup will generate 10 Objects for purposes of calculating the backup success rate.
Off-host Backup means a backup agent installed on an off-host backup "proxy" that sends the Customer’s data to a designated storage device.
OLTP means on-line transaction processing which is a class of information systems that facilitate and manage transaction-oriented applications.
Operating System Image means a DXC specified operating system software that is installed on Virtual Servers or Physical Servers that are procured by the Customer.
Operating System Instances mean an operating system that runs on a single hardware. On some hardware, multiple Operating System Instances are possible.
Operating System License means a license that entitles the Customer to use an operating system. It does not include support unless otherwise noted.
Operational Phase means the third of three phases of the Continuity Services as more fully described in Schedule 3.
Option or Optional means a Service that is provided as a part of the Services only when specifically purchased by Customer as indicated in an Order.
Optional Addenda means any additional policies and/or supplemental terms and conditions that Customer must agree to when purchasing the Services described in this Solution Pack as set out in the Selections and Prerequisites Table.
Order means a request for Services made by the Customer through the Managed Services Portal or in a separate written request. Requests made through the Managed Services Portal are deemed accepted by DXC when placed by the Customer. All other requests will be effective only upon acceptance by DXC.
OS Cluster means a group of Physical Servers and other resources that act like a single system and enable High Availability.
Penetration Test Indemnification Form means a letter agreement used by DXC to define terms associated with performance of penetration testing for Customer’s information technology components where DXC owns, hosts, and/or operates certain information technology components used by Customer. Customer acceptance of terms specified in the letter agreement is required before such testing will be permitted.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 33
Performance Storage means the optional SAN storage available as part of the Storage Services.
Personal Information means data which relates to a living individual who is identified or can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller. Personal Information includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual.
Physical Database Server means a Database Server delivered to the Customer using a Physical Server.
Physical Server means a physical computer system consisting of software and hardware that run essential computer programs, applications or web services across a network that are accessible to users on the network.
Portal User means those representatives designated by the Customer who are authorized to login to the Managed Services Portal for purposes described in this Solution Pack.
Primary Data means in-scope data directly written by Customer’s systems, or Customer’s initial copy, ordinarily located in Customer’s environment.
Problem means a series of related Incidents or a single Incident of significant business impact that requires root cause analysis for identification of the known error and recommendations for resolution.
Problem Management means the process of preventing, managing and reducing the impact of Problems in accordance with the applicable Statement of Work.
Process means obtaining, recording, or holding the Personal Information or carrying out any operation or set of operations whether or not by automatic means on the Personal Information, including: (a) organization, adaptation, or alteration of the Personal Information; (b) retrieval, consultation, or use of the Personal Information; (c) disclosure of the Personal Information by transmission, dissemination, or otherwise making available; or (d) alignment, combination, blocking, erasure, or destruction of the Personal Information.
Process Server means the DXC provided server used to facilitate the Replication, encryption, and transmission of the Replicated Data Sets from the Managed VPC data center to the Managed VPC Continuity Services Recovery Center.
Project means a discrete unit of non-recurring work (having a specific start and end date) that falls outside the standard Services and options described in this Solution Pack.
Project Change means a Change which is requested and delivered on a Project basis.
Protection or Protection Services mean a suite of features offered to the Customer to protect Customer servers and Customer Data enabling various levels of recovery and restoration.
Protection Plan means a pre-defined combination of backup service parameters and options that can be selected by the Customer.
RDM means an option in the VMware server virtualization environment that enables a storage Logical Unit Number to be directly connected to a Virtual Server from the storage area network.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 34
RMC means an automated, non-intrusive software that uses Snapshots to integrate HPE 3PAR storage arrays and StoreOnce backup appliances for converged data protection that delivers recovery of application-consistent recovery points with flexible recovery options.
Recovery Point Objective (for Continuity Services) means anticipated elapsed time between the last complete Replication and a failure of Customer’s infrastructure.
Recovery Point Objective (for Managed Database Services) means the maximum allowed data loss period for the Managed Database environment after an Event causing a data Restore (e.g., block corruption, human errors).
Recovery Point Objective (for SAP Services) means the maximum allowed data loss period for the applicable SAP environment after a SAP environment event causing data Restore (e.g., block corruption, human errors).
Recovery Time Objective or RTO (for Continuity Services) means the anticipated time necessary to recover failed servers to operation, with related data using the Replication Equipment and Compute Resources, so that they are available to Customer for applications recovery and other Customer Responsibilities.
Recovery Time Objective or RTO (for Managed Database Services) means the boundary of time within which a Managed Database environment is targeted to be available after an unplanned Managed Database environment down Event. The end time of a Managed Database environment down Incident is defined as the time at which the Managed Database environment is made available again to the Customer. RTO is calculated as follows: Timestamp when the Managed Database environment is made available to the Customer minus timestamp when Managed Database environment down Event has been recorded in DXC's ticketing system.
Recovery Time Objective or RTO (for SAP Services) means the boundary of time within which a SAP environment is targeted to be available after an unplanned SAP environment down Event. RTO is calculated as follows: Timestamp when the SAP environment is made available to the Customer minus timestamp when SAP environment down Event has been recorded in DXC's ticketing system.
Red Hat Enterprise Linux Server means a Managed Server or Unmanaged Server that uses the Red Hat operating system.
Regulatory Compliance means the Optional Security Service component provided by DXC as more fully described in Section S2.3.9.
Rehearsal means the recovery of systems and data for the purposes of confirming the ability to recover the protected systems and the Customer to access and run the relevant applications.
Remote Access Gateway means an optional access point to the Managed Servers and Unmanaged Servers as an alternative to a pulse VPN gateway.
Remote Access User means an End User who is authorized to utilize the Remote Access Gateway.
Remote Access with Optional 2-Factor Authentication means the Optional Security Service component provided by DXC as more fully described in Section S2.3.12.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 35
Remote Replication Equipment means Replication Equipment at the Managed VPC Continuity Services Recovery Center within the Replication Recovery Environment.
Replicated Data Sets mean data sets designated by Customer for Replication.
Replication means copying of data from one location to another, either continuously (so that all data written to local storage devices is copied to remote storage devices) or on a regular basis (so that changes to data written to local storage devices are recorded and replied to the remote storage devices at regular intervals).
Replication Agent means software resident on Customer servers in order to facilitate Replication.
Replication Based Disaster Recovery means the Continuity Service offering using asynchronous Replication for recovery as described in Schedule 3.
Replication Equipment means equipment used to replicate data and includes Local and Remote Replication Equipment.
Replication Recovery Environment means the servers, storage, and other infrastructure used to recover Customer’s Replicated Data Sets after Invocation.
Replication Window means the timeframe, during which Replication of data will occur. Backup and Recovery Services support four Replication Windows where a Replication Window is tied to the selected Backup Window.
Request for Change or RFC means a formal proposal for a Change. An RFC includes details of the proposed Change. Restore means copying of a backup to online storage for application use.
Routine Change means a pre-approved, well-defined, and fully documented Change with very low or no risk, implemented through a simplified Change Management Process.
SAN means a dedicated high-speed network (or subnetwork) that interconnects and presents shared pools of storage devices to multiple servers.
SAP Application means systems, applications, and products used in data processing to support functions such as financial and asset accounting.
SAP Application Security Guidelines mean the industry standard guidelines published by SAP.
SAP Basis means business application software integrated solution, which is a set of programs and tools that act as an interface with databases, operating systems, communication protocols, and business applications.
SAP Client means a Customer organizational entity that has its own master and transactional data.
SAP Downtime means the period of time when the SAP Application or SAP HANA Appliance is not available for normal business use. SAP Downtime may be Excused SAP Downtime or Unexcused SAP Downtime.
SAP HANA means a high-performance analytics appliance that uses an in-memory database.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 36
SAP HANA Appliance means a DXC flexible, multi-purpose, data-source-agonistic in-memory appliance that combines SAP software components optimized to run on Intel-based hardware. It includes a number of integrated SAP software components including the SAP HANA database, real-time Replication services, data services, data and lifecycle management, support for multiple interfaces based on industry standards, and a data modeling tool called SAP HANA studio.
SAP HANA Infrastructure means SAP HANA Managed Server and Managed VPC storage functionality that can support a SAP HANA database managed by the Customer or a Customer designated third party within the Managed VPC infrastructure.
SAP HANA System means SAP HANA Appliance functionality using a Managed Physical Server and storage.
SAP Instance means a logical unit consisting of a set of SAP work processes that are administered by a dispatcher process with memory allocation.
SAP PAM means the documentation provided by SAP that outlines the current version, bundles the maintenance dates, patch dates, and release notes per release version to ensure current content availability and adherence.
SAP Service Catalog means a list of predefined changes provided to Customer at the time of engagement.
SAP Service Marketplace means the database provided by SAP for its customers.
SAP Services mean the Optional Add-On service features described in Schedule 7 and purchased by Customer; defined therein as Managed VPC SAP and SAP HANA Management Services.
SAP Solution Manager means a standard product from SAP used to manage and monitor SAP Instances.
SAP Web Application Server means a component of SAP which works as a web application server for SAP products.
Scale-Out means a SAP HANA Appliance that contains multiple blade servers. Scale-Up means a SAP HANA Appliance that contains a single blade server.
Schedule means a schedule to this Solution Pack unless specifically identified otherwise.
Scheduled Managed Database Uptime means the time when a Database Instance is scheduled to be available to Customer for normal business use. For clarity and as an example, Scheduled Managed Database Uptime excludes Maintenance Windows and outages and periods of administrative access requested by Customer.
Scheduled Infrastructure Uptime means that period in a month outside of Excused Infrastructure Downtime.
Section means a section or subsection in this Solution Pack unless specifically identified otherwise.
Security Incident Management means the Security Services provided by DXC that manage Incidents detected in the Managed VPC environment as more fully defined in Section S2.3.7.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 37
Security Zone means one or more VLANs which are routed together and have a single firewall interface. Server means either a Managed Server or Unmanaged Server.
Service Credit means compensatory credit to Customer for Faults if and to the extent available under this Solution Pack.
Service Level means a quantitative performance standard for the Services set forth in Section 2.
Single Data Center means the Services are provided out of only one DXC data center and therefore different Service Levels apply than the Services provided out of Dual Data Centers.
Single Sign On means a mechanism whereby a single action of user authentication and authorization can permit a user to access other applications and systems where he/she has access, without the need to enter multiple user IDs and passwords.
SL Tier means DXC’s specific combination of responsibilities for Service Levels selected by the Customer in an Order.
Snapshot (for Continuity Services) means a point in time copy of the data (or subset thereof) on the storage array that can be used for various purposes without any changes that are made to the Snapshot copy being reflected in the original data on the storage array.
Snapshot (for the Services) means preservation of the configuration state of a Virtual Server at a specific point in time. The configuration state of the Virtual Server includes the internal storage, memory, virtual network connections, and the power status (powered-on, powered-off, and suspended). The status of applications and any external storage is not captured in the Snapshot.
Solution Design Document means the written document prepared by DXC in anticipation of this Solution Pack, describing detailed arrangements for provision of Continuity Services to Customer, including storage and communications network requirements, based upon information furnished by Customer. SSD means the solid-state drive used for the Storage Services.
Stabilization Period means the mutually agreed period after implementation, not exceeding three months, during which DXC will monitor the average Dialog Response Time. During the Stabilization Period the monitored threshold will be 80% of the dialog steps with a DINOGUI Time below one second. If the history during the Stabilization Period shows that load and performance are stable for the system under consideration then the value will be increased to the agreed value according to DXC’s Service Level obligations.
StoreOnce means the HPE storage appliances used by DXC to provide portions of the Services.
SUSE Linux Enterprise Server means a Managed Server or Unmanaged Server using the SUSE operating system.
Tag Recovery Point means a mark generated at a point in time where an application has been quiesced, and the file and application data buffers on the protected system have been flushed. The Tag Recovery Point can be
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 38
used at recovery time to provide improved data consistency for database or similarly complex applications.
Tape means the storage device that writes data sequentially in the order in which it is delivered and reads data in the order in which it is stored on the Media. TB means terabytes.
Technical Representative means the representative designated by Customer who is authorized to contact the Operations Center concerning operational matters, to obtain support, and manage Customer’s receipt of the Services.
Temporary Storage means storage capacity made available during either a Rehearsal or Invocation. This storage capacity is intended for transitory use and any data will be deleted at the end of the Rehearsal or Invocation.
Test Restore Service means the Service feature that allows the Customer to request “non-operational” restoration of data that is a Restore to a destination other than the source during normal service operations. The Test Restore Service is subject to an additional Charge at DXC’s then current rates.
Threat and Vulnerability Management means the Base and Optional Service components provided by DXC as more fully described in Section S2.3.8.
Ultra-High-Performance Storage means the optional SAN storage available as part of the Storage Services as further described in Section S5.2.3.
Unexcused Infrastructure Downtime means that period in a month when the applicable item subject to Service Levels as provided in this Solution Pack is not Available during Scheduled Infrastructure Uptime for that month caused by DXC’s failure to perform DXC’s Responsibilities under this Solution Pack. For Managed Servers (including Managed Servers that are part of an OS Cluster), Unexcused Infrastructure Downtime is measured from the time the outage is detected by DXC, until DXC determines that the outage is resolved. For Unmanaged Servers (including Unmanaged Physical Servers or Virtual Servers), Unexcused Infrastructure Downtime is measured from the time a service Incident ticket is opened by the Customer, until DXC determines the outage is resolved.
Unexcused Managed Database Downtime means Managed Database downtime that is not Excused Managed Database Downtime.
Unexcused SAP Downtime means SAP Downtime that is not Excused SAP Downtime.
Unit Charge means the then current list price for an orderable item in billable increments as provided in the Managed Services Portal or in a written quotation when the item is not available in the Managed Services Portal.
Unmanaged Server means a Physical Server or Virtual Server that is managed by the Customer.
Virtual Appliance means a VMware virtual server provisioned and operated by the Customer that the Customer has connected to a Managed VPC compartment.
Virtual Database Server means a Database Server delivered to the Customer using a Managed VPC Virtual Server.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 39
Virtual Firewall Instance means a firewall instance made available from the Continuity shared firewall infrastructure. Virtual Host means a hypervisor installed and managed by DXC.
Virtual Host Cluster means a group of Virtual Hosts managed as a single unit through virtualization software installed and managed by DXC.
Virtual Routing Instance means a routing instance made available from the Continuity shared router infrastructure providing an access point for Customer routers.
Virtual Server means a complete system platform which supports the complete operating system installed on a system disk.
VMware means the operating system supplied by VMware, Inc.
VADP means an application programming interface that enables the Symantic NetBackup product to do centralized, off-host, and LAN free backup of vSphere Virtual Servers and Virtual Appliances as long as VMware supports the capability.
Windows Server means a Managed Server or Unmanaged Server running Microsoft Windows as an operating system.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 40
Schedule 1. Pricing Schedule
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 41
Schedule 2. Security Services
S2.1. Introduction This Schedule will apply to each Order placed for Services and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. The Security Services are provided to the extent Ordered by Customer. DXC’s performance may depend upon Customer’s performance of Customer’s Responsibilities or other dependencies. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular Security Services in this Schedule or elsewhere in this Solution Pack are subject to the more detailed descriptions below.
Security Service usage is limited to within the Customer’s Managed VPC environment. Termination or suspension of all or any part of the Services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Security Services under this Schedule.
S2.2. Scope of Service DXC will provide to Customer the Services described by this Schedule following submission of Orders. DXC will deliver Security Services on a Managed VPC infrastructure in accordance with this Solution Pack except where otherwise specified below.
Security Service components noted as “Base” are included with the Services at no additional Charge. Security Service components noted as an “Option” or “Optional” will be made available to the Customer at an additional Charge. Customer acknowledges that because Unmanaged Servers are under its control, security features for Unmanaged Servers are more limited than for Managed Servers.
Customer will use the Managed Services Portal to order Security Services offered under this Solution Pack and designate which, if any, Optional Add-On is selected for purchase by Customer.
S2.3. Security Services
S2.3.1. Audit Assurance and Compliance
This Section describes the options available to Customer to receive information regarding security and compliance in the environment. Customer may conduct audits using the Customer Audit Days option described below only if the available reports do not sufficiently cover specific controls.
The table below describes Security Service components for this Section along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Server Penetration
Base DXC will:
• Review and approve (as appropriate) the properly
• One-time Charge per report when
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 42
Security Service Component Responsibilities Additional Ordering
Information Test Report
completed and signed indemnification form.
conducted or commissioned by DXC.
• Contact DXC to request this Option.
Customer will:
• Complete and sign (and cause any third-party auditors to sign) the DXC supplied Penetration Test Indemnification Form and conduct or commission (from DXC or an independent third party) a penetration test of the virtual private cloud (“VPC”) servers.
• Provide relevant findings to DXC.
b. Infrastructure Penetration Test Report
Option DXC will:
• Commission a penetration test from an independent third party and provide an annual summary copy of the report to the Customer.
• One report is issued globally for the Services. This report covers a representative sample of the DXC infrastructure and includes tests that attempt to break out of a Virtual Server, break out of a tenant compartment, break into the Managed VPC Management Infrastructure, and penetrate from the public internet.
• Customer VPC servers (Managed and Unmanaged Servers) are
Customer will:
• n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 43
Security Service Component Responsibilities Additional Ordering
Information not included in the scope.
• One-time Charge per report. There is no need to purchase more than one copy.
• Contact DXC to request this Option.
c. ISAE 3402/SSAE16 SOC1 Type II Report
Option DXC will:
• Commission the report from an independent third party for the Managed VPC infrastructure and provide a copy of the report to the Customer as and when available.
• One-time Charge per report.
• Customer VPC servers (Managed and Unmanaged Servers) are not included in the scope.
• Contact DXC to request this Option.
Customer will:
• n/a
d. AT Section 101 SOC2 Report
Option DXC will:
• Commission the report from an independent third party for the Managed VPC infrastructure and provide a copy of the report to the Customer as and when available.
• One-time Charge per report.
• Customer VPC servers (Managed and Unmanaged Servers) are not included in the scope.
• Contact DXC to request this Option.
Customer will:
• n/a
e. Customer Audit Days
Option DXC will:
• Provide an audit coordinator and/or authorized escort.
• Charge is per Audit Day plus expenses.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 44
Security Service Component Responsibilities Additional Ordering
Information
Customer will:
• Use available audit reports to address as many audit needs as possible.
• For any remaining items, provide scope and request for audit access 22 business days’ in advance.
• Commission auditors (Customer or an independent third party) to perform the audit.
• Provide relevant findings to DXC.
• Access to DXC facilities requires 22 business days’ prior notice.
• Access to DXC personnel requires 10 business days’ prior notice.
• Contact DXC to request this Option.
• All Customer audits are subject to the requirements described in Section 1.10 of this Solution Pack.
S2.3.2. Data Center Security
This Section describes the minimum basic controls in place at data centers hosting Managed VPC environments. Additional controls may exist and vary by location.
The table below describes Security Service components provided for DXC data centers, along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information a. Asset
Management Base DXC will:
• Maintain an inventory of physical assets in the DXC data center.
n/a
Customer will: • n/a
b. Physical Security Perimeters
Base DXC will: • Provide multiple
physical perimeters with restricted access to sensitive areas of the DXC data center.
• Provide access controls employing electronic badges and a second factor (i.e., passcode or biometrics).
n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 45
Security Service Component Responsibilities Additional Ordering
Information Customer will: • n/a
c. Secure Disposal of Media
Base DXC will: • Securely erase data
before reuse of Media and securely dispose of Media that is physically decommissioned and not reused.
n/a
Customer will: • n/a
d. Guards Base DXC will: • Provide 24x7 guards to
patrol and monitor the DXC data center.
n/a
Customer will: • n/a
e. Video Surveillance
Base DXC will: • Provide monitoring and
recording of entry and exit points in and around the DXC data center.
n/a
Customer will: • n/a
f. Redundant Infrastructure
Base DXC will: • Provide redundant
power to be available in the form of multiple power feeds where possible and backup power in all locations.
n/a
Customer will: • n/a
g. Wireless Access Point Scanning
Base DXC will: • Perform quarterly
scans to detect and remove unauthorized wireless access points allowing connectivity to the VPC infrastructure.
n/a
Customer will: • n/a
S2.3.3. Encryption and Key Management
This Section describes the Optional encryption related services currently available for Managed VPC.
The table below describes Security Service components for encryption and key management activities, along with responsibilities related to these components.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 46
Security Service Component Responsibilities Additional Ordering
Information
a. Encryption of Off-Site Backup Tapes
Option DXC will:
• Encrypt data backed up to Tape for removal to off-site storage.
• Included when Customer purchases off-site backup services as described in Schedule 4.
Customer will: • n/a
b. Encryption at Rest
Option DXC will: • Install and
configure Vormetric encryption console in Customer Compartment.
• Install agents on Managed Servers.
• Register agents to console.
• Give Customer access to the console to manage the encryption settings if requested by Customer.
• If DXC is requested to manage the console, place the console in “learn mode” to generate the policy.
• If DXC is requested to manage the console, activate the policy after an agreed period of time in “learn mode”.
• Recurring monthly Charge per console and per server.
• One console is recommended per Customer Compartment. Consoles are configured with 99% Availability. Encryption will continue to function if the console temporarily goes down.
• Prices decrease as the volume increases into progressive tiers. All servers will receive the rate for the total volume. Volumes may be combined between multiple sites if they
Customer will: • Cause agents to
be installed on Unmanaged Servers.
• Generate encryption keys and manage
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 47
Security Service Component Responsibilities Additional Ordering
Information encryption from the console or purchase additional consulting or training from DXC or directly from Vormetric as needed for assistance configuring policies.
are all for a single Customer.
S2.3.4. Governance and Risk Management
This Section describes Base Services performed by DXC to manage risk within the Managed VPC delivery environment and to prevent configuration drift and an Optional Add-On available to Customer. There are no Customer deliverables or ordering options associated with any Base Services listed below. DXC reserves the right to test or scan any Managed Server(s) for security issues at any time.
The table below describes Security Service components for governance and risk management activities, and responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Annual Risk Assessment
Base DXC will:
• Conduct a risk assessment of the Services’ offering at least annually.
n/a
Customer will:
• n/a
b. Security Policy Base DXC will:
• Configure Customer VPC servers (Managed and Unmanaged Servers) and infrastructure with settings compliant to DXC policies.
n/a
Customer will:
• Never circumvent or disable DXC provided security settings, tools, or controls without
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 48
Security Service Component Responsibilities Additional Ordering
Information DXC authorization.
• Determine the appropriate security policy for Customer managed operating systems.
c. Server Policy Compliance Scanning
Base DXC will:
• Conduct compliance scans on any Managed Server(s) without notice.
n/a
Customer will: • n/a
d. Server Policy Compliance Scanning Reports
Option DXC will:
• Provide access to server policy compliance scanning reports on DXC Managed and Unmanaged Servers in the Customer’s VPC compartment.
• Recurring monthly Charge per server.
• Orderable through the Managed Services Portal.
• Scanning may occur on any frequency deemed appropriate by the Customer, as frequently as weekly.
• Select servers may be scanned more frequently than weekly in troubleshooting circumstances, but not as a routine.
Customer will:
• Identify Customer VPC servers (Managed and Unmanaged Servers) to be included in the scanning report.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 49
S2.3.5. Identity and Access Management
This Section outlines the controls in place for account management, access management, and authentication. Administrative access to Managed Servers is subject to DXC control with access provided to Customer when requested. DXC will not be responsible for any missed Service Levels caused by Customer action. DXC support personnel will not have access to Unmanaged Servers, so it is Customer’s responsibility to manage access to those servers.
The table below describes Security Service components for identity and access management activities, along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. DXC Administrative Access
Base DXC will: • Cause all DXC
support personnel to securely authenticate with an individually identifiable access method and a minimum of 2-factor authentication before accessing the Customer’s VPC compartment.
n/a
Customer will:
• n/a b. Customer
Administrative Access
Base DXC will: • Upon request from
an authorized requester, allow administrative access to Managed Servers.
• Provide an initial administrative account for Unmanaged Servers.
n/a
Customer will:
• n/a c. Role Based
Access Control Base DXC will:
• Determine DXC support personnel access based upon job role and subject to an authorized approver.
n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 50
Security Service Component Responsibilities Additional Ordering
Information Customer will:
• n/a d. Password
Controls Base DXC will:
• Configure password controls on Customer Servers (Managed and Unmanaged Servers) and infrastructure to comply with current DXC password policies.
n/a
Customer will:
• n/a e. User Access
Authorization Base DXC will:
• Require and record authorization for Managed VPC provisioned access credentials.
n/a
Customer will:
• n/a f. User Access
Reviews Base DXC will:
• Conduct quarterly reviews of all elevated access permissions to Managed VPC systems for DXC personnel.
n/a
Customer will:
• n/a g. User Access
Revocation Base DXC will:
• Remove access for DXC personnel whose access is no longer appropriate.
• Remove access for Customer personnel as directed by authorized requester.
n/a
Customer will:
• Notify DXC of any Customer user
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 51
Security Service Component Responsibilities Additional Ordering
Information access which is no longer required.
h. Accountability Base DXC will:
• Ensure DXC user accounts are traceable to an individual and are not shared.
n/a
Customer will:
• Assume responsibility for any actions performed by Customer employees.
i. Multi-Factor Authentication on the Managed Services Portal
Base DXC will: • Cause the Managed
Services Portal to be federated with Authentication Authority for two factors of authentication for all accounts before access is granted to the Managed Services Portal.
If the Customer does not have an LDAP or Microsoft Active Directory compatible Authentication Authority for first factor authentication, and a compatible second factor service, this can be purchased as an Add-On from DXC.
Customer will:
• Identify and supply an LDAP or Microsoft Active Directory compatible Authentication Authority for first factor authentication to be federated with the Managed Services Portal for authenticating Customer users with a username and password.
• Identify and supply a RADIUS compatible Authentication Authority for second factor authentication to be federated with the Managed Services Portal.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 52
Security Service Component Responsibilities Additional Ordering
Information • Purchase the first
and second factor authentication service from DXC if Customer does not have a compatible solution as described above.
• Cause all Portal Users to maintain reasonably secure password credentials (keep credentials secret and use industry standard complexity requirements).
S2.3.6. Infrastructure and Virtualization Security
This Section describes Base Services related to Infrastructure and Virtualization Security.
The table below describes Security Service components for Infrastructure and Virtualization Security along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Time Synchronization of Management Infrastructure
Base DXC will:
• Cause all Managed VPC infrastructure systems to synchronize with a central and consistent time source.
n/a
Customer will:
• n/a
b. Customer Dedicated Virtual Firewall
Base DXC will:
• Cause the Virtual Firewall Instance to be dedicated to Customer and configure rules into and out of the Customer Compartment as directed by the Customer and as required by DXC to
n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 53
Security Service Component Responsibilities Additional Ordering
Information provide the contracted support.
Customer will:
• Notify DXC of any changes to the firewall rules as required by the Customer or use a DXC provided interface to apply such rules.
c. Customer Segregation
Base DXC will:
• Configure multiple firewalls to prevent routing between the Customer Compartment and other tenant compartments.
n/a
Customer will:
• n/a d. OS Hardening Base DXC will:
• Configure Managed VPC operating systems to then current pre-hardened DXC Gold Images.
n/a
Customer will:
• n/a e. Virtual Server
Access Base DXC will:
• Configure the virtualization layer so that access through the virtualization layer to Virtual Server operating systems is not allowed.
• Access Virtual Server operating systems as required from the Customer Compartments via jump servers.
n/a
Customer will:
• n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 54
S2.3.7. Security Incident Management, E-Discovery and Cloud Forensics
This Section describes the Base Services related to management of security incidents and events and Optional Add-Ons available to Customer.
The table below describes Security Service components for Security Incident Management and E-Discovery and Cloud Forensics along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Security Incident Management
Base DXC will: • Employ 24x7
monitoring and triage of security-related events with escalation for resolution and/or Incident Management.
• Notify the designated Customer contact of any material security Incidents directly impacting the Customer.
n/a
Customer will: • Manage Customer
security Incidents. • Notify the
designated DXC contact of any material security Incidents directly impacting the VPC environment.
• Designate a Customer contact to receive notification of material security Incidents
b. E-Discovery and Cloud Forensics
Option DXC will:
• Provide E-Discovery and Cloud Forensics services under direction of Customer.
• Subscription or Add-On services available.
• Contact DXC account team to request quotation.
• This service feature is provided
Customer will: • Subscribe to or
purchase Add-On service features if or as desired.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 55
Security Service Component Responsibilities Additional Ordering
Information from a separate DXC organization to provide a level of separation.
c. Evidence Gathering for Customer Managed Incidents
Option DXC will: • Provide copies of
data or evidence appropriate for chain of custody requirements as required.
• Protect the availability and confidentiality of the data of other customers.
• Contact DXC account team to request quotation.
Customer will: • Provide DXC with
detailed requests for data gathering when required.
S2.3.8. Threat and Vulnerability Management
This Section describes the Base Services related to the discovery and management of malicious code and vulnerabilities and Optional Add-Ons available to Customer. DXC reserves the right to scan any Customer VPC servers (Managed and Unmanaged Servers) for security issues and vulnerabilities at any time.
The table below describes Security Service components for Threat and Vulnerability Management along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Antivirus Software on Windows
Base DXC will: • Cause antivirus
software to be installed and maintained on all Managed Servers using Windows OS.
• Configure signature updates to occur
n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 56
Security Service Component Responsibilities Additional Ordering
Information
continuously or daily.
Customer will: • Install and
manage antivirus software on all Unmanaged Servers using Windows OS.
b. Antivirus Software on Linux
Option DXC will: • Cause antivirus
software to be installed and maintained on designated Managed Servers using Linux OS.
• Configure signature updates to occur continuously or daily.
• Recurring monthly Charge per server.
• Orderable through Managed Services Portal.
• The agent scans for Windows virus signatures on the Linux managed volumes.
Customer will: • n/a
c. Patch Management Base DXC will:
• Cause patches for Managed VPC operating systems to be tested and installed on a regular cycle and as deemed appropriate by DXC.
n/a
Customer will: • Avoid
unnecessary deferrals of patching for Customer VPC servers (Managed
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 57
Security Service Component Responsibilities Additional Ordering
Information
and Unmanaged Servers).
• Cause patches for Unmanaged Servers operating systems to be installed within a reasonable time.
d. Vulnerability Scanning
Base DXC will:
• Conduct vulnerability scans on any Customer VPC servers (Managed and Unmanaged Servers) without notice or restriction.
n/a
Customer will: • n/a
e. Vulnerability Scanning Reports
Option DXC will: • Provide access to
vulnerability scanning reports on servers in the Customer’s VPC compartment.
• Recurring monthly Charge per server
• Orderable through Managed Services Portal.
• Scanning may occur on any frequency deemed appropriate by the Customer, as frequently as weekly.
• Select servers may be scanned more frequently than weekly in troubleshooting
Customer will: • Identify servers to
be included in the scanning report.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 58
Security Service Component Responsibilities Additional Ordering
Information
circumstances, but not as a routine.
f. External Vulnerability Scanning Reports
Option DXC will: • Provide Customer
a self-service vulnerability scan of public facing IP addresses using a scanner on the public internet.
• Deliver an external vulnerability scan report.
• One-time Charge per server per scan
• Orderable through the Managed Services Portal.
• Scanning may occur on any frequency deemed appropriate by the Customer.
• Scanning is fully automated.
Customer will: • n/a
S2.3.9. Regulatory Compliance
This Section describes an Optional Add-On not mentioned elsewhere.
The table below describes Security Service components for Regulatory Compliance along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. HIPAA Option DXC will:
• Conduct infrastructure, operating system and server management in a manner compliant with HIPAA requirements.
Available at no additional cost to Customer.
Customer will:
• Identify and provide or purchase security options as required to meet HIPAA requirements (if
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 59
Security Service Component Responsibilities Additional Ordering
Information any) applicable to the Customer.
S2.3.10. Managed VPC Continuity Service – Security Supplement
This Section describes the additional layers of security that apply when select disaster recovery services described in Schedule 3 are purchased by the Customer for Managed Servers in conjunction with Managed VPC Services. These Continuity Services Security Service component Options will apply in the event of a conflict with any Base or Optional security services components stated elsewhere in this Schedule.
The table below describes Security Service components for Continuity Services along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Physical Security Perimeters
Option DXC will:
• Provide multiple physical perimeters with restricted access to sensitive areas of the DXC data center.
• Provide access controls employing electronic badges and a second factor authentication (i.e., passcode or biometrics).
• Standard feature when purchasing Continuity Services
Customer will:
• n/a b. Perimeter Network
Intrusion Prevention System
Option DXC will: • Place network
intrusion prevention sensors (“NIPS”) on the perimeter of the infrastructure to filter all inbound traffic.
• Maintain and tune the NIPS filters as deemed appropriate by DXC.
• Standard feature when purchasing Continuity Services
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 60
Security Service Component Responsibilities Additional Ordering
Information
Customer will: n/a
c. DXC Administrative Access
Option DXC will:
• Cause all DXC support personnel to securely authenticate with an individually identifiable access method and a minimum of 2-factor authentication before accessing the Customer’s VPC compartment.
• Standard feature when purchasing Continuity Services
Customer will:
• n/a d. Customer Dedicated
Virtual Firewall Option DXC will:
• Cause the Virtual Firewall Instance to be dedicated to Customer and configure rules into and out of the Customer Compartment as directed by the Customer and as required by DXC to provide the contracted support.
• Standard feature when purchasing Continuity Services
Customer will:
• Notify DXC of any changes to the firewall rules as required by the Customer or use a DXC provided interface to apply such rules.
e. Customer Segregation
Option DXC will:
• Configure multiple firewalls to prevent routing
• Standard feature when purchasing
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 61
Security Service Component Responsibilities Additional Ordering
Information between the Customer Compartment and other tenant compartments.
Continuity Services
Customer will:
• n/a f. Virtual Server
Access Option DXC will:
• Configure the virtualization layer so that access through the virtualization layer to Virtual Server operating systems is not allowed.
• Access Virtual Server operating systems as required from Customer Compartments via jump servers.
• Standard feature when purchasing Continuity Services
Customer will:
• n/a g. Encryption in Transit Option DXC will:
• Provide an encryption capability for Customer use when transmitting Customer Data over the public internet.
• Standard feature when purchasing Continuity Services
Customer will:
• n/a h. Secure Data
Deletion Option DXC will:
• Subject SAN-attached discs to a 3-pass wipe process when removing from operational use.
• Standard feature when purchasing Continuity Services
Customer will:
• n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 62
S2.3.11. Web Application Firewall (“WAF”) Service
This Section describes the additional responsibilities that apply when the Web Application Firewall service is purchased by Customer in conjunction with the Services. DXC reserves the right to change software or tools without restriction to equivalent software or tools.
The table below describes optional Security Service components for the WAF service along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Web Application Firewall Service
Option DXC will: • Install and
configure a WAF in the Customer Compartment (currently the F5 Networks, Inc. (“F5”) Virtual application security manager (“ASM”) appliance).
• Give Customer access to the console to manage the WAF settings if requested by Customer.
• If DXC is requested to manage the WAF, place the ASM in “learn mode” to generate the policy.
• If DXC is requested to manage the console and activate the policy after an agreed period of time in “learn mode”.
• Recurring monthly Charge per ASM.
• One WAF is recommended per compartment. WAFs are configured with 99.9% Availability. Web sites will continue to function if the WAF temporarily goes down.
Customer will: • Purchase
additional consulting or training from DXC or directly from F5 as needed for assistance configuring the ASM.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 63
S2.3.12. Remote Access with Optional 2-Factor Authentication
This Section describes the additional responsibilities that apply when the optional Remote Access with Optional 2-Factor Authentication service is purchased by the Customer in conjunction with the Services. DXC reserves the right to change software or tools without restriction to equivalent software or tools.
The table below describes Security Service components for the Remote Access with Optional 2-Factor Authentication service along with responsibilities related to these components.
Security Service Component Responsibilities Additional Ordering
Information
a. Remote Access Gateway
Option DXC will: • Install and
configure a Remote Access Gateway (“GW”) in Customer Compartment (currently a pulse VPN gateway Virtual Appliance).
• Manage the license for the GW.
• Configure the GW to use the Authentication Authorities specified by Customer.
• Recurring monthly Charge per GW.
• One GW is recommended per compartment. GWs are configured with 99.9% Availability. Servers will continue to function if the GW temporarily goes down.
Customer will: • Identify the
Authentication Authority (typically an LDAP compatible solution such as Microsoft Active Directory) and an optional second factor RADIUS compatible authority to be configured and provide the required details and credentials to connect the GW.
b. Remote Access User
Option DXC will: • Manage the
license for the End User which
• Requires at least one GW.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 64
Security Service Component Responsibilities Additional Ordering
Information allows the End User to connect to the GW.
• Recurring monthly Charge per End User. Customer will:
• Identify the quantity of users to be assigned to each purchased GW.
c. 2-Factor Uplift for Remote Access User
Option DXC will: • Provide the
second factor (one-time password or digital certificate) to the identified users with instructions for use.
• Manage the license for the End User which allows the End User to authenticate with a second factor to the Remote Access Gateway.
• Requires an equal or greater number of Remote Access Users.
• Recurring monthly Charge per End User.
Customer will: • Identify the End
Users with requested contact information.
• Notify DXC immediately when an End User’s access is to be suspended or revoked.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 65
Schedule 3. Continuity Services
S3.1. Introduction This Schedule will apply to each Order placed for Services, to the extent the Continuity Services are selected for purchase by Customer, and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular services in this Schedule or elsewhere in this Solution Pack are subject to the more detailed descriptions below. Continuity Services are only available for use in the Customer’s Managed VPC compartment, and DXC will be obligated to provide Continuity Services only if Customer has also selected to purchase all the following Services for the servers, storage, and other infrastructure for which Customer desires the Continuity Services:
a. File System Level Backups as described in Schedule 4; and
b. Database Backups for Managed Servers as described in Schedule 4.
Termination or suspension of all or any part of the Services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Continuity Services under this Schedule.
S3.2. Replication Based Disaster Recovery – Discovery Phase
S3.2.1. DXC Responsibilities:
a. Designate 2 or more representative(s) as its principal point(s) of contact for the Discovery Phase.
b. Collect requirements relating to Replicated Data Sets during the Discovery Phase.
c. Advise Customer on: i. The amount of Replication bandwidth required to maintain the
Replication Service Level objectives; ii. Connectivity solutions that are suitable for access to the Managed
VPC Continuity Services Recovery Center; and iii. The number of Process Servers required to maintain the
Replication Service Level objectives.
S3.2.2. Customer Responsibilities:
a. Designate at least two persons as its principal point(s) of contact for the Discovery Phase. Customer will also need to designate a technical network representative able to discuss the design aspects of how Customer will access systems once failed across to the Managed VPC Continuity Services Recovery Center.
b. Identify the servers that will be protected by the Replication Based Disaster Recovery service and ensure the required data regarding those servers is provided during the data collection element of discovery.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 66
c. Provide support and assistance to DXC assigned Discovery Phase representatives so the volume of changed data over a day can be assessed and agreed for the servers that are to be included in the Replication Based Disaster Recovery service.
d. Advise DXC of any specific external connectivity requirements the Customer application will require when failed over to the Managed VPC Continuity Services Recovery Center.
e. If Customer access to the Managed VPC Continuity Services Recovery Center is not being provided by VPN over the internet, Customer will provide a suitable network solution to provide this access.
f. Ensure the Customer’s applications can meet the technical requirements of the Replication Based Disaster Recovery service.
S3.3. Replication Based Disaster Recovery - Deployment Phase
S3.3.1. DXC Responsibilities:
a. Designate two or more representative(s) as its principal point(s) of contact for the Deployment and Operational Phases of the engagement. DXC may replace its representative(s) for the Discovery, Deployment, or Operational Phases at any time and will so inform Customer.
b. Deliver, install, configure, and thereafter maintain the Replication Equipment within the Managed VPC Customer Compartment(s).
c. Perform technical tests as needed.
d. Install Replication Agents.
e. Configure Replication Recovery Environment for the Replicated Data Sets.
f. Upon completion of the foregoing, commence operations (as described in Section S3.4 below).
S3.3.2. Customer Responsibilities:
a. Designate at least two persons as its principal point(s) of contact for the Deployment and Operational Phases of the engagement. In addition, Customer will designate at least two Technical Representatives authorized to act for Customer concerning operational matters related to delivery of Services within the Deployment and Operational Phases which may include participation in periodic review sessions conducted by DXC as described in Section S3.3.1 above. Customer may replace its representative(s) for the Discovery, Deployment, or Operational Phases at any time and will so inform DXC.
b. Identify Replicated Data Sets and associated servers.
c. Make skilled, knowledgeable technical staff available and provide other cooperation and support as reasonably necessary to perform Customer’s Responsibilities and cooperate with DXC.
S3.4. Replication Based Disaster Recovery Operational Phase After completion of deployment, the Operational Phase will commence.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 67
S3.4.1. DXC Responsibilities:
a. Monitor and manage the Replication Recovery Environment, consisting of the Replication Equipment and Compute Resources, taking appropriate corrective action as reasonably necessary to maintain sufficient operational capacity and capability.
b. Reconfigure the Replication Recovery Environment as needed to accommodate changes in Replicated Data Sets and other approved or permitted changes.
c. Make the Managed Services Portal for Continuity Services available to Customer. DXC will provide Managed Services Portal usage instructions to the Customer’s Authorized Representatives as required.
d. Increase or withdraw Replication Equipment and configure as needed to support increases or reductions in committed capacities and the size and number of Replicated Data Sets, as requested by Customer, and generally in accordance with the processes described above for deployment and below for disengagement.
e. Review information and documentation furnished by Customer and consult with Customer as needed regarding the accuracy and completeness of the information and documentation.
f. Conduct review sessions to consult with Customer’s Technical Representative regarding issues and Incidents at such times and intervals as DXC deems advisable (or upon Customer’s reasonable request).
g. Make Replication Equipment continuously available (apart from Maintenance Windows or essential repairs) for Replication of the data sets designated by Customer.
h. Upon Invocation, designate a point of contact, set up and enable Customer’s Replication Recovery Environment and make it available, together with any Optional Add-On selected by Customer in accordance with the procedures described by the Continuity User Guide.
i. After Invocation, support Fail-Over of protected systems, using Replicated Data Sets as Customer’s Primary Data and the Compute Resources.
j. When the Managed VPC production environment is again operational, set up reverse Replication, install Replication Agents, and, when ready to resume normal operations, set up forward Replication in accordance with the procedures described by the Continuity User Guide.
k. Provide the Security Services described by Schedule 2.
S3.4.2. Customer Responsibilities:
a. Review and update Replicated Data Sets and associated servers as needed but at least semi-annually.
b. Be responsible for resolution of any Problems that involve activities within the Customer Compartments specific to the data being replicated.
c. Maintain configurations for its systems to permit access by the Replication Equipment.
d. Coordinate software upgrades on relevant servers with DXC to ensure compatibility with Replication Agent software.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 68
e. Consult the Managed Services Portal for Continuity Services regularly (but at least weekly) to monitor the Replication Recovery Environment, Replication targets, space usage, and other pertinent information.
f. Comply with Customer’s security obligations as described in Schedule 2.
g. Provide an Invocation declaration following notice from DXC that a Force Majeure Event affecting DXC’s performance of Continuity Services has occurred.
h. Promptly inform DXC of any perceived difficulty with Replication or other aspects of operations, and of any material changes in Customer’s environments that may affect Replication or other aspects of operations.
S3.5. Recovery Rehearsals
S3.5.1. DXC Responsibilities:
a. Upon Customer’s request, given at least 14 days advance notice (and subject in all cases to the potential need to make staff, equipment, and other resources available to perform recovery services and previously scheduled Rehearsals for other customers) schedule and conduct Rehearsals in accordance with its standard procedures then in effect, as disclosed in writing and made available to the Customer.
b. Conduct Rehearsals during normal business hours at the relevant DXC facilities, at times reasonably determined by DXC, using Snapshot copies of Replicated Data Sets and an isolated network within the DXC facility in order to avoid disruption of normal data Replication.
c. Provide a standard post-Rehearsal report and, upon request, conduct a post-Rehearsal conference call to review the results. If all or a portion of a Rehearsal is unsuccessful, it may be repeated (without additional Charge if it was unsuccessful because of DXC’s failure to perform its responsibilities).
S3.5.2. Customer Responsibilities:
a. Request a Rehearsal at least 14 days in advance.
b. Acknowledge that DXC reserves the right to suspend or cancel Rehearsals at any time, even while in progress, if equipment, staff, and other resources are required in order to support recovery services to customers.
S3.6. Maintenance Windows
S3.6.1. DXC Responsibilities:
a. Perform regular maintenance, update or upgrade hardware or software, or for other similar purposes during Maintenance Windows that are scheduled at DXC’s discretion at times announced in advance.
b. Advise Customer of any material changes in the timing or duration of the Maintenance Windows.
c. If Customer suffers a disaster during a Maintenance Window and Replicated Data Sets or equipment are then unavailable, make diligent efforts to complete maintenance then in progress as quickly as reasonably possible and make them available for performance of Replication Based Disaster Recovery services.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 69
S3.6.2. Customer Responsibilities:
a. Acknowledge that DXC may take the Customer’s Replication Recovery Environment in the Managed VPC Continuity Services Recovery Center out of service during Maintenance Windows in order to perform regular maintenance as deemed required by DXC.
b. Acknowledge that during Maintenance Windows, replicated data will be retained temporarily on Customer’s Replication Equipment. Buffered data is released after completion of the Maintenance Window.
c. Acknowledge that DXC reserves the right to withdraw equipment from service during Maintenance Windows.
S3.7. Limitations and Exclusions a. Recovery services are limited to Contracted Continuity Storage Capacity
and Replicated Data Sets.
b. Replication Based Disaster Recovery services are provided using shared infrastructure, staff, and other resources maintained for use in Rehearsals and, when necessary, actual recovery for DXC customers generally. Resources are generally allocated on a first-come, first-served basis. Availability of sufficient capacity cannot be guaranteed, but if capacity is insufficient to meet recovery requirements of multiple customers (for example, following a major natural disaster or other catastrophe affecting multiple customers) DXC will use and allocate available capacity reasonably and impartially among similarly situated customers. Customer will cooperate with DXC to allocate available capacity among affected customers and will take reasonable measures, which may include (among others) shared use of facilities and equipment, substitution of configurations, and use of alternate DXC sites.
c. Replication Based Disaster Recovery services include two eight-hour business days for Rehearsals every twelve months. Rehearsals aborted by DXC (for example, because of disasters affecting other customers) do not count toward the foregoing limitations. Rehearsals are conducted during the normal business hours at relevant DXC facilities. Additional Rehearsals or Rehearsal time may be available at additional cost, subject to availability, as provided above.
d. Replication Based Disaster Recovery services include up to 90 days of recovery service (that is, operation using the Replicated Data Sets as Customer’s Primary Data and operation from the Compute Resources furnished under the Replication Based Disaster Recovery services) following an Invocation.
e. Replication Based Disaster Recovery services exclude support for Customer’s applications, operating systems, and End Users; creation of test cases or providing test resources; and additional copying of data to any backup service or device, other than the Replication Equipment. Customer further acknowledges that during recovery operations, DXC provides no additional data backup or redundancy beyond what the Customer is required to purchase as a prerequisite for Replication Based Disaster Recovery services, as specified in Section S3.1.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 70
f. Customer acknowledges that data Replication is not instantaneous, but involves delays because of the Replication and communication technologies. DXC therefore has no responsibility or liability for data lost or corrupted because of communications time lags or delays, such as data generated between the time of the last successful data Replication and the relevant Invocation.
g. If a Force Majeure Event makes the Replication Equipment or the Managed VPC Continuity Services Recovery Center unavailable, DXC will promptly inform Customer and use reasonable efforts to restore operations in accordance with its corporate continuity plan then in effect.
h. After Invocation, Service Levels do not apply until normal operations are restored.
S3.8. Optional Add-On Service Features Upon request, through an Order or approved change, DXC will provide the Optional Add-Ons described below for the applicable additional Charges.
S3.8.1. Additional Rehearsals
Additional Rehearsals or Rehearsal blocks may be available at an additional Charge, upon Customer’s request, subject to availability of resources.
S3.8.2. Temporary Storage
Customer may request additional Temporary Storage to be made available during Rehearsal or Invocation. This storage capacity will be made available only for the period of the Rehearsal or Invocation and is intended for the storage of transitory data. All data held in the Temporary Storage will be deleted at the end of the Rehearsal or Invocation. Temporary Storage will not be available during normal operations and does not form part of the replicated storage capacity.
S3.8.3. Allocated Hypervisor
An Allocated Hypervisor on an associated allocated server is available as an Optional Add-On if Customer has specific physical hardware requirements for particular recovered virtual machines to run on. These hardware requirements will specify either socket count, core count, or memory of the Physical Server enabling Customer to meet specific application software licensing terms and conditions.
S3.8.4. Hosted Active Directory Server
If Customer requests this Optional Add-On, DXC will provide a virtual machine within the recovery environment to host an Active Directory Server in order to support complex Microsoft Active Directory configurations (e.g., multiple domains and/or multiple sites).
S3.8.5. Additional Virtual Routing Instance
Continuity Services provide as part of the core solution a single Virtual Routing Instance in the recovery environment. If Customer has more complex network requirements and needs multiple independent routers, Customer may purchase additional independent Virtual Routing Instances. These instances are made available during Invocation or Rehearsals and are not permanently active.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 71
S3.8.6. Additional Virtual Firewall Instance
Continuity Services provide as part of the core solution a single Virtual Firewall Instance in the Invocation compartment. If multiple independent firewalls are required, Customer may purchase additional Virtual Firewall Instances. These instances are made available during Invocation or Rehearsals and are not permanently active.
S3.8.7. Process Servers
Additional Process Servers may be required to support the total amount of Customer Data to be protected. The number of total Process Servers will be determined by DXC and presented to Customer for approval.
S3.8.8. Customer Rehearsal Management Process Optimization
DXC provides remote access to a DXC consultant certified by Disaster Recovery Institute International (“DRII”) and/or the Business Continuity Institute (“BCI”) to advise the Customer in areas related to planning and execution of business IT process testing on the recovered systems and evaluation of the results of these tests. DXC’s standard list pricing applies based on the size of the engagement, which will also determine the maximum number of business days during which the DXC consultant would be available to the Customer. Additionally, DXC provides document templates for Customer internal use to assist the Customer in defining business processes to be tested after recovery, Customer Responsibilities related to testing business IT processes, desired outcomes of business IT process testing, and metrics used to validate successful testing of business IT processes. In support of this effort, the Customer will engage business process leaders who understand the Customer’s business processes to be recovered and can contribute to defining these business processes and verification of testing processes and metrics to be applied. The Customer is responsible for execution against the defined processes during the Rehearsal and for gathering and recording test results.
S3.8.9. IT Services Continuity Management (“ITSCM") Workshop
If this Optional Add-On is selected by Customer, DXC will facilitate an annual workshop, the purpose of which is to assess and document the Customer’s current Continuity Services capability and compare this to industry best practice as described by the BCI and DRII and within ISO 22301. DXC’s standard list pricing applies based on the size of the engagement, which will also determine the duration of the workshop. The workshop can be conducted virtually through use of teleconferencing or at the Customer requested location (subject to Customer’s reimbursement of DXC’s travel related expenses). The workshop will require active Customer participation as DXC deems necessary to determine the full scope of their ITSCM capability, which will encompass any third-party providers of ITSCM/disaster recovery services/solutions. Following the workshop, DXC will provide a report that will document findings resulting from the workshop and is intended to highlight deficiencies in the Customer’s existing ITSCM processes and to recommend remedial actions. This report is not, and may not be used as, an audit against ISO 22301, ISO 22313, or any Service management standard.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 72
S3.9. Support Services
S3.9.1. Liaison between DXC and Customer
Provide Customer with access to the Operations Center as set forth in Section 1.11.
The following are examples of how the Operations Center priority levels would apply for Continuity Services:
Priority Description Examples Priority 1
Emergency event Production system outage or severely affected by Replication; requests for assistance during Fail-Over
Priority 2
Business critical Problem
Replication stalled
Priority 3
Degraded service Loss of a single Replication instance
Priority 4
Priority requests Response to high-priority support questions (at Customer’s reasonable request) High priority change request
Priority 5 Routine Lower priority questions or change requests
If an Incident reported to the Operations Center requires designation of the Data Copy as Primary Data, Replication will be suspended until the production site has been restored and data has been re-synchronized.
S3.9.2. Customer Data Erasure
All Customer Data residing on DXC storage infrastructure contained within the Replication Recovery Environment, and used to deliver the Services during Rehearsals or normal operations, will be erased from the storage as part of the standard Multi-Tenant storage array capability when returned to the storage pool prior to it being made available for use by other customers.
If Customer requires a 3-pass security erasure of their data, this is available on request as a chargeable custom Option priced on request and is not included as part of the Base Services.
S3.10. Disengagement Beginning 90 days before Continuity Services are scheduled to expire, or promptly following issuance of a termination notice for the Services and/or Continuity Services, DXC will have the following responsibilities. In case of partial termination, the following will apply only to the portion of Continuity Services terminated, including related infrastructure.
a. Discontinue activities associated with delivery of Replication Based Disaster Recovery, including discontinuation of all Replication and erasure of all storage media.
b. Give Customer notice that all operating systems and storage Media have been erased at the Managed VPC Continuity Services Recovery Center as further described in Section S3.9.2.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 73
Schedule 4. Backup and Recovery Services
S4.1. Introduction This Schedule will apply to each Order placed for Services to the extent the Managed VPC backup and recovery services (“BUR”) are selected by Customer for purchase, and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular Backup and Recovery Services in this Schedule 4 or elsewhere in this Solution Pack are subject to the more detailed descriptions below. Backup and Recovery Services’ usage is limited to within the Customer’s Managed VPC environment.
Termination or suspension of all or any part of the Services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Backup and Recovery Services.
The Services as further described within this Solution Pack consist of:
a. Protection Services for servers or devices that provide Full Server Backup. Protection Service options include: i. Filesystem backup; or ii. Filesystem and database backup.
b. Long-Term Protection and Archival Services that provide additional backup copies retained beyond 60 days on: i. Encrypted physical medium (LTO cartridges) stored off-site in a
secure facility managed by third-party providers outside of DXC; and
ii. Encrypted on-line virtual disk storage located in a DXC data center(s), where the Services are provided.
S4.2. Responsibilities and Exclusions
S4.2.1. DXC Responsibilities:
a. Operate DXC data centers in accordance with DXC’s best practices: i. Access control by key card or biometric scanner; ii. Site monitoring which includes indoor/outdoor video surveillance
and on-site security personnel on a 24 by 7 basis; iii. Redundant power and cooling infrastructure; iv. Diverse network access points; v. ITIL based operations; and vi. Review of data center physical security at least annually.
b. Encrypt identity passwords for system user access.
c. Use two factor authenticated access to privileged user accounts by DXC personnel.
d. Provide encryption at Customer’s option for Customer Data transmitted over the network (public or private).
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 74
e. Provide dedicated appliances for the Customer with a perimeter firewall that filters traffic flows to allow only well-defined traffic to move through the firewall.
f. Control Customer separation using the following standard networking technologies: i. VLAN technology to maintain layer 2 segregation; ii. Multi-protocol label switching at layer 3 to maintain separate
Virtual Routing Instances for each customer allowing multiple subnets and VLANs to communicate within each customer environment; and
iii. Firewalls which provide perimeter security, and enable virtualized customer environments to exist within the same physical device.
g. Provide logical separation and isolation of Customer’s network traffic in order to reduce the risk that Customer Data could be subject to unauthorized exposure during transport across DXC’s BUR network infrastructure.
h. Assist Customer in securing dedicated Local Cache Device(s) which Customer will install within Customer-dedicated networks in order to separate Customer’s environments from other customers’ environments.
i. Collect and store security events from the hypervisor and other BUR devices so that security logs would be available for manual forensic analysis by DXC if such analysis were determined to be necessary.
j. Conduct Incident responses through DXC global security Operations Centers.
k. Make reasonable efforts to assist Customer with resolution of backup issues, provided they are promptly reported to DXC.
l. Secure Customer Data in the BUR Vault using industry standard “containers” that restrict customers to their dedicated storage pool.
m. Provide optional network intrusion detection and network intrusion prevention services to inspect traffic to the BUR network. Industry-standard attack filters are deployed in order to detect, report, and block known network security threats before they can harm the BUR network or infrastructure.
S4.2.2. Customer Responsibilities:
These Customer Responsibilities are not exhaustive.
a. Maintain responsibility for all security policies and procedures of its IT environment.
b. Install Local Cache Device within Customer-dedicated networks.
c. Provide suitable security controls applicable to the data and the applications in their environment.
d. Provide timely response to any security issues or Incidents identified by DXC.
e. Deploy software packages provided by DXC on all Customer’s servers protected by the Backup and Recovery Services (“Protected Servers”).
f. Configure and maintain Customer’s servers including backup agents, backup scripts, and associated applications.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 75
g. Follow operational procedures delivered by DXC.
h. Accept standard firewall rules, in accordance with this Solution Pack.
i. Report, troubleshoot, and resolve Incidents impacting Customer’s servers protected by the Backup and Recovery Services remaining outside of DXC’s control.
j. Provide DXC with written notice, with delivery confirmation, at least 24 hours prior to performing a vulnerability scan of Customer’s dedicated network compartment(s).
k. Implement strong access and authentication controls and policies so that only its authorized users have access to the Customer servers.
l. For Protected Servers: keep operating systems patched on a timely basis; deploy commercial anti-malware tools and always keep those tools and definitions current; change default administrative passwords as necessary to maintain access security; and use reliable and secure authentication protocols and mechanisms.
m. Never access or attempt to access the DXC internal network or perform unauthorized testing or scanning (including penetration testing).
n. Require secure passwords when changing passwords on Customer accounts.
o. Restrict access within the applications and manage Customer user rights.
p. Notify DXC once encryption of Customer Data has been implemented.
q. Additionally, the Customer will: i. Implement all data and application controls including the retention
and removal of data from systems and encryption of sensitive data (if required);
ii. Follow secure practices for individual account based access for accountability and traceability;
iii. Identify sensitive data that requires “in country” retention. iv. Purchase appropriate Protection Plans to meet the Customer’s
requirements; v. Provide account information and access rights for Customer’s
servers in the Customer Compartment protected by the Backup and Recovery service and inform DXC when changes are implemented; and
vi. Adhere to monthly BUR Maintenance Windows and respecting Emergency Change windows as and when requested by DXC.
S4.3. Protection Plans Protection Services purchased by Customer provide protection for servers and all the storage assigned to servers (DAS or SAN) or NAS storage as described below. Responsibilities related to delivery of Protection Services are further detailed in Section S4.4.
S4.3.1. Filesystem Backup
If Customer chooses filesystem backup for their servers or devices (including Virtual Appliances), DXC will provide the following:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 76
a. Weekly Full Server Backup of Customer files (excluding databases) using virtual storage technology;
b. Incremental daily filesystem backup of Customer files (excluding databases) using virtual storage technology;
c. FIPS compliant encryption of backup storage; and
d. Restoration of Customer’s files from backup upon request.
S4.3.2. Filesystem Backup for NAS Storage
If Customer utilizes the Backup and Recovery Services for their NAS storage, DXC will provide the following:
a. Weekly full and daily incremental NAS storage backup using virtual storage technology;
b. FIPS compliant encryption of backup storage;
c. Restoration of Customer’s files, folders, and shares from backup upon request; and
d. Recovery of Customer’s volumes from NAS Snapshot upon request.
Where NetApp arrays are managed by DXC, daily Snapshot of Virtual Machines will be created and retained for seven days.
In addition to the above, optional Long-Term Protection and Archival Services’ copies are available for NAS storage as described in Section S4.7. Note that protection for NAS storage does not support database backups.
S4.3.3. Filesystem and Database Backup
If Customer chooses filesystem and online database backup for their servers, DXC will provide the following:
a. Weekly Full Server Backup of Customer files (excluding databases) using virtual storage technology;
b. Incremental daily filesystem backup of Customer files (excluding databases) using virtual storage technology;
c. Online database backup of Customer databases using virtual storage technology with weekly full database backup (standard Protection Plan) or daily full database backup (high end Protection Plan); depending on the Protection Plan selected;
d. Daily on-line incremental/differential backup of Customer databases using virtual storage technology complementing weekly full database backup delivered by a standard Protection Plan;
e. Backup of the transaction log or archive log executed once every twelve hours (standard Protection Plan) or every two hours (high end Protection Plan) depending on the Protection Plan selected;
f. FIPS compliant encryption of backup storage; and
g. Restoration of Customer’s files and databases from backups upon request.
Note that not all databases support incremental or differential backups. Additional limitations may apply to the purchase of database backup services resulting from Customer required configuration of their database.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 77
S4.4. Base Features The following Base features apply to all Protection Service options described in Section S4.3 and are provided to Customer purchasing Protection Services at no additional Charge subject to conditions noted below.
S4.4.1. Protection Period
Customer can choose one of the following Protection Periods:
a. Thirty days; or
b. Sixty days.
S4.4.2. Data Locality
Customers who require a guarantee that their data will not leave the country of origin (country where backup was created) will be able to select the "Data Locality" option.
By choosing this option, the Customer limits their ability to consume Replication based service outside of the BUR Vault. As a result, any Protection Service purchased by the Customer will be limited to creation of a single electronic backup copy and single off-site Tape copy. Protection periods of both backup copies align with the Protection Service described in Section S4.3.
S4.4.3. Protection for Virtual Servers
Image backup and file level restoration is provided by default for VMware and Microsoft Hyper-V Virtual Servers and VMware Virtual Appliances where filesystem backup was ordered by the Customer. (Image backup is not supported for either VMware or Microsoft Hyper-V Virtual Servers or VMware Virtual Appliances hosting databases.)
In addition to Image backup and file level restoration Customer can request the following:
a. File level data restoration to an original location (excluding Virtual Appliances), a different directory on the source server (excluding Virtual Appliances), or a different Virtual or Physical Server; or
b. Image recovery to the original location (with the overwrite option selected).
Protection for Virtual Servers hosted on VMware, Microsoft Hyper-V, and VMware Virtual Appliances will be delivered via an Off-host Backup restricting backup selection to Full Server Backup only.
S4.4.4. Bare Metal Recovery
Bare Metal Recovery (“BMR”) provides recovery of the operating system, Customer Data, and/or databases from backup copies following a disaster or corruption. BMR service options are described below:
a. BMR supports granular recovery of Microsoft Active Directory and Windows system status data allowing for full or partial Restore to the original or an alternate location.
b. BMR supports recovery to the original server within remote data center. BMR recoveries between data centers may be inhibited by third-party conditions unforeseen by DXC.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 78
c. Physical Servers, Virtual Servers, and Virtual Appliances will not require minimal operating system reinstallation following a disaster before Restore can be initiated.
d. BMR capability does not support: i. Physical Server to Virtual Server recovery; or ii. BMR recoveries into Continuity Services data centers.
S4.5. Setting up Protection Services
S4.5.1. Backup Windows
Customer can choose from the following standard Backup Windows in local time for the data center where Backup and Recovery Services are delivered:
a. 18:00 – 06:00
b. 21:00 – 09:00
c. 00:00 – 12:00
d. 03:00 – 15:00
S4.5.2. Replication Windows
a. 06:00 – 18:00 for Backup Windows of 18:00 – 06:00
b. 09:00 – 21:00 for Backup Windows of 21:00 – 09:00
c. 12:00 – 00:00 for Backup Windows of 00:00 – 12:00
d. 15:00 – 03:00 for Backup Windows of 03:00 – 15:00
Replication of transaction/archive logs will be executed continuously by DXC outside of the Replication Window on 24/7 basis.
S4.6. Optional Add-On Service Features The following Optional Add-On applies to the Protection Service described in Section S4.3 and are provided to the Customer subject to conditions noted below. Additional Charges may apply for these Optional features at DXC’s then current rates.
S4.6.1. Test Restore Service
The most common use cases where the Customer could request Test Restore Services are:
a. To move data between servers (production to quality assurance/test);
b. For server and/or database upgrade; and/or
c. For Restore Rehearsal.
Test Restore Service requests must contain a single source and single destination (1 to 1 relationship). Customer Data can be restored to the original or an alternate Physical Server or Virtual Server. However, when Restore is to the original Physical Server or Virtual Server, this Service does not support overwriting the production data.
Operational Restores are included when Protection Plans are purchased.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 79
S4.7. Long-Term Protection and Archival Charges for Long-Term Protection and Archival Services vary depending on the volume of backup storage consumed by Customer Data. Long-Term Protection and Archival Service options include:
S4.7.1. Electronic Vaulting Service
Electronic Vaulting Service (“EVS”) enables Replication of backup images to the BUR Vaults. Backup copies are replicated to BUR Vaults during the Customer specified Replication Window as outlined in Section S4.5.2.
EVS can be provided at an additional Charge. Customers choosing the EVS Option will receive the following:
a. FIPS level 2 compliant encryption of backup storage.
b. Choice of Protection Plans that provide copy frequency and Protection period for EVS as provided in the following table:
Copy Frequency Protection Period Daily 30 or 60 days
Monthly 12 or 24 months
c. Creation of two parallel backup copies retained in geographically dispersed BUR Vaults (A and B) deployed in Managed VPC data centers.
d. Ability to select a standard monthly copy weekend from available weekends during Customer on-boarding for Backup and Recovery Services for the monthly EVS.
e. Upon request, restoration of Customer Data from electronically vaulted copies.
S4.7.2. Off-site Tape Copy Service
Daily or monthly off-site Tape copy service can be provided at an additional Charge. Customers choosing the off-site Tape copy service Option will receive the following:
a. FIPS level 2 compliant encryption and storage of off-site copies.
b. Choice of Protection Plans that provide copy frequency and Protection period options for off-site Tape copy service as provided in the following table:
Copy Frequency Protection Period Daily 30 or 60 days
Monthly 12 or 24 months
c. Ability to select a standard monthly copy weekend from available weekends during Customer on-boarding for Backup and Recovery Services.
d. Upon request, restoration of Customer Data from off-site copies.
S4.7.3. Compliance Archive Service
Customers choosing the Compliance Archive Service Option will receive the following:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 80
a. FIPS Level 2 compliance encryption and off-site storage of the WORM Tapes.
b. Choice of Protection Plan that provide yearly archival to WORM Tapes for 5, 7, or 10 years.
c. Upon request, restoration of data from off-site WORM Tape to the original DXC data center where the Services are provided.
d. Tapes will be verified for readability every 12 months and a reliability report will be provided. Tapes will be replaced as DXC deems necessary. DXC has no responsibility for loss, corruption, or destruction of data other than restoration from then-current archive copies maintained by DXC (only to the extent that DXC provides backups and Customer chooses relevant options).
e. WORM Tapes will be destroyed at the end of the Protection period specified by the Customer’s Order. A document certifying the destruction will be provided by DXC.
f. For archive services greater than five years, DXC will copy the existing WORM Tape to a new WORM Tape in the then-current Tape format and the original WORM Tape will be disposed of as outlined in (e) above.
g. Choice of the month when the archival copy will be created during Customer on-boarding for the Backup and Recovery Services.
S4.7.4. Backup Import Service
This Service enables Customer to import backup Images into long-term and/or archival protection. While importing backup images, the existing Protection period (retention) may be increased to align with standard Protection periods offered by Backup and Recovery Services. This optional Add-On can only be executed when the Customer is:
a. On-boarded into the Backup and Recovery Services; and
b. Eligibility requirements for long-term and/or archival protection have been met. These include: i. Linear Tape-Open (“LTO”) Tapes must be written in either Veritas
NetBackup or Veritas Backup Exec formats; ii. Original LTO Tape cartridges must not be of lower generation than
LTO-4; iii. Original Protection period of backup images to be imported must
be greater than 90 days; and iv. When the original Tape cartridge is encrypted, the encryption
key(s) must be provided in advance. DXC can only accept encryption keys compatible with HPE ESKM appliances.
DXC will not guarantee “import by date” for backup images to be imported. Tasks for this optional Add-On will be executed on a “first come first served basis” and will not be subject to any Service Levels.
Once the backup import procedure is finalized, the original Tape cartridges will be returned to the Customer and from that point forward, the Customer’s imported data will be subject to Charges associated with the Long-Term Protection and Archival Services purchased by the Customer.
Imported backup images will be available for restoration of files, folders, or databases to compatible server(s) or device(s) only. For example, it would
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 81
not be possible to restore an NDMP backup to a Physical Server or a VMWare Virtual Server to a Hyper-V Cluster. Full recovery of Physical or Virtual Servers is not supported by this optional Add-On.
S4.8. Backup and Recovery Services Self-Service
S4.8.1. On-Demand backup
On-demand backup allows the Customer consuming Backup and Recovery Services to execute ad-hoc Full Server Backup outside of the backup schedule at no additional Charge.
Customers who purchase Protection for filesystems can execute on-demand backup of filesystems only. Customers who purchase Protection for filesystems and databases can execute on-demand backup of filesystems and/or databases.
S4.8.2. Backup exclusions
The Backup and Recovery Services enable Customer to configure filesystem and/or database backup exclusions for individual backup clients, henceforth it is Customer’s responsibility to define and maintain backup exclusions they apply. Backup exclusions cannot be applied to:
a. NAS arrays protected via NDMP;
b. VMware Virtual Servers and Virtual Appliances protected by VADP (Off-host Backup for VMware);
c. Hyper-V Virtual Servers protected by an Off-host Backup for Hyper-V (“VSS”);
d. VMware Virtual Servers with RDMs when Snapshot backup is configured; or
e. Physical Severs when Snapshot backup is configured.
S4.8.3. Restore and Recovery
Customers consuming Backup and Recovery Services may execute Restores from backup copies retained locally at any time for the following workloads:
a. Filesystem Restores to the original or an alternate server (either Physical or VMware/Hyper-V Virtual Servers);
b. Database Restore to the original or an alternate server (either Physical or VMware/Hyper-V Virtual Servers); or
c. For restores to an alternate server, Customer is required to open a service request by contacting the VPC account team before they will be allowed to execute the restoration.
S4.9. Backup Limitations Backup limitations are based on the volume of storage assigned to a server. Following are DXC recommended backup limits:
Backup Type
Platform File Level
File and Database
Level
Image Level
Volume Level
Physical Server Off-host Backup – RMC* n/a n/a n/a n/a
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 82
In-OS backup 20 TB 20 TB n/a n/a VMware Virtual Server
Off-host Backup – VADP n/a n/a 10 TB n/a In-Guest Backup 3 TB 3 TB n/a n/a
VMware Virtual Server - RDMs
Off-host backup – RMC* n/a n/a n/a n/a In-Guest Backup 10 TB 10 TB n/a n/a
VMware Virtual Appliances
Off-host Backup – VADP n/a n/a 10 TB n/a
Hyper-V Virtual Server
Off-host Backup – VSS n/a n/a 5 TB n/a In-Guest Backup 3 TB 3 TB n/a n/a
VPC File Storage (NetApp)
Off-host Backup – NDMP
n/a n/a n/a 20 TB
* Off-host Backup – RMC backup will apply to solutions built around HPE 3PAR storage arrays only, when and if available. .
S4.10. Compatibility Matrix Customer remains responsible for evaluating and respecting compatibility between Backup and Recovery Services and the hardware and software components defined below:
a. Backup and recovery of the following operating systems, including OS Clusters and BMR: i. Microsoft Windows 2008R2 and above; ii. Red Hat Enterprise Linux 5 (x64 only) – 7.x; iii. SUSE Enterprise Linux (SLES) 11(x64 only) – 12; iv. Centos 5 (x64 only) – 7 (VMware Virtual Appliances only); v. HP-UX 11.x; and vi. Solaris 10 (x64 only) – 11.
b. Filesystem backup of the following filesystems: i. NTFS & ReFS; ii. Extant Filesystem (ext2-4); iii. Unix Filesystem (UFS); and iv. Journal Filesystem (JFS).
c. Flash backup of the following filesystems: i. NTFS (Windows); ii. ufs (Solaris); and iii. Online JFS (HP-UX).
d. Backup and recovery of the following database platforms (including High Availability implementations): i. Microsoft SQL Server 2008 and above; ii. Microsoft Exchange Server 2007 and above; iii. Microsoft SharePoint Server 2007 and above; iv. IBM Lotus Domino 8.0 and above; v. Oracle 11G and above; vi. Sybase ASE 15 and above; vii. IBM DB2 9.1 and above;
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 83
viii. SAP SQL 2008 and above; ix. SAP Oracle (BRtools) 6 and above; x. SAP Oracle RMAN 11G and above; xi. SAP IBM DB2 9.1 and above; xii. SAP Sybase ASE 15 and above; xiii. SAP MaxDB (BRtools) 7 and above; xiv. SAP HANA (Scale-up & Scale-out) SPS 5 and above (SPS12
strongly recommended); and xv. SAP HANA 2.0 (Scale-up & Scale-out) SPS 00 and above.
e. Off-host Backup for Virtual Servers and Virtual Appliances i. VMware ESXi 5 and above (VADP); and ii. Microsoft Hyper-V 2008R2 and above.
f. NDMP backup for NAS: i. NetApp FAS arrays (ONTAP 9.x) including NAS Snapshots and
NDMP accelerator; and ii. For compatibility with remaining NAS platforms please consult
DXC sales.
S4.11. Disengagement Disengagement begins 90 days before the Contract, the Governing Agreement and/or this Solution Pack is scheduled to expire or promptly following issuance of notice to terminate the Contract, the Governing Agreement, this Solution Pack, and/or an Order for Services.
S4.11.1. DXC Responsibilities:
a. Give periodic notice to Customer of pending expiration or termination of the Contract, the Governing Agreement and/or this Solution Pack resulting in cessation of Services.
b. Ensure Customer Data associated with an Order is removed from all storage Media (including backups, if any) or rendered unreadable upon cancellation of that Order. The method used to remove Customer Data from storage Media varies based on the type of storage being used.
c. Following expiration of the Contract, the Governing Agreement or this Solution Pack, DXC will honor open Orders during a grace period for up to 90 days. No new Orders will be accepted during the grace period until/if the Contract or the Governing Agreement is renewed. If the Contract or the Governing Agreement is not renewed before completion of the grace period, all open Orders will be cancelled and Customer Data will be removed as noted above. Service charges will continue to apply until completion of the grace period, cancellation of any open Order(s), or transition to a renewed Contract or Governing Agreement; whichever occurs first.
S4.11.2. Customer Responsibilities:
a. Provide notice to DXC of Customer’s termination of the Contract, the Governing Agreement and/or this Solution Pack in accordance with the applicable termination and notice provisions of the Contract and Governing Agreement.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 84
b. Remove all Customer Data and Customer software prior to cancellation of an Order in the Managed Services Portal once all Minimum Order Term Commitments have been met.
c. Disconnect from the DXC data center.
S4.11.3. Termination of Orders for Backup and Recovery Services
Upon request, the Customer can choose to either remove or decommission Backup and Recovery Services’ option(s) under an Order as follows:
a. Removal of Backup and Recovery Services result in discontinuation of Protection for a server and retention of existing backup copies until the scheduled expiration date is reached. Customer Data can be restored to a Customer designated server or storage device before the expiration date of the backup copies is reached.
b. Decommissioning of Backup and Recovery Services results in discontinuation of Protection for a server and immediate expiration of existing backup images. Decommissioning of Protection Service cannot be reverted and will result in immediate and permanent deletion of backup data.
S4.11.4. Expiration or Termination of the Contract
Upon expiration or termination of the Contract, the Customer can choose to either remove or decommission Backup and Recovery Services as follows:
a. Removal of Backup and Recovery Services results in discontinuation of Services for all servers and retention of existing backup copies until the scheduled expiration date is reached. Customer Data can be restored to a Customer designated server or storage device before the expiration date of backup copies is reached. DXC is not obliged to provide Tape cartridges, USB sticks, DVD drives, or any other physical medium to the Customer upon expiration or termination of the Contract.
b. Decommissioning of Backup and Recovery Services results in discontinuation of Protection for all servers while existing backup copies are expired immediately. Decommissioning of Protection Services cannot be reverted and will result in immediate and permanent deletion of backup data. Requests for restoration of data must be submitted at least 90 days prior to expiration or termination of the Contract.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 85
Schedule 5. Managed VPC Storage Services
S5.1. Introduction This Schedule will apply to each Order placed for Services to the extent the Managed VPC Storage Services, as defined in this Schedule (“Storage Services”) are selected by Customer for purchase, and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular Storage Services in this Schedule 5 or elsewhere in this Solution Pack are subject to the more detailed descriptions below. Storage Service usage is limited to within the Customer’s Managed VPC environment. Termination or suspension of all or any part of the Services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Storage Services.
If Customer purchases Multi-Tenant Storage Services, Customer can choose one or more of the following services for file system level storage or database storage: a) Ultra-High-Performance Storage, b) High-Performance Storage, c) Performance Storage, d) Bulk Storage, and e) File Enhanced Storage.
Customer will use the Managed Services Portal to order Storage Services. A complete list of orderable items available in the requested data center can be viewed in the Portal.
S5.2. Storage Services Optional Add-On Service Features The Storage Services Optional Add-Ons are listed in the table in Section S5.2.3 in order of highest to lowest levels of performance. Actual storage and application performance depend on a number of factors including without limitation workload size and type and read/write activity. LUN sizes for Physical Servers and virtual disk sizes for Virtual Servers available for ordering are as specified in the Managed Services Portal.
S5.2.1. DXC Responsibilities:
a. Provide the Storage Services as selected by Customer and described in this Schedule 5.
S5.2.2. Customer Responsibilities:
a. Select the appropriate storage tier to meet Customer’s performance requirements.
S5.2.3. Storage Service Options:
Storage Level
Storage Type
Intended Use (1)
Server Type
Performance Attributes
Average Response
Time Ultra-High-Performance Storage
SAN in Managed VPC environment
Read intensive applications or any applications with high demanding IO
Physical Servers only
Up to 150K IOPS at 8000 random IOs with 80/20 read/write ratio
≤ 3 MS
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 86
Storage Level
Storage Type
Intended Use (1)
Server Type
Performance Attributes
Average Response
Time workloads that
can benefit from SSD
High-Performance Storage (2)
SAN in Managed VPC environment
Write intensive applications; applications that are critical to business revenue and require high performance and availability (e.g., SAP, Oracle Business Intelligence or OLTP)
Physical Servers only
Up to 80K IOPS at 8000 random IOs with 80/20 read/write ratio
≤ 12 MS
Performance Storage
SAN in Managed VPC environment
Important applications; applications requiring fast response time for less critical business revenue (e.g., OLTP, SAP, Oracle, virtualization, or business applications)
Physical and Virtual Servers
Up to 57K IOPS at 8000 random IOs with 80/20 read/write ratio
≤ 15 MS
Bulk Storage
SAN in Managed VPC environment
Less important applications; applications requiring slower response time for less business-critical revenue (e.g., content depot, fixed content, compliance, long term retention, or compute intensive applications requiring SAN storage)
Physical Servers only
Up to 10K IOPS at 8000 random IOs with 80/20 read/write ratio
≤ 30 MS
File Enhanced Storage
NAS in Managed VPC environment
Applications requiring fast response time for less critical business revenue (e.g., file-based storage, lower-cost storage for sharing unstructured data)
Physical and Virtual Servers
N/A N/A
Notes:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 87
(1) Intended uses specified in this table are provided as guidance only and are not representations that the Services will be suitable for such uses in particular circumstances.
(2) Where High-Performance Storage is not available, DXC reserves the right to substitute with Ultra-High-Performance Storage at no increase in Charge to the Customer over what would apply to an equivalent allocation of High-Performance Storage.
(3) Average response times are measured at the storage array.
S5.3. Optional Add-On Service Feature
S5.3.1. Data Transport Service
S5.3.1.1. DXC Responsibilities:
a. Allow Customer access to the Managed VPC compartment with an approved NAS device.
b. Communicate any limitations applicable to the NAS device types supplied by Customer.
S5.3.1.2. Customer Responsibilities:
a. Encrypt the data being transported in and out of their Managed VPC compartment. Limitations may apply based on the approved NAS device type.
S5.4. Managed VPC Storage Service Limitations
S5.4.1. Location
Not all storage Optional Add-Ons are available in all DXC data centers. Only those storage Optional Add-Ons available for the data center housing the Customer’s Managed VPC environment will be available for selection in the Managed Services Portal (as they may be modified and supplemented from time to time by DXC).
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 88
Schedule 6. Managed VPC Networking Services
S6.1. Introduction This Schedule will apply to each Order placed for Services to the extent the Networking Services are selected for purchase by Customer, and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular services in this Schedule or elsewhere in this Solution Pack are subject to the more detailed descriptions below.
Networking Services usage is limited to within the Customer’s Managed VPC environment. Termination or suspension of all or any part of the Services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Networking Services under this Schedule.
Customer will use the Managed Services Portal to order Networking Services offered under this Solution Pack. A complete list of orderable items available in the requested data center can be viewed in the Managed Services Portal.
S6.2. Networking Services Optional Add-On Service Features DXC will provide the optional Networking Services Add-Ons specified in Customer’s Order, as described in this Section S6.2, at the rates specified in the Managed Services Portal or in a separate DXC accepted Order depending on the ordering mechanism used by the Customer at the time the Order is placed.
S6.2.1. Network Switch as a Service
S6.2.1.1. DXC Responsibilities:
a. Provide Network Switch as a Service that allows Customer provided physical devices to be connected to the Customer Compartment.
b. Manage one or more Customer dedicated Network Switches. Limitations apply to the specific devices supported as part of this Service.
S6.2.1.2. Customer Responsibilities:
a. Request the optional Network Switch as a Service through the Managed Services Portal.
b. Provide DXC with relevant information regarding specific devices to be supported.
S6.2.2. Bandwidth Services
These bandwidth service options allow the Customer to access Managed VPC resources:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 89
S6.2.3. Leveraged Internet Service (“LIS”)
S6.2.3.1. DXC Responsibilities:
a. Provide: (i) installation and management of network connections to the relevant DXC data center(s), (ii) installation, configuration, and testing of these connections; (iii) monitoring availability of circuits, routers, and switch ports; and (iv) corrective action as deemed necessary and appropriate by DXC in the event of operational or security Incidents, if requested by Customer.
S6.2.3.2. Customer Responsibilities:
a. Request LIS through the Managed Services Portal.
S6.2.4. Compartment Bandwidth Service
S6.2.4.1. DXC Responsibilities:
a. Provide additional bandwidth capacity up to 800 Mbps in total, in increments of 50 Mbps, if requested by Customer.
S6.2.4.2. Customer Responsibilities:
a. Request additional bandwidth capacity as needed in increments of 50 Mbps, up to a total capacity of 800 Mbps, through the Managed Services Portal.
S6.2.5. Firewall Concurrent Sessions
S6.2.5.1. DXC Responsibilities:
a. Provide additional concurrent connections exceeding the base capacity limit of 15,000 concurrent connections upon Customer’s request.
S6.2.5.2. Customer Responsibilities:
a. Request additional concurrent connections through the Managed Services Portal.
S6.2.6. Customer Provided Internet Protocol (“IP”) Address Service (“Bring Your Own IP” or “BYOIP”)
S6.2.6.1. DXC Responsibilities:
a. Provide Customer with the eligibility requirements to obtain the BYOIP, enabling Customer to: i. Assign Customer provided IP addresses directly to Customer’s
VPC servers; ii. Keep Customer’s IP addressing schemes aligned with Customer’s
enterprise environment; and iii. Control which servers are assigned Customer provided IP
addresses.
S6.2.6.2. Customer Responsibilities:
a. Work with DXC to determine eligibility requirements for the Bring Your Own IP and provide required IP address information and server designations.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 90
S6.2.7. Firewall Services
S6.2.7.1. DXC Responsibilities:
a. Provide Customer with specified use conditions to configure the firewall services.
S6.2.7.2. Customer Responsibilities:
a. Subject to DXC specified use conditions, configure firewall rules using the Managed Services Portal in the following areas: i. Network traffic between servers located in a Customer
Compartment and servers located outside the Customer Compartment; and
ii. Network traffic between servers located in different Security Zones in a Customer Compartment if Security Zones have been separately ordered by the Customer.
b. Access the Managed Services Portal to review a report of these Customer initiated changes to firewall rules.
c. Access the Managed Services Portal to configure the firewall for the following: i. One-to-one public network address translation; and ii. Many-to-one public network address translation.
d. Request VPC public IP addresses or modifications to all other firewall rules applied by DXC during commencement of Services as described in Section 1.3 using the Managed Services Portal. Customer requested modifications to DXC applied firewall rules are subject to risk assessment procedures further described in Schedule 2. Any Customer request for VPC public IP addresses or modifications to firewall rules resulting from Customer placement of a request through the Managed Services Portal that are deemed acceptable by DXC will be applied to the Customer Compartment at an additional Charge.
S6.2.8. IPsec VPN Tunnel Service (Site-to-Site)
This Service feature allows an encrypted link between Customer’s location(s) and the Customer Compartment (“IPsec VPN Tunnel Service”).
S6.2.8.1. DXC Responsibilities:
a. Configure the VPN parameters based on the Customer’s specific requirements.
S6.2.8.2. Customer Responsibilities:
a. Request the IPsec VPN Tunnel Service through the Managed Services Portal after verifying Customer meets the following conditions: i. Provide an IPsec compliant VPN device at Customer’s premises. ii. Bear sole responsibility for its IPsec compliant device(s). iii. Verify the device(s) are accessible via the internet or Customer
provided connectivity. iv. Do not exceed eight IPsec tunnels per Customer Compartment.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 91
S6.2.9. Load Balancer Service
S6.2.9.1. DXC Responsibilities:
a. Provide the Load Balancer Service as requested by Customer and described in this Section S6.2.9.
S6.2.9.2. Customer Responsibilities:
a. Request the Load Balancer Service through the Managed Services Portal in order to: i. Balance network traffic within a Customer Compartment (but not
among or across either Customer Compartments or DXC locations); and
ii. Designate, through parameters on the Managed Services Portal, load distribution for unique instances on a single VLAN.
b. Acknowledge that the Load Balancer Service will not balance network traffic outside of the VLAN assigned to it or perform global network traffic management.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 92
Schedule 7. Managed VPC SAP and SAP HANA Management Services
S7.1. Introduction This Schedule will apply to each Order placed for Services to the extent Customer selects to purchase either the Managed VPC SAP Services or Managed VPC SAP HANA Management Services (“Managed VPC SAP and SAP HANA Management Services”) and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular Managed VPC SAP and SAP HANA Management Services in this Schedule or elsewhere in this Solution Pack are subject to the more detailed descriptions below.
If Customer selects to purchase Managed VPC SAP and SAP HANA Management Services, Customer must also purchase certain Storage Services as described in Schedule 5 and Backup and Recovery Services as described in Schedule 4.
Managed VPC SAP and SAP HANA Management Services usage is limited to within the Customer’s Managed VPC environment.
Termination or suspension of all or any part of the Services, Storage Services and/or Backup and Recovery Services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Managed VPC SAP and SAP HANA Management Services under this Schedule.
DXC will deliver Managed VPC SAP and SAP HANA Management Services on a Managed VPC infrastructure in accordance with this Solution Pack except where otherwise specified below. This Schedule includes:
a. Installation, semi-automated application template provisioning, monitoring, and management of the SAP Application up to the basis layer;
b. Installation, configuration, administration, and maintenance of the SAP landscape for SAP Basis; and
c. Installation, monitoring, and maintenance of DXC or Customer provided SAP HANA Appliances, and DXC provided and SAP HANA Systems and SAP HANA databases, as further described below.
OEM appliances and third-party maintenance services are not supported under this Schedule.
S7.2. Commencement of Services DXC and Customer will each have the responsibilities set forth below related to the initial implementation of the Managed VPC SAP and SAP HANA Management Services.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 93
S7.2.1. Managed VPC SAP Services
S7.2.1.1. DXC Responsibilities:
a. Provide setup and access to the Customer Compartment in accordance with this Solution Pack.
b. Provide a Managed VPC SAP database.
c. Install the SAP Application.
d. Provision DXC storage for SAP servers (as described in Schedule 5).
S7.2.1.2. Customer Responsibilities:
a. Provide support for setup and access to the Customer Compartment in accordance with this Solution Pack.
b. Provide all Oracle, Microsoft SQL, MaxDB, and Sybase licenses.
c. Provide SAP licenses for all SAP Application installation, including valid license keys for all cluster nodes.
d. Perform user testing in accordance with the test plan agreed to between DXC and the Customer at the time of implementation.
S7.2.2. Managed VPC SAP HANA Management Services
S7.2.2.1. DXC Responsibilities:
a. Where a Managed VPC SAP HANA Management Services option is selected, provide: i. Cabling and connecting Customer dedicated SAP HANA
Appliance infrastructure into the Customer Compartment; ii. Installation and configuration of the SAP HANA Appliance and
logical connection to the Managed VPC infrastructure; and iii. Creation of SAP HANA databases, profiles, and database user
accounts.
b. Where a SAP HANA System service option is selected, provide: i. Managed Servers and VLAN as described in this Solution Pack; ii. DXC managed storage as described in Schedule 5; iii. Configuration of Managed Servers, storage, and network as
required to support SAP HANA databases in a manner certified by SAP;
iv. Creation of SAP HANA databases, profiles, and database user accounts; and
v. Managed VPC SAP HANA Management Services as described in this Schedule.
c. Where a SAP HANA Infrastructure service option is selected, provide: i. Managed Servers and VLAN as described in this Solution Pack; ii. DXC managed storage or SAP HANA Appliance storage as
described in Schedule 5 ; and iii. Configuration of Managed Servers, storage, and network as
required to support SAP HANA databases in a manner certified by SAP.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 94
S7.2.2.2. Customer Responsibilities:
a. Where a Customer managed and provisioned SAP HANA Appliances service option is selected, provide: i. SAP HANA Appliances; ii. SAP HANA licenses; and iii. Maintenance of the SAP HANA Appliance (which must be
purchased separately from DXC) and remediation of system errors (server, storage, network).
b. Maintain financial and administrative responsibility for the procurement and provisioning of the SAP HANA Appliance and software. Regardless of whether the SAP HANA Appliance has been purchased outright or leased, the maintenance of the appliance must be contracted with DXC. Customer bears all risk of loss for the SAP HANA Appliance, regardless of the cause of the loss (including without limitation, loss caused by the acts or omissions of DXC).
c. Where a SAP HANA System service Option is selected, provide SAP HANA licenses.
d. Where a SAP HANA Infrastructure service Option is selected, provide: i. SAP HANA licenses; and ii. Maintenance and management of the SAP HANA database.
S7.3. Onboarding
S7.3.1. Provisioning
The timeframes for Managed VPC SAP and SAP HANA Management Services provisioning varies depending on the SL Tier selected by Customer.
DXC managed SAP HANA Appliances are not pre-provisioned and the timeframes for the Managed VPC SAP HANA Management Services provisioning vary on a Project basis depending on the SL Tier and type of appliance selected by Customer.
Not all SAP HANA System models may be pre-provisioned and the timeframes for the Managed VPC SAP HANA Management Services provisioning vary depending on the SL Tier and type of server selected by the Customer.
S7.3.2. Changes in Service
DXC will manage elections and options for Managed VPC SAP and SAP HANA Management Services through the Managed Services Portal on behalf of the Customer. Other changes may be requested as outlined in Section S7.8.4 and agreed pursuant to this Solution Pack.
S7.4. Architecture - Managed VPC SAP Service
S7.4.1. DXC Responsibilities:
a. Deliver Managed VPC SAP Services on DXC technology configured in a standard form using physical and virtual elements as determined by DXC in its discretion. DXC reserves the right to modify standard form implementations for large scale deployments.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 95
b. Use operational Change Management to substitute underlying hardware elements in support of the Managed VPC SAP Services, as deemed necessary by DXC, provided that the new elements perform as well or better than the replaced elements as determined by DXC.
c. Host a SAP product on either Virtual Servers or Physical Servers, in DXC’s sole discretion, in order to optimize the required underlying capacity.
S7.4.2. Customer Responsibilities:
a. No additional responsibilities.
S7.5. Architecture - Managed VPC SAP HANA Management Service SAP HANA Appliance is a Customer dedicated infrastructure that is connected into a Customer Compartment.
S7.5.1. DXC Responsibilities:
a. Provide SAP HANA Systems on DXC owned infrastructure configured to support SAP HANA databases in a manner certified by SAP.
S7.5.2. Customer Responsibilities:
a. If data being provisioned to the SAP HANA Appliance is from a source external to the Customer Compartment, maintain responsibility for ensuring the bandwidth in the network connectivity that Customer is required to provide is sufficient to avoid any latency Problems.
S7.6. Architecture - SAP Software Currency and Release Levels DXC will provide Services only for versions of SAP and SAP HANA that are supported by DXC for hosting on Managed VPC and are supported by SAP, as outlined in the SAP PAM.
Third-party software services that are not covered within the scope of Section S7.2.1 require evaluation by DXC to consider suitability for hosting on Managed VPC and, if considered suitable, may be subject to additional Charges.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 96
S7.7. Management of Operations
S7.7.1. DXC Responsibilities:
Responsibility Managed VPC SAP System
DXC Managed
SAP HANA
Systems
SAP HANA Appliances
SAP HANA Infrastructure
Operate and manage authorized SAP systems, components, and databases (including use of proactive measures to the extent DXC considers appropriate) [1]
X
Operate and manage authorized SAP HANA Systems, components, and SAP HANA Appliances and databases (including use of proactive measures that DXC considers appropriate) [2]
X X
Check availability of new software, patches, and firmware to correct known errors
X X X
Implement software updates/patches (as available) during the predefined SAP and SAP HANA Maintenance Windows
X X X
Operate and manage the operating system and storage as a Managed Server
X
Table Notes
1. SAP systems, components, and databases included:
a. SAP Basis operations service;
b. SAP Basis administration (Java and ABAP Stack);
c. SAP Basis Security Management;
d. SAP database administration and security;
e. SAP platform administration;
f. SAP backup and Restore management (in addition to services described in Schedule 4);
g. SAN management for the SAP Basis operations service;
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 97
h. SAP Web Application Server;
i. SAP Basis, SAP database, web and server patch management; and
j. SAP output management.
2. Responsibility includes:
a. Monitoring the SAP HANA Appliance capacity and infrastructure performance;
b. Monitoring of the SAP HANA database as required to comply with the applicable SL Tier;
c. Analysis of errors detected in the SAP HANA System;
d. Notification to the Customer of steps executed in order to address SAP HANA Appliance hardware system errors;
e. Maintenance of SAP HANA software, including the installation and configuration of necessary vendor-issued standard software modifications as required to comply with the SL Tier;
f. SAP HANA database maintenance outside of planned SAP HANA Maintenance Windows (i.e., release changes);
g. Maintenance of SAP HANA database profile; and
h. Execution of a SAP HANA database backup and Restore in the event of an error in the underlying SAP HANA Appliance hardware that does not affect the database (the Restore will occur after the hardware error is resolved).
3. Storage required to support the SAP HANA Infrastructure will be provided in accordance with Schedule 5.
S7.7.2. Specific Operations Management Responsibilities for Managed VPC SAP Services
Each party’s specific responsibilities are shown in the following table: # Responsibilities DXC Customer
Workload Management 1 Plan, analyze, and define SAP ABAP based logon
groups, SAP remote function call server groups, and SAP operation modes
R
2 Maintain ABAP based SAP logon groups, SAP remote function call server groups, and SAP operation modes R
3 Manage SAP housekeeping and reorganization jobs such as print and spool subsystem reorganization jobs R C
Job Scheduling 4 Manage application job scheduling R
Output Management 5 SAP printer definition and support on OS level R 6 SAP printer definition and support on SAP level R 7 Manage SAP integrated ABAP print and spool
subsystem R
8 Maintain decentralized printing environments R
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 98
SAP-Remote Connection 9 Manage SAP remote service connection R 10 Maintenance System data in SAP Service Marketplace R
Operational Administration 11 Analyze and correct database-Instance errors R 12 Maintenance of database-capacity R 13 Define and implement operational procedures for in
scope CIs administration R
14 Perform user and group account administration of privileged users on operating system and database level
R
15 Manage SAP End Users and/or SAP authorization profiles (roles and concepts) R
16 Manage third-party services contracted through the Customer R
17 Perform operating system start-up/shutdown and kernel parameter changes to meet contractual obligations R
18 Perform operating system profile, parameter, and basis file system maintenance that are required for availability reasons or SLA fulfilment
R
19 Apply operating system patches (kernel patches, hot fixes, and support packages) that are required for availability reasons or SLA fulfilment
R
20 Perform SAP database profile and parameter maintenance that are required for availability reasons or SLA fulfilment
R
21 Analyze and correct update request errors R 22 Analyze and delete lock entries R 23 Analyze and correct ABAP-short dumps in SAP Basis R 24 Analyze and correct ABAP-short dumps in SAP
Application modules R
25 Apply SAP database patches (kernel patches, hot fixes, and support packages) that are required for availability reasons or SLA fulfilment and do not require full installation of the database software
R
26 Apply SAP Basis patches (kernel patches, hot fixes, and support packages) that are required for availability reasons or SLA fulfilment
R
27 Perform SAP solutions environment start-up and shutdown to meet contractual obligations R
28 Maintain basic connections between SAP standalone engines (former technology/middleware components) and application servers ABAP + JAVA
R
29 SAP Application specific tasks such as customizing modification or adoption of ABAP workbench objects or JAVA development objects
R
30 Purchase and maintain software license and maintenance agreements for any database or application software that is part of a SAP solution landscape
R
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 99
31 Maintain ABAP based systems through maintenance SAP Client 000 and 066 R
32 Initialize and maintain ABAP based correction and transport system/transport management system R
33 Setup, organize, and monitor transport requests R 34 SAP Client maintenance like create, delete, and copy
following Change Management R
35 Implement SAP-provided knowledge database (“SAP-Notes”) for SAP Basis as required to maintain the SAP Service Levels
R
36 Implement SAP-Notes for SAP Application modules R 37 Configure JAVA system landscape directory “SYSTEM
landscapes” (group systems) and system landscape directory “BUSINESS landscapes” (define business scenario details)
R
38 JAVA System landscape directory content maintenance such as generic common information model data, namespaces, version management, and software catalogue
R
39 Perform system landscape directory start-up and shutdown as needed for JAVA software units and application components
R
Legend: "R" = Responsible, “C” = Consult with DXC
S7.7.3. Specific Operations Management Responsibilities for Managed VPC SAP HANA Management Services and SAP HANA Appliances
Each party’s specific operations management responsibilities are shown in the following table:
# Responsibilities DXC Customer Operational Administration for Managed VPC SAP HANA Management
Services and SAP HANA Appliances 1 Perform SAP database and SAP HANA profile and
parameter maintenance that are required to meet the applicable SL Tier
R
2 Apply SAP HANA patches that are required to meet the applicable SL Tier R
3 SAP Application specific tasks such as customization, modification, or adoption of HANA application objects R
4 Purchase and maintain software license and maintenance agreements for any database or application software that is part of a SAP solution landscape
R
5 Setup, organize, and monitor transport requests R 6 Implement SAP-Notes for SAP HANA corrections
required to maintain the SAP Service Levels R
7 Implement SAP-Notes for SAP HANA, SAP Application modules R
8 Analyze and correct database-Instance errors R 9 Monitor database-capacity R 10 Perform user and group account administration of
privileged system users on operating system and database level
R
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 100
11 Manage SAP HANA End Users and/or SAP HANA authorization profiles (roles and concepts) R
12 Perform operating system start-up/shutdown and parameter changes to meet contractual obligations R
13 Perform operating system profile, and basis file system maintenance that are required to meet the applicable SL Tier
R
14 Apply operating system patches that are required to meet the applicable SL Tier R
15 Analyze and correct SAP HANA-short dumps R 16 Analyze and correct SAP HANA-short dumps in SAP
Application modules R
17 Procure SAP HANA Appliance and associated maintenance from DXC R
SAP-Remote Connection (for Customer provided SAP HANA Appliances) 18
Manage SAP remote service connection R
19 Maintain System data in SAP Service Marketplace R
Operational Administration for SAP HANA Infrastructure 20
Perform user and group account administration of privileged system users on the operating system R
21 Perform operating system start-up/shutdown and parameter changes to meet contractual obligations R
22 Perform operating system profile, and basis file system maintenance that are required to meet the applicable SL Tier
R
23 Apply operating system patches that are required to meet the applicable SL Tier R
Legend: "R" = Responsible
S7.8. Operational Services In addition to DXC’s obligations in this Solution Pack, DXC will provide the following Operational Services specifically for the Managed VPC SAP and SAP HANA Management Services as specified below.
S7.8.1. Incident Management
Incident Management provided by DXC for Managed VPC SAP and SAP HANA Management Services includes:
a. Recovery of the agreed Managed VPC SAP Services and SAP Applications within the SL Tier selected by Customer;
b. Recovery of the agreed Managed VPC SAP HANA Management Services and SAP HANA database; and
c. Notification to Customer in the event of a priority 1 Incident with SAP remediation.
S7.8.2. Problem Management
Problem Management provided by DXC for Managed VPC SAP and SAP HANA Management Services includes:
a. In the case of a priority 1 Incident, root cause analysis using SAP analysis tools; and
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 101
b. Coordination of Problem resolution with SAP support services.
S7.8.3. Event Detection and Notification
DXC will monitor the Managed VPC environment to meet the Managed VPC SAP and SAP HANA Management Services Service Levels applicable to the SL Tier selected by the Customer (“Event Detection and Notification”). The monitoring that DXC provides will apply to the following areas:
a. Specific SAP, SAP database and/or SAP HANA processes;
b. Alert messages of the SAP database and/or SAP HANA;
c. SAP logons; and
d. System hangs, very slow processes, and other negative situations or Events.
S7.8.3.1. DXC Responsibilities:
a. Monitor the environment to enable collection of SAP Events.
b. Monitor for unplanned Events and pre-determined system Events with DXC best practice established thresholds.
c. Raise and log Events where threshold is exceeded.
d. Provide timely notification of detected Events to Incident Management.
e. Assess incoming Event Alerts and take appropriate action.
S7.8.4. Change Management
DXC is responsible for coordination and management of additions, moves and changes to the SAP environment for all in-scope Configuration Items. The Customer can request additions, moves and/or changes in accordance with the change control process described in the Governing Agreement.
Each party’s specific Change Management responsibilities are shown in the following table.
# Responsibilities DXC Customer
1 Technical implementation of changes on the SAP operation system level R
2 Technical implementation of changes on SAP database-level and/or SAP HANA level R
3 Technical fundamental changes of the SAP system R
4 Implement customizations of SAP business applications R
Legend: "R" = Responsible
The following table sets out DXC’s Change Management obligations for each SL Tier.
Activity SL Tier 1 SL Tier 2 SL Tier 3 SL Tier 4
Customer requested Routine or Normal Changes identified in the SAP Service Catalog
Available on a Project basis
Included as documented in the SAP Service Catalog
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 102
Project Changes Available on a Project basis Maintenance patches for SAP Services
Not applicable
Included in the Charges for each of these SL Tiers
Software Maintenance for SAP HANA Included once per year
DXC required Emergency Changes to meet contractual requirements
Included in the Charges for all SL Tiers
Other Emergency Changes Available on a Project basis
Customer requested patches Available on a Project basis
The following table shows DXC’s lead time obligations for qualification of change activities listed below based on SL Tier. For purposes of this table, qualification means to review and understand a Request for Change, estimate effort, and agree on the time required to deliver the change.
Activity SL Tier 1 SL Tier 2 SL Tier 3 SL Tier 4
Lead time between RFC initiation and Routine Change qualification
Not applicable
2 business days
1 business day
1 business day
Lead time between RFC initiation and Normal Change qualification
Not applicable
4 business days
2 business bays
2 business days
Lead time between RFC initiation and Project Change qualification
Not applicable
10 business days
5 business days
5 business days
Lead time between RFC initiation and Emergency Change qualification
Not applicable
Not applicable
Not applicable
Not applicable
The following table shows objectives for each SL Tier for various post go-live activities related to Orders and RFC’s. There are no Service Level credits associated with these objectives.
Activity SL Tier 1 SL Tier 2 SL Tier 3 SL Tier 4
Additional elapsed time to reconfigure SAP elements after dial up/down of infrastructure. e.g. storage, Virtual Servers.
Varies on a Project basis
1 business day after DXC notifies Customer of acceptance of an Order or RFC
Elapsed time for adding new SAP CI/database/application for which there is no known configuration, template or provisioning image.
Varies on a Project basis
10 business days after DXC notifies Customer of acceptance of an Order or RFC
Elapsed time for adding new SAP CI/database/application for which there is a known configuration, template or provisioning image.
Varies on a Project basis
5 business days after DXC notifies Customer of acceptance of an Order or RFC
S7.8.5. Configuration Management
DXC will provide documentation of all CIs for systems and software, which are necessary to perform the Managed VPC SAP and SAP HANA Management Services.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 103
S7.8.6. Security Management
DXC will manage security Incidents as described below (“Security Management”).
S7.8.6.1. DXC Responsibilities:
a. Install SAP according to SAP Application Security Guidelines.
b. Install anti-virus software according to SAP recommendations.
c. Adapt SAP Application Security Guidelines to Customer policies if needed and allowed in accordance with SAP Application Security Guidelines.
d. Provide standard hardened operating system and SAP HANA builds.
e. Provide security Incident response, consisting of investigation and resolution of Incidents in accordance with DXC standard procedures.
f. Provide security policy compliance management through periodic scans to monitor SAP specific security configurations.
g. Provide automated SAP security checks including: i. Checking security notifications and managing actions with
Customer accordingly; and ii. Maintaining DXC-internal access control, Single Sign On, and
firewall routings.
S7.8.7. Each party’s specific Security Management responsibilities are as follows: Responsibility DXC Customer
Operational Security Management
Maintain operational security parameters according to Schedule 2 R
Deploy Security Management Infrastructure for SAP components and anti-virus for SAP systems R
Harden the operating system in accordance with DXC and SAP Application Security Guidelines R
Enable quality passwords for non-system management users and application End Users and change them on a periodic basis
R
Perform weekly security checks R
Maintain security profile parameters such as minimum password length R
Design and implement the application authorization concept (user profile and role management definition)
R
Install SAP software changes (that is, ABAP source code) to overcome known security vulnerabilities as made available by SAP using the Change Management Process
R
Access and maintain SAP administration SAP Client 000 R
Access and maintain system management SAP Client 066 R
Access and maintain Customer SAP Client (SAP Client other than 000 or 066)
R
Change all default passwords in production SAP Client for ABAP based systems
R
Verify ABAP based SAP servers against a defined SAP security checklist R
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 104
Legend: "R" = Responsible
S7.8.8. Capacity Management
DXC provides monitoring of capacities of the Managed VPC and SAP HANA Infrastructure taking into account the Managed VPC SAP and SAP HANA Management Service requirements.
S7.9. SAP and SAP HANA Maintenance Windows Type SL Tier 1 SL Tier 2 SL Tier 3 SL Tier 4
SAP and SAP HANA Maintenance Window
N/A. 5-hour window (Quarterly)
5-hour window (Quarterly)
5-hour window (Quarterly)
Event Management, Incident Management, and Problem Management
N/A 24x7 24x7 24x7
Attended Operations
Monday through Friday, 08:00 through 18:00 Local Time, (reasonable commercial efforts)
Monday through Friday, 08:00 through 18:00 Local Time, unstaffed at all other times
Monday through Friday, 08:00 through 18:00 Local Time, unstaffed at all other times
Monday through Friday, 08:00 through 18:00 Local Time, unstaffed at all other times
Operations Time Window
Monday to Friday, 08:00 to 17:00 Local Time
24 x 7 24 x 7 24 x 7
Change Execution Time Window
Monday to Friday 08:00 to 17:00 Local Time
24 x 7 24 x 7 24 x 7
Office Time Window Monday to Friday,08:00 to 17:00 (EMEA / CET, AMS / EST)
Monday to Friday, 08:00 to 17:00 (EMEA / CET, AMS / EST)
Monday to Friday, 08:00 to 17:00 (EMEA / CET, AMS / EST)
Monday to Friday, 08:00 to 17:00 (EMEA / CET, AMS / EST)
Perform Service Review and Account Management meetings
Office Time Window
Office Time Window
Office Time Window
Office Time Window
Configuration Management - Identification, control and verification processing boundaries
Office Time Window
Office Time Window
Office Time Window
Office Time Window
Configuration Management processing boundaries - Status accounting (execution)
Change Execution Time Window
Change Execution Time Window
Change Execution Time Window
Change Execution Time Window
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 105
Request Fulfillment Planning, approval, and scheduling processing
Office Time Window
Office Time Window
Office Time Window
Office Time Window
Request Fulfillment Execution
Change Execution Time Window
Change Execution Time Window
Change Execution Time Window
Change Execution Time Window
Change Management Processing hours - Change Planning, Assessment, Approval, and Scheduling Operation time- For Routine, Normal, and Project Changes
Office Time Window
Office Time Window
Office Time Window
Office Time Window
Emergency Change Planning, Assessment, Approval, and Scheduling Operation time Change Management Processing hours
Operations Time Window
Operations Time Window
Operations Time Window
Operations Time Window
Routine, Normal, Emergency, and Project Change Management Execution Processing hours
Change Execution Time Window
Change Execution Time Window
Change Execution Time Window
Change Execution Time Window
Planning and communication hours of operation for the following processes: Incident Management, Problem Management, Operations Management, Security Management, and Capacity Management.
Office Time Window
Office Time Window
Office Time Window
Office Time Window
Execution hours of operation for the following processes: Incident Management, Problem Management, Operations Management, Security Management, and Capacity Management
Operations Time Window
Operations Time Window
Operations Time Window
Operations Time Window
Service Level Management Processing hours for meetings and communication
Office Time Window
Office Time Window
Office Time Window
Office Time Window
Planning, communication, and execution processing hours for the following processes: - SLA Management
Not applicable
Office Time Window
Office Time Window
Office Time Window
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 106
S7.9.1. Maintenance Impact
DXC will make reasonable efforts to minimize impacts to SAP Applications and Managed VPC SAP HANA Management Services resulting from Customer Maintenance Windows. DXC will accomplish this by:
a. Scheduling planned SAP and SAP HANA maintenance within the appropriate Customer Maintenance Windows;
b. Scheduling planned changes to SAP Applications and Managed VPC SAP HANA Management Services that have been agreed to under the Change Management Process within the Customer Maintenance Windows;
c. Providing advance notice to the Customer of Customer Maintenance Windows; and
d. Providing the Customer suggested alternatives to minimize any disruption in use of SAP Applications and/or Managed VPC SAP HANA Management Services resulting from Customer Maintenance Windows.
S7.10. Optional Add-On Service Features DXC will provide the Optional Add-Ons specified in this Section, at the rates specified by Customer’s accepted Order through the Managed Services Portal or otherwise in writing.
S7.10.1. Continuity Services for SAP
If Customer has purchased Continuity Services in connection with the Services, Customer may request additional Continuity Services for the Customer’s SAP Instance that will provide additional SAP Application support in the event of a SAP disaster as described below (“Continuity Services for SAP”).
Although Continuity Services currently do not support SAP HANA Appliances, there are several SAP HANA Replication capabilities available that can offer disaster recovery capabilities for SAP HANA workloads running on Managed VPC Services. Where Continuity Services are not available or do not address SAP related requirements, DXC can provide consulting services as described below to assist the Customer in determining what other options are available.
S7.10.2. Consulting Services
DXC will provide consulting services to Customer on a time and materials basis as specified in an accepted Order to scope the following Continuity Services that may be required by the Customer for the Customer’s SAP Instance and/or the Customer’s SAP HANA Appliance:
a. Coordinate Customer and DXC Rehearsal plan.
b. Isolate SAP systems and/or the Customer’s SAP HANA Appliances in scope for Rehearsal.
c. Execute user acceptance tests for Rehearsal.
d. Execute Customer functional user acceptance tests for Rehearsal.
e. Document the outputs expected from Rehearsals.
f. Process the release systems that have been used in Rehearsals.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 107
S7.10.3. If Customer has not purchased Continuity Services, consulting services can include the following additional areas:
a. The type of Replication and disaster recovery service best suited to the Customer requirements;
b. The network requirements; and
c. The setup and ongoing Charges of a disaster recovery service.
At the conclusion of the consulting engagement, DXC will provide a written report documenting its recommendations for additional Continuity Services for SAP in the areas listed above.
S7.10.4. Delivery
Following its receipt of DXC’s recommendations document as provided above, Customer may request that DXC provide any or all of the recommended Continuity Services. DXC’s provision of any such services will be subject to the parties entering into a separate, written agreement documenting the services that DXC will provide, DXC’s Charges for the services, and each party’s respective obligations. Neither party will be obligated to enter into such an agreement.
S7.10.5. SAP Solution Manager
SAP Solution Manager integration with SAP Instances can be purchased as an Optional Add-On which will be installed, configured, and managed on a Managed Server to provide additional monitoring and reporting capabilities.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 108
Schedule 8. Managed Database Services
S8.1. Introduction This Schedule will apply to each Order placed for Services, to the extent the services set forth in this Schedule 8 (“Managed Database Services”) are selected for purchase by Customer, and will remain in effect unless it is terminated or expires in accordance with this Solution Pack. In the event of any conflict or inconsistency between this Schedule and this Solution Pack, this Schedule will prevail with respect to the subject matter of this Schedule. General descriptions or references to particular Managed Database Services in this Schedule or elsewhere in this Solution Pack are subject to the more detailed descriptions below. Managed Database Services are only available for use within the Customer’s Managed VPC environment.
If Customer purchases Managed Database Services, Customer must also purchase backup services as described in Schedule 4 and Storage Services as described in Schedule 5.
Termination or suspension of all or any part of the Services, Storage Services, and/or backup services for any reason will automatically result in termination or suspension, respectively, of all (or in the event of a partial termination or suspension, the corresponding part) of the Managed Database Services under this Schedule 8.
DXC will provide Managed Database Services that deliver a Database Management System on the Managed VPC infrastructure in accordance with this Solution Pack except where otherwise specified below. Managed Database Services consist of installation, configuration, administration, monitoring, and management of the DB Instance, maintenance of the DB Instance, and support of the DBMS environment via the Managed Services Portal. Managed Database Services do not include Customer Data migration, which DXC can provide on a Project basis at an additional Charge.
S8.2. Managed Database Services DXC and Customer will each have the responsibilities set forth below related to the initial implementation of the Managed Database Services.
S8.2.1. DXC Responsibilities:
a. Install and maintain DB Instance system software.
b. Provision database Backup and Recovery Services as described in Schedule 4.
c. Provision and maintain DXC storage for DB Instances as described in Schedule 5.
S8.2.2. Customer Responsibilities:
a. Provide support for setup, licensing, and access to the Customer’s Managed VPC compartment in accordance with this Solution Pack.
b. Provide all Oracle licenses.
c. Provide all Microsoft SQL Server licenses.
d. Define the access type required.
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 109
e. Provide vendor authorization for support function utilization.
f. Plan, prepare, and execute Customer Data migration. Customer may request that DXC assist with or perform Customer Data migrations as a billable Project(s) at an additional Charge.
g. Perform user testing in accordance with an agreed test plan between DXC and the Customer at the time of implementation.
h. Manage application job scheduling.
i. Provide all application support.
S8.3. Management of Operations
S8.3.1. DXC Responsibilities:
a. Provide DB Instance administration and security.
b. Provide database patch management.
c. Provide proactive database Event Detection and Notification, including capacity threshold monitoring.
d. Monitor DXC Managed Database Availability.
e. Provide database backup and Restore functions as described in Schedule 4.
f. Operate and manage DXC Managed Database systems.
g. Check availability of new patch sets, patches, and firmware to correct known errors, as published by the applicable vendor.
h. Implement patch set updates, patches, firmware updates, and other proactive measures that do not require full installation of the database software (as available and determined appropriate at DXC’s discretion) during the predefined DXC Managed Database Maintenance Windows.
S8.3.2. Specific Operations Management Responsibilities
Each party’s specific operations management responsibilities are shown in the following table:
Responsibilities DXC Customer
Workload Management 1 Plan, analyze, and define database installation and
configuration based on logon groups, Database Server groups and operation modes.
R
Job Scheduling 2 Manage application job scheduling. R
Operational Administration 3 Define and implement operational procedures for in-
scope Configuration Item administration. R
4 Perform user and group account administration of privileged users on operating system and database level. R
5 Manage application End Users and/or database authorization profiles (roles and concepts). R
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 110
Responsibilities DXC Customer
6 Manage third-party services contracted through the Customer. R
7 Perform operating system and database startup/shutdown and kernel parameter changes to meet contractual obligations.
R
8 Perform operating system and database profile, parameter, and file system maintenance required for Managed Database Availability or DBMS SL Tier fulfillment.
R
9 Apply database patches (kernel patches, hotfixes, and support packages) that are required for Managed Database Availability or DBMS SL Tier fulfillment.
R
10 Any application specific tasks. R 11 Apply or run scripts that change Customer Data. C R
Legend: ”R” = Responsible, “C” = Consult with Customer
S8.4. Service Onboarding
S8.4.1. Provisioning
The timeframes for Managed Database Services provisioning vary depending on the SL Tier selected by the Customer.
S8.4.2. Managed Database Architecture
DXC will deliver Managed Database Services using physical and virtual elements as determined by DXC in its discretion.
S8.4.3. Managed Mongo Databases may be configured as follows:
a. Virtual Database Servers used for stand-alone Mongo Database Instances; or
b. Physical Database Servers used for stand-alone Mongo Database Instances.
S8.4.4. Managed MySQL Databases may be configured as follows:
a. Virtual Database Servers used for stand-alone MySQL Database Instances.
S8.4.5. Managed Oracle Databases may be configured as follows:
a. A Customer Dedicated Virtual Host Cluster for stand-alone Oracle Database Instances;
b. Physical Database Servers used for stand-alone and clustered Oracle Database Instances;
c. Up to ten Oracle Database Instances on each Database Server or cluster;
d. Oracle transparent data encryption; or
e. High Availability using:
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 111
i. Oracle Serviceguard cluster with two nodes in a single or Dual Data Center; or
ii. Oracle Real Application Clusters using up to six nodes in a Single Data Center.
S8.4.6. Managed Microsoft SQL Server Database Instances may be configured as follows:
a. Virtual Database Servers (SL Tier 2 or SL Tier 3) or Physical Database Servers used for stand-alone Microsoft SQL Server Database Instances;
b. Up to ten Microsoft SQL Server Database Instances on each Database Server or SQL server cluster;
c. Microsoft SQL Server Oracle transparent data encryption; and
d. High Availability using: i. Microsoft SQL Server Always on Availability Groups Instance
using up to five nodes in single and Dual Data Center (Physical Database Server only); or
ii. Microsoft SQL clusters using up to four nodes in single or Dual Data Center (Physical Database Server only).
S8.4.7. Managed SQL Server reporting services may be configured as follows:
a. Virtual or Physical Database Servers used for the SQL server reporting services.
b. The SQL Server reporting services will be installed, configured, and made available to the Customer who is then solely responsible for the report design, access controls, definition, content, scheduling, and generation.
S8.5. Operational Services
S8.5.1. Incident Management
Incident Management provided by DXC for Managed Database Services consists of:
a. Recovery of the agreed Managed Database Services within the SL Tier selected by Customer in an Order; and
b. Written notification to Customer in the event of an Incident.
S8.5.2. Problem Management
Problem Management provided by DXC for Managed Database Services consists of:
a. Root cause analysis in case of a priority 1 Incident (as defined in this Solution Pack); and
b. Coordination between DXC and the Customer related to the Problem resolution.
S8.5.3. Event Detection and Notification
DXC will monitor the Managed Database Services’ environment to meet the Service Levels for Managed Database Services according to the SL Tier selected by the Customer. Monitoring will apply to the following areas:
a. Specific agreed to DB Instance and database processes;
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 112
b. Alert messages from the Database Server; and
c. System stall, slow processing, and other negative situations or Events of the Database Server or the DB Instance.
S8.5.4. DXC Responsibilities:
a. Monitor Database Instance Events based on DXC’s best practice standard established thresholds.
b. Raise and log Events where the threshold is exceeded.
c. Provide timely notification of detected Events to Incident Management.
d. Assess incoming Event Alerts and take action to Restore the DB Instance as determined to be appropriate in DXC’s discretion.
S8.5.5. Change Management
DXC is responsible for coordination and management of moves, additions, and changes to the DXC Managed Database environment for all in-scope CIs. The Customer can request additions, moves, and/or changes under the terms of the Governing Agreement and these Change Management terms.
S8.5.6. Change Management activities include:
a. Make Physical/logical database configuration changes; and
b. Provide Database patch management.
The following table sets out DXC’s Change Management obligations for each SL Tier.
Activity SL Tier 2, SL Tier 3 and SL Tier 4
Response to Request for Change In accordance with the DXC Change Management Processes
Routine and Normal Changes • Will be performed as agreed during Customer Maintenance Windows
• Up to eight continuous hours per month of Excused Managed Database Downtime
Project Changes Available on a Project basis
Customer requested patches and other changes
Available on a Project basis
The following table shows DXC’s lead time obligations for qualification of change activities listed below based on SL Tier. For purposes of this table, qualification means to review, understand, and estimate effort and to agree on the time required to deliver the change.
Activity SL Tier 2, SL Tier 3 and SL Tier 4
Lead time between RFC initiation and Routine Change qualification
2 business days
Lead time between RFC initiation and Normal Change qualification
6 business days
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 113
Lead time between RFC initiation and Project Change qualification
10 business days
Manage backup and Restore - Time to start the database Restore/recovery
Media mount time + 8 hours
S8.5.7. Configuration Management
DXC will provide documentation of all CI’s for the applicable systems and software that are necessary to perform the Managed Database Services as agreed to in an Order.
S8.5.8. Security Management
DXC obligations for Security Services are as described in Schedule 2.
S8.5.9. Capacity Management
DXC provides monitoring of capacities of the Managed VPC infrastructure, such as CPU usage and storage, taking into account the Managed Database Services requirements.
S8.5.10. Maintenance Impact
DXC will make Routine Changes to the Managed Database Services’ environment as described in Section S8.5.5 according to the following guidelines:
a. Schedule planned database maintenance within the appropriate Customer Maintenance Windows;
b. Schedule planned changes to Managed Database Services that have been agreed to under the Change Management Process within the Customer Maintenance Windows;
c. Provide advance written notice to the Customer of Customer Maintenance Windows; and
d. Provide the Customer suggested alternatives to minimize any disruption in use of DB Instances resulting from Customer Maintenance Windows.
S8.5.11. Managed Database Services Call Handling
In the case of an Incident or Problem with the Managed Database Services, the Customer’s Authorized Representatives may contact the DXC Operations Center by telephone subject to the limitations in the table below. The Authorized Representatives will also log service requests with the DXC Operations Center. The service requests will be handled and addressed by the appropriate DXC support personnel. After the Incident or Problem has been addressed, DXC will notify the Customer.
A dedicated DXC phone number will be provided to the Customer upon commencement of the Managed Database Services.
Limitation Description Limitation Values SL Tier 2, SL Tier 3 and SL Tier 4
Number of Authorized Representatives per Customer
Five
Service delivery language English
Incoming channel through which Incidents will be received.
Monitoring and telephone
Managed Services for Virtual Private Cloud Solution Pack
© 2018 DXC Technology. All rights reserved. Confidential Page 114
Participate in Customer led isolation of application performance issues.
Available on a Project basis