Embed Size (px)
Citation preview
Dell Cloud On Demand with CenturyLink
Introduction to your service The Dell Cloud On Demand with CenturyLink (the “Service”) is an infrastructure as a service (IaaS) product that includes virtual compute, storage and networking services as well as cloud management functions. This Service Description and the
attached appendices (collectively, the “Service Description”) describe the Service being provided to you (“Customer” or “you”) as well as what to expect for your implementation on Dell Cloud On Demand with CenturyLink.
2
Service description ..........................................................................................................................3
Single service tier ........................................................................................................................3
Guest operating systems .......................................................................................................... 4
Virtual servers .............................................................................................................................. 4
Cloud management ................................................................................................................... 4
Networking .................................................................................................................................. 4
Backup and recovery ..................................................................................................................5
Onboarding process ...................................................................................................................5
Support ..........................................................................................................................................5
Customer responsibilities ......................................................................................................... 6
The Dell Cloud On Demand with CenturyLink support responsibilities ......................... 6
Miscellaneous ............................................................................................................................. 6
Terms and conditions .................................................................................................................7
Appendix A: Service Level Agreement (SLA) for Dell Cloud On Demand with CenturyLink ............................................................................................................................ 8
Appendix B: Security Statement for Dell Cloud On Demand with CenturyLink .............. 11
Table of contents
3
Single Service TierThe Dell Cloud On Demand with CenturyLink offers a single tier of Service. The service is based on VMware vSphere 5, and includes significant customization with enhanced functionality for public cloud deployments. Customers may create and manage virtual machines, storage, and networking resources with an online portal, or via APIs. See Table 1 for a summary of the offering and billing metrics.
This single service tier is a multi-tenant service that enables a customer to place workloads on Dell’s cloud in a flexible manner. Most fees are charged on an hourly basis (when virtual machines (“VMs”) are “powered-on”), while some are charged on a monthly or one-time basis.
No hardware or software is being transferred, sold, leased or licensed to Customer under this Service Description. To the extent the Dell Cloud On Demand with CenturyLink uses hardware or software as part of its delivery of the Service, such hardware or software will be licensed, owned or otherwise held by Dell and/or CenturyLink.
Service description
vCPU (1 Core @ minimum 2 GHz processor)
vRAM (GB)
Virtual Machine Storage (GB)
Remote SAN Storage (GB)
High Performance Remote SAN Storage (GB)
Object Storage (GB)
Simple Backup Service (GB)
Data Center Cross Connect (1 Gbps port connection)
Data Transfer / Bandwidth for VMs and VPNs (1 Mbps,
measured at 95/5)
Data Transfer / Inbound & Outbound for object storage
(1 GB transferred)
Site to Site VPN Connection (Does not include bandwidth)
Private VLAN (First One Free, Each Additional VLAN)
External IP address
Shared Load Balancer (Virtual Appliance)
Ubuntu, CentOS, Debian Linux Distributions
Windows Server 2003/2008/2012 License
Red Hat Enterprise Linux
Additional 3rd Party Software
Account Management, API Access, Orchestration,
Monitoring, Role-based Access Controls, Governance
24x7 Access to NOC Engineers (Phone, Email, Chat)
Hourly (Running)
Hourly (Running)
Hourly (Allocated)
Hourly (Allocated)
Hourly (Allocated)
Hourly (Allocated)
Hourly (Allocated)
Monthly (Fixed)
Usage (95/5)
Usage (GB)
Monthly (Fixed)
Monthly (Fixed)
Monthly (Fixed)
Hourly (Used)
Open Source License
Hourly (Allocated)
Hourly (Allocated)
Monthly (Fixed)
Included
Included
vCPU
RAM
Storage
Networking
SPLA & licensing
Control portal
Support
DescriptionDell Cloud On Demand with CenturyLink
Table 1: Product Offering with Billing Metrics
4
Guest operating systemsYou may use one of the operating system (“OS”) Templates available on Dell Cloud On Demand with CenturyLink via various SPLA packages, or import your own OS image. Customer is responsible for obtaining software license rights for any software used in connection with the Service.
Customers may provision servers that run Windows Server 2012/2008 R2/2003, CentOS 5/6, Debian 7, Red Hat Enterprise Linux 6, and Ubuntu 12/10. In addition, customers may load their own OS images to the Dell Cloud On Demand with CenturyLink.
Virtual serversThe Service includes virtual private cloud servers for scale and flexibility, along with unique security, performance, and management features common to internal data centers. You have significant flexibility in creating and updating virtual servers; each VM can be built to specific requirements (up to 16 vCPUs, 128 GB of RAM, and 1024 GB local block storage), instead of choosing between pre-configured options.
Cloud managementYou receive cloud management capabilities as part the Services at no additional charges. These specific capabilities include:
• Account Management: Support for complex cloud deployments. Includes sub-account hierarchies, billing reports, and private- labeling options
• API: Access comprehensive cloud management functions via HTTP and SOAP-based web services
• Cloud Blueprints: Build “templates” of cloud environments to assist in the rapid deployment of complex applications. Advanced cloud orchestration capabilities
• Groups: Organize, manage, and monitor collections of cloud servers as a single unit
• Maintenance Mode: Toggle monitoring functions on a server, or a Group of servers
• Monitoring: Build and customize thresholds for compute, storage, and network resources across servers. Configure alerts to notify users before performance is compromised
• Scheduling: Automatically schedule and complete key admin tasks for virtual machines
NetworkingThe networking features of this Service consist of physical and virtual components. You may be charged for data leaving Dell Cloud On Demand with CenturyLink datacenters going to the Internet. Data bandwidth in and data between VMs in the same datacenter will not be charged. Dell Cloud On Demand with CenturyLink is responsible for operating, maintaining, and troubleshooting all physical network components residing in Dell Cloud On Demand with CenturyLink datacenters. Customer is responsible for operating, maintaining, and troubleshooting all virtual networking components created in its virtual environments. The network for the Dell Cloud On Demand with CenturyLink relies on an ISP-neutral Internet connection and enterprise-grade Juniper SRX hardware
to reliability deliver safe traffic to virtual machines. Customers integrate with the Services network through VPN tunnels and intra-data center direct connect. The available network services are:
• Bandwidth: Redundant, high-speed connectivity across the Dell Cloud On Demand with CenturyLink’s global network of data centers. Billed at 95/5 usage
• CDN: Services to provide scalable, high-performance content delivery for static objects and streaming media
• Direct Connect: A dedicated network connection between a company network and the Dell Cloud On Demand with CenturyLink datacenters. MPLS also available
• Firewall: Administer custom firewall policies within a single data center and across multiple data centers. Create and manage VLANs
• Load Balancing: Self-service solutions to help cloud applications perform as traffic rapidly changes. Available as a virtual appliance, supporting traffic from 200 Mbps up to 1000 Mbps. SSL offload also supported. Dedicated options also available
• VPN: Secure access to the Dell Cloud On Demand with CenturyLink cloud through client VPN or IPsec point-to-point VPN tunnel. Fully self-service
Guest operating system template
Centos 5
Centos 6
Debian 7
Red Hat Enterprise Linux 6
Ubuntu 10
Ubuntu 12
Windows Server 2003 R2
Windows Server 2008 R2
Windows Server 2012
32-bit x86 64-bit x64
Table 2: Available Guest Operating System Templates
5
Backup and deliveryThe Dell Cloud On Demand with CenturyLink performs daily snapshots of all storage arrays and maintains copies for a rolling 5-day period; this is included in the standard block storage offering at no additional charge. For an additional charge, you may choose a premium storage tier that includes daily backups on a rolling 14-day schedule, with daily backups stored at a secondary datacenter. Backup is done at a VM level (selection of individual files is not supported).
Onboarding processThe Dell Cloud On Demand with CenturyLink ’s Global Onboarding Team will collaborate with designated Customer contacts to provide standardized onboarding of the Service. The standard onboarding Service will include:
• A named technical contact to answer questions and facilitate onboarding
• An online demonstration that includes a detailed overview of Services Control Portal, focusing on:
– How to build and connect to virtual servers
– Managing servers and resources; a deep review of Groups functionality
– User management – Invoicing review and analysis – Reporting and monitoring
capabilities – Assistance configuring site
to site VPNs
• Assistance building up to 4 virtual servers
• Assistance creating user IDs for internal staff
• Best practices for important cloud management activities such as server deployment and management, backups, and operational procedures
• Assistance for managed services deployment and configuration (i.e. setting up a patch management schedule, helping deploy anti-virus tools)
• Recommendations for maximizing ROI and minimizing spend on the platform
The activation date (“Activation Date”) of this Service Description is the date on which the related Order Form is executed by the Customer and accepted by Dell. Billing will begin at the conclusion of Provisioning (the “Billing Start Date”).
SupportCustomer can identify up to 10 administrators (“Administrators”) for each account to contact the Dell Cloud On Demand with CenturyLink Support via email, or online chat. Administrators can be named and modified the Customer at any time in a self-service manner. Support may be provided outside of the country or region in which Customer or Customer’s end users reside. If you are a U.S. Federal Customer, you acknowledge and agree that the Service uses commercial, non- Federal license keys and that you waive any right to receive U.S.-based support services and any other features offered by Federal license keys. If you are purchasing this Service through a reseller, your reseller will provide first level (and sometimes second level) support, and not the Dell Cloud On Demand with CenturyLink.
6
Customer responsibilities• Customer will support onboarding
activities set forth herein for the Service.
• Customer represents and warrants that it has or it will have prior to using the Service all licenses necessary in connection with all software and applications used for or with the Service.
• Customer will provide timely access to Customer resources, including but not limited to, virtualization administrators, and engineering and project management. Dell and the Customer to agree on standard access protocols.
• The Customer is responsible for modifying and tracking changes to its environment
• Configuration/software/data backups. It is the Customer’s responsibility to perform complete backups of all existing data, software, and programs. NOTWITHSTANDING ANYTHING CONTAINED HEREIN TO THE CONTRARY OR THE DELL CLOUD ON DEMAND WITH CENTURYLINK’S PERFORMANCE OF BASIC SNAPSHOT SERVICES OR BACKUP AND RECOVERY SERVICES, DELL NOR CENTURYLINK WILL HAVE NO LIABILITY FOR LOSS OR RECOVERY OF DATA OR PROGRAMS or loss of use of system(s) arising out of the Service or support or any act or omission, including negligence, by Dell or a third-party service provider.
• Customer is responsible for all design and implementation of network security settings and requirements definition.
• If Customer purchases the optional Direct Connect / MPLS Service, a 3-way agreement between Customer, the Dell Cloud On Demand with CenturyLink, and the selected carrier must be executed prior to or concurrently with the execution of this Service Description. Customer is responsible for establishing network connectivity on its side.
• Customer is responsible for all application and performance monitoring.
The Dell Cloud On Demand with CenturyLink Support Responsibilities• Assist Customer in identifying
causes of issues experienced in Customer’s virtual environment
• Assist in troubleshooting the Dell Cloud On Demand with CenturyLink Control Portal
• Support backup/recovery requests, which may include additional costs and be subject to a separate agreement
• Work with Customer to troubleshoot any dedicated VPN links over the Internet or dedicated WAN links
• Answer questions related to billing and invoices
MiscellaneousThe Dell Cloud On Demand with CenturyLink will provide security in connection with the Service in accordance with the Security Statement attached as Appendix B.
For the avoidance of doubt, the following activities are not included in the scope of this Service Description:
• Any services, tasks or activities other than those specifically noted in this Service Description
• The development of any intellectual property created solely and specifically for the Customer
• Virtualization design• Evaluation of Customer’s IT
operations and organization• Migration of any existing physical
servers into a virtualized server environment
• Virtualization platform software licenses, and
• Application profiling, which includes identification of applications compatible with virtualization and analysis of server/application interdependencies
This Service Description does not confer on Customer any warranties which are in addition to the warranties provided under the terms of your master services agreement or Agreement, as applicable.
To the extent applicable, Customer agrees that the Dell Cloud On Demand with CenturyLink’s privacy and security requirements satisfy any and all obligations under the Family Educational Rights and Privacy Act, 20 USC 1232g, and its implementing regulations, 34 CFR pt. 99 (collectively, “FERPA”) that the Dell Cloud On Demand with CenturyLink may have as a recipient of education records and personally identifiable information contained in such records.
7
Terms and conditionsAvailability varies by country. To learn more, customers and Dell Channel Partners should contact your sales representative for more information.
© 2013 Dell Inc. All rights reserved. Trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell and the Dell logo are trademarks of Dell Inc. in the U.S. and other countries. VMware, the VMware logo, VMware vSphere are trademarks of VMware, Inc. in the U.S. and other countries. Specifications are correct at date of publication but are subject to availability or change without notice at any time. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. This Service Description is governed by and subject to the terms and conditions in Customer’s separate signed master services agreement with Dell to the extent such agreement explicitly authorizes Customer to order the Service or, in the absence of such agreement, Dell’s terms and conditions of sale apply and are available on request or online as noted in Table 3.
For Customer purchasing directly from Dell, by entering into this Service Description, Customer acknowledges Customer has read and understood the Cloud Solutions Agreement and Customer agrees to be bound by the Cloud Solutions Agreement.
For Customer in Europe, the Middle East or Africa purchasing the Service through a reseller and not directly from Dell, this Service Description and other Dell service documents which you may receive from your seller shall not constitute an agreement between you and Dell but shall serve only to describe the content of Service you are purchasing from your seller, your obligations as a recipient of the Service and the boundaries and limitations of such Service. As a consequence hereof any reference to “Customer” in this Service Description and in any other Dell service document shall in this context be understood as a reference to you whereas any reference to Dell shall only be understood as a reference to Dell as a service provider providing the Service on behalf of your seller. You will not have a direct contractual relationship with Dell with regards to the Service described
herein. For the avoidance of doubt any payment terms or other contractual terms which are by their nature solely relevant between a buyer and a seller directly shall not be applicable to you and will be as agreed between you and your seller.
http://www.ctl.io/legal (U.S. English)Worldwide
Terms and conditions applicable to your purchase of the service
Table 3: Terms & Conditions applicable to your purchase of the service
Customer location
8
The following Service Level Agreement (SLA) is applicable to the services listed below that CenturyLink, Inc. (“CenturyLink,” “we,” “us” or “our”) makes available to you (“Customer” or “you”) for a fee. The SLA is not applicable to unrelated third parties or third parties lacking a contractual relationship with CenturyLink. The uptime obligations and the resulting SLA credits are applied on a monthly basis unless specified otherwise. This SLA, all SLA obligations herein, and the service credits are subject to the terms and conditions of the Master Services Agreement between CenturyLink and Customer posted in Client Management section of the Website (the “Control Panel”).
Public Network: CenturyLink ensures 100% uptime on all Public Network services to Customers located in our data centers. All Public Network services include redundant carrier grade Internet backbone connections, advanced intrusion detection systems, denial of service (DOS) mitigation, traffic analysis and detailed bandwidth graphs. This does not include DOS attacks or other unknown variables that can affect Internet traffic.
Private Network: CenturyLink ensures 100% uptime on the Private Network services to Customers located in our data centers. All Private Network services include access to the secure VPN connection, unlimited bandwidth
between servers, unlimited uploads/downloads to servers, access to contracted services, traffic analysis and detailed bandwidth graphs.
Control Panel and API: CenturyLink ensures 99.999% access to the Control Panel and API. Access to the Control Panel is available via the Public and Private Networks. The Control Panel is utilized to fully manage the on-demand IT environments located within the CenturyLink data centers. Control Panel access includes ticketing system access, account management, server management, bandwidth management, backup management and other related services.
Virtual Servers: Individual servers will deliver 99.999% uptime as monitored within the CenturyLink network by CenturyLink monitoring systems. Only failures due to known CenturyLink problems in the hardware and hypervisor layers delivering individual servers constitute failures and as such only they are covered by this SLA. Examples of failures include: power interruptions, hardware problems (such as failures to a hard drive or power supply) and failures to the hypervisor environment supporting Customer servers. Problems related in any way to the Customer server operating system or any other software on the Customer server, or to the actions of Customers or third parties, do not constitute failures and as such
are not covered by this SLA.Cloud Storage: CenturyLink delivers a 99.999% uptime on Cloud Storage. A Cloud Storage failure occurs when a Customer cannot retrieve data because of problems with hardware and/or software in CenturyLink’s control. Data retrieval issues caused by problems connecting to the service, including without limitation problems on the Internet, do not constitute failures and as such are not covered by this SLA. CenturyLink maintains multiple copies of the files and allows customers to enable revision tracking on their cloud environment for restores of data. Customer will receive a service credit for the period of time commencing when a ticket is filed requesting assistance in accessing Customer data until the service is reinstated. Data in this environment (when provisioned as Premium Storage), unless otherwise noted by CenturyLink to the individual customer, is retained for fourteen (14) days onsite in the data center and two (2) days offsite in the secondary data center (disaster recovery location) and when provisioned as Standard Storage is retained for five (5) days onsite in the data center.
Maintenance: At certain times planned maintenance is required on CenturyLink Services and Products that can cause service disruption. Maintenance services can affect the Public Network, Private Network, Control Panel, Virtual
Appendix A:Service Level Agreement (SLA) for Dell Cloud On Demand with CenturyLink
9
Servers, Cloud Storage, Security and other services. CenturyLink will notify Customer of planned maintenance service and will work with the Customer to resolve any issues that they may have with the maintenance service. CenturyLink retains the right to proceed with maintenance services without it affecting the SLA if proper notification has been provided to the Customer.
Limitations: This SLA does not cover (without limitation): (a) network performance to Customer’s physical location or Internet access point (such as a local DSL/cable modem); or (b) failures due to denial of service attacks.
Support Response Time:
EMERGENCY Tickets - 30 minutesCategories include:• Server down• Packet loss• Routing issueAll other Tickets - 60 minutes
For EMERGENCY category issues Customer must create a ticket for which a tracking number will automatically be provided and a support engineer will review the support request within the timeframe listed above. If for some reason Customer does not receive a response within 30 minutes, Customer should escalate via phone at 1.855.349.5607 option 2 to the NOC. CenturyLink may reclassify any Ticket misclassified as falling into one of the EMERGENCY categories listed above, and such Ticket will not qualify for EMERGENCY treatment. Resolution and repair times vary, and this SLA does not address them.
Incident Reports: CenturyLink will provide Customer with an Incident Report via e-mail within twenty-four (24) hours of an incident for incidents resulting in greater than thirty (30) minutes of downtime. The Incident Report will include: incident date, duration, issue, details of the problem and details of the resolution.
Domain Name Services: CenturyLink delivers a 100% uptime for domain name servers (DNS) on the Dynect network. A period of DNS failure is any time during which 100% of Dynect’s Domain Name Servers simultaneously fail to respond to requests for name resolution. This SLA does not guarantee propagation of DNS data across the Internet or the hosting of secondary DNS service for Customer’s primary domain in another location, and it does not guarantee against zone inaccuracies due to operator error.
Physical Security: CenturyLink will ensure 24x365 on-site security through the presence of a professional security guard in the data center at all times, charged with enforcing CenturyLink’s security policies. (Those policies require, among other things that CenturyLink employees, vendors and visitors wear a badge and that authorized visitors who have not been issued a permanent badge leave a valid U.S. driver’s license or passport with the guard while in the data center.)
SLA Credit Claim:
CenturyLink’s monitoring systems will log and report service failures that are eligible for service credits. Customer will be notified by the NOC regarding a failure and for failures lasting greater than 30 minutes, Customer will receive an Incident Report per this SLA. CenturyLink will issue to the Customer appropriate service credits for the failure as defined in this SLA (Credit Limitations and Credits Issued sections) and the MSA (Service Levels section).
If a Customer believes that a service failure occurred and/or they were not issued service credits appropriately then the Customer must open a support ticket (a “Ticket”) through the Control Panel or by email to [email protected] and request any credits by accurately detailing the credit request within 45 days of the failure in question. Any Customer making false or repetitive claims will incur a onetime charge of
US $500 per incident for such claims. False or repetitive claims are also a violation of the Master Services Agreement and may be subject to service suspension. Customers participating in malicious or aggressive Internet activities, thereby causing attacks or counter-attacks, do not qualify for SLA claims and shall be deemed in violation of the Acceptable Use Policy posted on the Website.
Credit Limitations:
The minimum period of failure eligible for a credit is 15 minutes, and shorter periods will not be aggregated. The maximum credit shall not exceed one hundred percent (100%) of Customer’s fees for the Service feature in question for the then-current billing month. In the event that multiple periods of failure overlap in time, credits will not be aggregated, and Customer will receive credit only for the longest such period of failure. In the event that a single incident calls for credits pursuant to multiple Parts of this SLA, CenturyLink will award credits for all Service features impacted in a single incident. The maximum credit during a single calendar year, for all Service features combined, is four months’ Service fees, regardless of the length of failure or the number of occurrences. The period of failure for Server Uptime, Network Performance and Domain Name Services (and services above) begins when Customer opens a Ticket and ends when the failure is remedied.
Credits available pursuant to this SLA apply only to future service delivery. CenturyLink is not required to provide refunds pursuant to this SLA. If Customer retains a credit balance on termination of the account in question, such credit is forfeited. Notwithstanding the foregoing, credits will not be applied against fees for professional services, bundled support or setup fees.
10
Notwithstanding any provision to the contrary in this SLA, the following do not constitute failures: (1) downtime during planned maintenance (as defined above) or Emergency Maintenance (as defined below) periods; (2) outages caused by acts or omissions of Customer, including its applications, equipment or facilities, or by any use or user of the Service authorized by Customer; (3) outages caused by hackers, sabotage, viruses, worms or other third party wrongful actions; (4) DNS issues outside of CenturyLink’s control; (5) outages resulting from Internet anomalies outside of CenturyLink’s control; (6) outages resulting from fires, explosions, or force majeure; (7) outages to the Control Panel, and (8) failures during a “beta” period.
“Emergency Maintenance” refers to any corrective action intended to remedy conditions likely to cause severe Service degradation, as designated by CenturyLink in its sole discretion. Emergency Maintenance may include but is not limited to actions intended to address hardware or software failures or viruses/worms. CenturyLink will exercise reasonable efforts to inform Customer in advance before interrupting the Service for Emergency Maintenance, but such notice is not guaranteed and failure thereof does not constitute failure.Credit Issued: For all SLA’s, CenturyLink issues service credits at a credit factor of 45 times the hourly cost for every hour of downtime. The service credit formula is as follows:
Hours of Credit Eligible Downtime x Credit Factor x Product and/or Service Hourly Cost = Service Credit.
Credit Eligible Downtime = Time (in hours) past the SLA greater than 15 minutes excluding allowable downtimeCredit Factor = 45
Product and/or Service Hourly Cost = Customer’s billing rate/hour during period of downtime
Example 1: Virtual Server (99.999% SLA) that has a failure lasting 1 hour 45 minutes (1.75 hours)
1.75 hours x 45 credit factor x $ .45/hour = US $35.44.
11
Commitment to Security
The Service is an infrastructure as a service (IaaS) product that includes virtual compute, storage, and networking services as well as cloud management functions.
The Service is designed and built to address key security aspects, including:
• Integrity: Through Internet Protocol Security (IPsec) and Secure Socket Layer (SSL) connections, the Service provides industry standard encryption and message authentication to help ensure that customer data cannot be modified during transmission.
• Confidentiality: The Service is designed to allow only authorized users to access information within their virtual environment.
• Availability: The Service uses mission-critical, highly robust, top-tier datacenters, designed to enable service availability at all times.
Overview
The Service uses the following controls to ensure that the integrity, confidentiality and availability of your information meet strong standards:
Physical controls, including environmental controls, are countermeasures that affect the physical environment; for example, access controls, fire prevention systems, cooling systems, exit routes, security personnel and datacenter surveillance monitoring.1
Technical controls (also called logical controls) are countermeasures that rely upon use of technology to mitigate risk; for example, firewalls, intrusion detection and prevention systems, and encryption mechanisms.
Administrative controls are countermeasures that involve policy and procedures; for example, security and escalation policies, log audits, vulnerability scanning and penetration testing.
Physical Controls
Service datacenters are designed to support and protect mission-critical operations. These datacenters provide multi-level physical security features and a rigidly-controlled operating environment to help protect customer assets and operations. Service
datacenters are audited regularly to the SAS-70 Type 2 / SSAE 16 Type 2 standard. Audit results are available upon request.
• Access and Security Controls: Access to Service datacenters is highly controlled. All entrances are monitored and have alarms for protection. These datacenters are staffed with 24-hour security officers to augment physical security features, providing protection of your operations.
• CCTV Digital Recorders: CCTV security cameras monitor designated sensitive areas.
• Fire Suppression: Industry standard fire suppression systems for multi-tenant datacenters are in use.
• Environmental Controls: Service datacenters are constructed to meet the highest standards of redundancy. Service datacenters also include critical power and cooling systems that are provisioned with appropriate redundant failover infrastructure. The critical power and cooling infrastructure is backed up by an emergency power generation system.
Appendix B:Security Statement for Dell Cloud On Demand with CenturyLink
1 The controls outlined in this Appendix are designed to provide strong data security safeguards that meet the needs of a typical user. They are not intended or designed to address all industry specific requirements that are driven by regulatory requirements such as HIPAA or PCI. Users with specific data security requirements that exceed the controls listed in this Appendix should discuss alternative cloud solutions with their Dell representative. To the extent Dell receives or otherwise has access to Customer’s “education records” and “personally identifiable information” contained in such records, as such terms are defined in FERPA, Dell acknowledges that it is subject to the requirements of 34 CFR § 99.33(a) governing the use and re-disclosure of personally identifiable information in education records.
This service description is for information purposes only, and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. Product and service availability varies by country. To learn more, customers and Dell Channel Partners should contact their sales representative for more information. Specifications are correct at date of publication but are subject to availability or change without notice at any time. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell’s Terms and Conditions of Sales and Service apply and are available on request. Dell and the Dell logo are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. © 2013 Dell Inc. All rights reserved. December 2013 | D354 - Dell Cloud On Demand with CenturyLink.indd | Rev. 1.3
Scan or click this code to learn how Dell Services can help your organization.
Technical Controls
• Network and System Security: Multiple levels of disparate defenses are used to protect customer information and strictly control network access to the datacenter. Customers connect with the Service via IPsec and SSL connections to provide industry-standard link encryption and message authentication to help ensure that customer data cannot be modified during transmission. All access to servers is strictly monitored. In addition, Service servers are configured to prevent intrusions and protect against day-to-day threats. The servers are selected and configured to maximize their reliability, security, scalability and efficiency.
• Firewalls: Customer data transfers are made from the customer’s environment to the Service system via standard Internet Protocol Security (IPsec) or Secure Socket Layer (SSL) connections through the customer’s firewall. All non-required firewall ports are blocked on the Service firewalls.
• Intrusion Prevention Systems: The Dell Cloud On Demand with CenturyLink uses enterprise-grade intrusion detection / intrusion prevention systems (IDS/IPS) within the Service infrastructure to provide another mechanism for the early detection and prevention of data breaches.
• Access Controls: Access to corporate systems is restricted, based on procedures to ensure appropriate approvals. To reduce the risk of misuse, intentional or otherwise, access is provided based on segregation of duties and least privileges. Remote access and wireless computing capabilities are restricted and require that both user and system safeguards are in place. Specific event logs from key devices and systems are centrally collected and reported on an exceptions basis to enable incident response and forensic investigations by recognized experts in this area.
• Vulnerability Scanning and Penetration Testing: Internal and external vulnerability scans are performed on the Dell Cloud On Demand with CenturyLink’s cloud infrastructure periodically and after any significant change in the network. External and internal penetration tests, including network- and application-layer penetration tests are performed annually and after any significant infrastructure or application upgrades or modifications.
Administrative Controls
• Data Center Access History: Physical access history to the datacenters is recorded.
• Personnel Security: All users with access to the Service environment are responsible for compliance with Dell information security policies and standards. As part of the employment process, employees undergo a screening process applicable per regional law.
• Communications and Operations Management: Changes to the Service infrastructure, systems and applications are managed through a centralized change management program, which includes testing, back out procedures, business impact analysis and management approval, where appropriate.
Incident response procedures exist for security and data protection incidents. The procedures include incident analysis, containment, response, remediation, reporting and procedures for returning to normal operations.
To protect against malicious use of assets and malicious software, the following additional controls are implemented: designated development and test environments; malware detection on servers, desktops and notebooks; email attachment malware scanning; and information handling procedures based on data type, application and network security.
