Indiana's Private Cloud virtual server hosting: Service Level Expectation

Last updated: June 15, 2015

On this page:


1 General overview

Indiana's Private Cloud service provides virtual server hosting to education entities, government entities, and IU Health within the state of Indiana. This Service Level Expectation (SLE) is specific to the virtual server hosting services known as the Indiana's Private Cloud services. Unlike co-location or other physical server hosting services, Indiana's Private Cloud is a service where a virtual server is leased and the customer is not required to make an initial capital investment in buying physical server and storage hardware.

This is an SLE between Indiana's Private Cloud customers and Indiana University. The scope of this document includes:

  • Services provided by IU to Indiana's Private Cloud customers
  • Levels of response time, availability, and support associated with these services
  • Responsibilities of the IU service provider and responsibilities of the customer
  • Processes for requesting services and getting support

This SLE covers the period from July 1, 2015 to June 30, 2016, and will be reviewed and revised at the end of this period.

OR

This SLE shall remain valid until revised or terminated.

1.1 Terms and definitions

  • Business day: Normal working day in the time zone where Indiana Data Center facilities are located (Eastern Time Zone -5GMT and participates in Daylight Savings Time)
  • Customer: The party identified as the purchasing organization to this Agreement with Indiana University
  • Designated contacts: Customer-named contacts, technical resources, and fiscal account resources which are established, person-specific email addresses associated with the customer support contract. It is expected that these contacts will be updated upon any personnel or responsibility change by the Customer.
  • Indiana's Private Cloud: Virtual server hosting services, where, unlike "co-location" or other physical server hosting services, a virtual server is leased and the customer is not required to make an initial investment in buying capital equipment such as servers and storage hardware. On-call support coverage for service outages is 24 hours a day, 7 days a week, 365 days a year.
  • Problem resolution: The use of reasonable commercial efforts to resolve the reported problem. These methods may include (but are not limited to) configuration changes, patches that fix an issue, replacing failed hardware, reinstalling software, etc.
  • Respond: Addressing the initial request and taking ownership of the issue
  • Response time: The amount of time elapsed between the initial contact by the customer to IU and the returned response to the customer by IU staff
  • Service Level Expectation (SLE): The customer Service Level Expectation (SLE) that identifies the features and defines the processes involved with the delivery by IU of various support functions to customers, as presented by this document's content
  • Service Request (SR): A single issue opened with IU. The SR number identifies the Service Request. The format for the unique SR number can be as follows: IPCS #nnnnnnn.

    Security definitions for Indiana's Private Cloud services:

    • Severity 1 (Urgent):
      1. Network resources unavailable
      2. Virtual server environment is unavailable or unstable
    • Severity 2 (Low):
      1. Request to allocate more SAN storage, CPU, or memory to a resource pool
  • IU: Indiana University, which is staffed by professional support personnel providing assistance with diagnosis and resolution of defects and/or failures in Indiana's Private Cloud services
  • Virtual system: The method to supply the infrastructure and network capacity necessary to host your applications. Optional disk storage on IU enterprise-class SANs (storage area networks) ensures your files are highly secure and available.
  • VMware: The virtualization platform is built on a business-ready architecture and uses software such as VMware vSphere to transform (i.e., virtualize) the hardware resources of an x86-based computer including the CPU, RAM, hard disk, and network controller to create a fully functional virtual system that can run its own operating system and applications just like a physical computer. Each virtual system contains a complete system, eliminating potential conflicts. VMware virtualization works by inserting a thin layer of software directly on the computer hardware or on a host operating system. This contains a virtual system monitor (hypervisor) that allocates hardware resources dynamically and transparently. Multiple operating systems run concurrently on a single physical computer and share hardware resources with each other. By encapsulating an entire machine, including CPU, memory, operating system, and network devices, a virtual system is completely compatible with all standard x86 operating systems, applications, and device drivers. You can safely run several operating systems and applications at the same time on a single computer, with each having access to the resources it needs when it needs them.
  • Workaround: A change in the environment or data to avoid error without substantially impairing use of the II service

2 Service descriptions

2.1 Service scope

Services supporting virtual systems include virtualized CPU, RAM, hard disk, and network within a cluster of physical servers in one of the IU Data Centers, provisioning of the virtual server, operations support, monitoring, systems administration of the physical servers, network connectivity to the virtual server, customized firewalls on the physical servers, and (within IU Data Centers) network infrastructure and backup services with off-site storage.

There are two principal components to Indiana's Private Cloud service package:

  1. Virtual systems supply the infrastructure for compute, disk, and network capacity necessary to host applications. Disk storage on enterprise-class SANs ensures files are highly secure and available.
  2. Virtual system rentals include a disaster recovery off-site copy of the VM.

2.1.1 Service exclusions

Support does not include the following items or actions:

  • Step-by-step assistance for installation of operating system or service packs
  • On-site services
  • Installation or configuration of applications hosted on virtual systems
  • Modifications of software code, security-policy configuration, audits, or security design

IU shall have no obligation to support:

  • Problems caused by customer negligence, misuse, misapplication, or use of the product beyond the control of the IU.
  • Unsupported operating systems:
    • Indiana Private Cloud supported operating systems are specifically listed on the VMware Guest Operating System guide.
    • System owners should only install and manage operating systems that are covered by security patches; e.g., while Windows 2003 is technically possible to install in VMware, based upon the end of life of the product, it should not be used for services.
  • Products installed, intentionally or unintentionally, that result in nefarious activities
  • Operating systems that are past their end-of-support date as listed by the operating system vendor

2.2 IU Data Centers (IUB and IUPUI)

IU has two hardened Data Centers, one each on the Bloomington and Indianapolis campuses. The Data Centers provide a safe and secure location for IT equipment. This includes the basic infrastructure of standardized cabinets and cabinet distribution units for power. Additionally, the Data Centers have uninterruptible power supplies (UPS), power distribution, and HVAC to provide year-round cooling and protect equipment from environmental hazards of dust, temperature, and humidity. Diesel generators will provide ongoing power in the event of a campus or Data Center power outage. Enhanced cabinet power distribution provides redundant circuits and remote monitoring of the power distribution. Physical security includes proximity card readers and biometric hand scanners for access authentication, ID cards, reinforced doors, security glass, and alarms. Fire suppression equipment is provided by a double interlock preaction sprinkler system. Additionally, both facilities have staff on site in the building 24 hours a day, 7 days a week.

2.3 Operating parameters

Trained operators provide support for the Data Center 24 hours a day, 7 days a week. Operations staff monitor vital data center and server information. Examples include temperature, network connectivity, and server vitals as set up by the systems administrator. Problem coordination/management, notification, escalation, and reporting are done by the operations staff.

2.4 System level

Indiana's Private Cloud systems administrators will provide access to the CPU, RAM, hard disk, and network resources for customers to utilize. Customers are given access to these resources to create and maintain their virtual servers in VMware. The virtual server creation and configuration provides the infrastructure for storage, network, security administration, and account management of the virtual server. Ongoing support for the physical infrastructure includes monitoring, performance tuning, and software patches of the physical servers hosting the virtual server.

3 Roles and responsibilities

3.1 Customer obligations

Customer responsibilities and/or requirements include:

  • Staffing: All customer personnel contacting IU for support must be fully trained on the operating system running in the virtual system.
  • Named designated contacts: Customer-named contacts, technical resources, and fiscal account resources, which are established, person-specific email addresses associated with the customer support contract. It is expected that these contacts will be updated upon any personnel or responsibility change.
  • Full responsibility for system administration: System administration falls into, but is not limited to, the following areas:
    • Installation and licensing of all operating system and application software
    • VMware Tools services:
      • VMware Tools software installation is required to maintain a supported infrastructure. Installation of VMware Tools is required for each virtual server. It is strongly recommended to include VMware Tools updates as part of normal operating system patch cycles. The VMware Tools version will be evaluated as part of any debugging endeavor. In the event that the Virtual System has a VMware Tools version that is not current, upgrading VMware Tools will be the first step in solving the problem.
    • Support and maintenance of all operating systems and application software, including the timely application of all patches and upgrades
    • Configuration of network address
    • Configuration of firewall ports to allow for network access
    • Security measures, particularly the establishment of appropriate authentication and authorization processes, application of operating system and application security patches
    • Data management, as prescribed by state and federal laws and regulations in respect to protection of, access to, and confidentiality of institutional or personal data residing on or processed by the system
    • Liaison or manager who will provide operations staff with support escalation and contact information for system administration functions. Contact information for billing and operational inquiries
    • Data protection is solely the responsibility of the customer. oManaging system logs for operating system and application-related troubleshooting
    • Regular scheduled auditing for abnormal events including intrusion detection
    • If production systems are deemed critical, test VMs should be installed and maintained. In the event a vulnerability is discovered, the test VM can be utilized to test the fix quickly and deploy it with confidence in the production environment.
    • A default layer of data protection is included as part of the storage subsystem supporting Indiana.s Private Cloud environment. All storage servicing this environment leverages AES-256 encryption at rest as part of the base installation
      Note:
      This addresses data at rest only. Data storage within a virtual machine still requires responsible administrative protection by the operating system administrator.

3.1.1 Virtual server system administration

  • At the physical host level, review logs, performance, system status, resource usage, and events that may result in security issues; identify any required performance tuning.
  • Maintain base hypervisor and network security. This includes hypervisor patching, firewall settings, and associated infrastructure components of the virtual hosts. If a secured base system is compromised via the application layer, IU's System Administration staff has the right to disconnect the machine from the network.

3.1.2 Charges (if applicable)

Customer billing for services will occur monthly.

3.1.3 Assumptions

  • Major infrastructure upgrades will be treated as a project outside the scope of this document.
  • Changes to services will be communicated and documented.

3.1.4 Hardware and infrastructure technology updates

  • The physical compute resources serving Indiana's Private Cloud workload are hosted on high-end, enterprise-class x86 hardware. The x86 hardware has an expected lifecycle replacement of approximately every 36 months. The replacement process may require the virtual system to be momentarily power cycled to complete the migration process. The migration process can be scheduled during normal customer maintenance activities at the convenience of the customer.
  • The storage supporting Indiana's Private Cloud environment is hosted on high-end, enterprise-class SAN. The SAN lifecycle replacement occurs between 48 and 60 months. The replacement process does require virtual systems to be interrupted.
  • Patch processing for the x86 hardware, hypervisor, and SAN occur concurrently and do not require virtual systems to be interrupted during updates.
  • IU will provide adequate hardware for both x86 compute and storage required to support the customer workload.

3.1.5 Backup and removal of data

  • To reconstruct lost or altered customer files, data, or programs, customers must maintain a separate backup system or procedure that is not dependent on the software or hardware products under support.
  • Prior to termination of services, customers must maintain a separate backup system or procedure that is not dependent on the software or hardware products under Indiana's Private Cloud services.
  • Upon termination of services, the virtual system and data will be securely erased in accordance with IU IT policies and procedures. All programs and data that were served via the Indiana Private Cloud offering will no longer be accessible.

3.2 Service provider requirements

Indiana's Private Cloud system administration responsibilities and/or requirements include:

3.2.1 Physical hardware - system administration

  • At the physical hardware level (hypervisor), review logs and performance counters to obtain system status required to identify and correct potential hardware problems
  • Apply critical patches as recommended for the virtual environment
  • Perform system tuning as needed to the physical server environment
  • Assign space and provide resources for cloud customers
  • Coordinate with vendors for any maintenance or support requests
  • Capacity planning for physical resources (physical servers, SAN storage)

3.2.2 Problem determination

  • Coordinate with the vendor for any required support.
  • Determine if the problem is hardware, software, or storage by reviewing the hypervisor/backup solution event logs.
  • If and when resource contention occurs due to a server host failure or over-allocation, production systems will have priority in resource allocation over test and development systems. The virtual server clusters have been designed to avoid resource contention; however, the potential exists.

3.2.3 Backups/storage of backups

Virtual server rentals include an off-site copy of the customers VM. Further data protection is available at an additional cost.

3.2.4 Network services

Provide and support physical and logical network infrastructure; act as a liaison to IU's Network Engineering team for problem reports and incident handling.

4 Hours of coverage, support, response times, and escalation

4.1 Hours of system administration support

An online request queue is monitored Monday-Friday 8am-5pm, with the exception of university holidays.

4.2 Service requests

In support of services outlined in this document, IU support providers will respond to service-related incidents and/or change requests submitted by the customer through an online request queue; send requests to ipcs@iu.edu.

Note:
Do not submit a service request for a Severity 1 issue via the web request form. For a Severity 1 case, contact IU by telephone (812-855-9910), and request that a Severity 1 incident be opened with the IU support group related to Indiana's Private Cloud services. An incident number will be generated and sent to the customer via email. Provide and include any additional details that may be relevant to the case.

4.3 Service request priorities and response times

Priority Criteria Example Target response time*
Low (Severity 2) Virtual system environment that does not substantially restrict the use of one or more features of the virtual system to perform necessary business functions. This is a minor problem and is not significant to operations. I need more SAN storage, CPU, or memory allocated to our resource pool. Indiana's Private Cloud support staff and customer will provide resources during normal business hours for problem resolution.

*Target response time is defined as the time between receipt of the call and the time that a support team member begins working on the problem. Due to the wide diversity of problems that can occur, and the methods needed to resolve them, response time is not defined as the time between the receipt of a call and problem resolution. IU does not guarantee the resolution of a problem within the times specified.

4.3.1 Normal incident processing

In the event that a customer accidentally or incorrectly assigns a request priority, IU will correct the priority by utilizing the severity definitions. Communication with the customer will occur for any priority change.

Service providers supporting this service will prioritize incoming service incidents as normal priority unless the service incident fits one or more of the criteria listed in the major incident handling section of this document.

4.3.2 Major incident handling

IU staff supporting this service will prioritize an incoming incident request as high priority if it meets any one of the following criteria:

  • Significant number of people affected
  • Organizational structure is a multiplier for number of people affected
  • Percentage of total tasks that can no longer be performed by individuals
  • Academic and Administrative Calendar deadlines
  • Significant impact on the delivery of instruction
  • Significant or lasting impact on student academic performance
  • Significant risk to law, rule, or policy compliance

Urgent (Severity 1) priority incidents will be resolved within eight business hours with a status provided every two hours.

The infrastructure is protected and supported by vendor support 7 days a week, 24 hours per day. If incidents are linked to vendor-related components, an appropriate level support case will be opened with the vendor. Indiana's Private Cloud support staff will update the customer with case progress.

4.3.2.1 Service request priorities and response times

Priority Criteria Example Target response time*
Urgent (Severity 1)
  1. An error with a direct security impact on the service
  2. An error isolated to the Virtual System production environment that renders the Virtual System inoperative or causes the Virtual System to fail catastrophically; i.e., critical system impact, system down
  3. A reported defect in the production environment that cannot be reasonably circumvented, in which there is an emergency condition that significantly restricts the use of the product to perform necessary business functions
  4. Inability to use the product or critical impact on operation requiring an immediate solution
Network resources are not available; virtual server environment is unavailable IU and the customer must commit the necessary resources around the clock for problem resolution to obtain workaround or reduce the severity of the error. IU will use commercially reasonable efforts to make II services available with a monthly uptime percentage of at least 99.9% during any monthly billing cycle.

*Target response time is defined as the time between receipt of the call and the time that a Support Team member begins working on the problem. Due to the wide diversity of problems that can occur and the methods needed to resolve them, response time IS NOT defined as the time between the receipt of a call and problem resolution. UITS does not guarantee the resolution of a problem within the times specified.

4.3.2.2 Major incident response times

Service provider Service hours and conditions Backup contacted under what conditions Esclation rules Response time from notification
Indiana's Private Cloud support 24/7 Virtual server environment performance degradation Follow on-call contact list for off hours and normal senior management escalation 1 hour
Data Center Operations 24/7   Follow on-call contact list for off hours and normal senior management escalation 5 minutes

4.4 Maintenance management

4.4.1 Service maintenance/change management

All services and/or related components require regularly scheduled maintenance window in order to meet established service levels. These activities may render systems and/or applications unavailable for normal user interaction.

Patches are implemented to the infrastructure in a rolling mode, which ensures Virtual Systems are available during the infrastructure maintenance. Indiana's Private Cloud service providers will use commercially reasonable efforts to make cloud services available with a monthly uptime percentage of at least 99.9% of the time in a given month.

vSphere applications, serving Indiana's Private Cloud community, will maintain a standard monthly maintenance window. Maintenance will occur on the first Sunday of every month during the hours of 6AM until 10AM. While access to the vRA Web Client will be unavailable during this window, virtual system availability will not be affected.

General exceptions to the standard maintenance window

Exceptions Coverage
University holidays
Unless emergency or 24/7 supported servers

5 Reporting, reviewing, and auditing

IU Internal Audit performs periodic audits of Indiana's Private Cloud services. This document should be reviewed a minimum of once per fiscal year. However, in lieu of a review during any period specified, the current document will remain in effect.

5.1 Term and termination

  • Term: Support shall be provided in annual terms and shall be renewable to then-current support plan when IU is notified of customer's intent to renew the existing contract, or UITS is notified of customer's intent not to renew services.
  • Termination: Customer may terminate this service via submission of a support request. Services are billed in arrears based on actual usage; charges will be processed through month of service termination.

    Prior to termination of services, customers must maintain a separate backup system or procedure that is not dependent on the software or hardware products under Indiana's Private Cloud services.

    Upon termination of services, virtual system and data will be securely erased in accordance with IU's IT policies and procedures. All programs and data that were served via Indiana's Private Cloud offering will no longer be accessible.

5.2 Service Level Expectation (SLE)

SLE update: This agreement and related IU plan offering details are operational in nature and may be modified any time by IU. IU will communicate in advance proposed changes to customer. The customer may terminate the customer relationship without penalty if all parties cannot abide by the revisions. This agreement supersedes any previous service level expectation.

5.3 Miscellaneous

Force Majeure: Except for the obligation to pay monies due and owing, neither party shall be liable for any delay or failure in performance due to an event outside the defaulting party's reasonable control, including without limitation, acts of God, earthquakes, labor disputes, shortages of supplies, actions of governmental entities, riots, war, fire, epidemics, or other circumstances beyond its reasonable control. The obligations and rights of the excused party shall be extended on a day-to-day basis for the period equal to the period of the excusable delay.

This is document bfqd in the Knowledge Base.
Last modified on 2015-09-01 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.