Table of Contents
- Roles and Responsibilities
- Access Management
- Capacity Management
- Service Commitments
- Appendixes
DoIT Responsibilities
- Hardware, servers, and storage devices
- DoIT will maintain development and production server environments and provide routine maintenance.
- DoIT will communicate and coordinate with the customer to ensure minimal service disruption. (See Change Management section and Incident Management section)
- DoIT will provide necessary testing on development servers before changes are applied to production servers. Modifications that must be moved to production will be coordinated with the customer through the DoIT Change Management Process.
- Changes in application, software, and hardware requirements must be reviewed / approved by the customer and provided to DoIT in a timely manner. New requirements are subject to DoIT resource review and possible renegotiation of the SLA.
- DoIT will maintain and facilitate hardware support agreements for machines covered under this SLA.
- All virtual machines and databases have Tivoli Storage Manager client installed for client-side daily backups. In addition, Spectrum Protect Plus is used to backup virtual machines daily.
- All servers will be required to maintain Server Logging per CSU requirement. DoIT will identify and configure system level logging.
- Servers and databases that contain level 1 data will be encrypted.
- Applications
- Where applicable, DoIT will provide Oracle database administration for select servers as indicated in Appendix B (if applicable).
- Where applicable, DoIT will install and monitor scripts to check the Oracle Alert Logs and report on any errors.
- Where applicable, DoIT will install and monitor scripts to check on the Oracle Listener to determine if it is running. Non-production instances will send an alert to the DBAs. Production instances will send an alert and will automatically try to restart the Listener.
- Where applicable, DoIT will perform the scheduled Oracle database exports to provide a point in time backup.
- Where applicable, DoIT will install the quarterly Oracle security patches.
- Where applicable, DoIT will perform Oracle version upgrades as necessary to maintain supported versions of Oracle. (Systems & Databases - Note that 9i is no longer fully supported)
- Where applicable, DoIT will work with the applications team to assist in research for performance issues and in making recommendations, and if appropriate, making changes to the database to resolve performance issues.
- Where applicable, DoIT will install all software updates as part of this agreement, unless other arrangements are agreed upon by DoIT and the customer in advance. Request for software installation by the customer will go through the DoIT Service Request Process (see Appendix C) and DoIT Change Management process.
- Operating systems (OS)
- DoIT will maintain all operating systems and will follow current DoIT standards for performance, stability, and security, unless otherwise required by vendors and/or manufacturers.
- Patches and OS updates will be loaded by DoIT in development environment before applying to production. The customer will test the application in development and identify and communicate issues as soon as possible.
- Patches and OS update installation on production servers will be communicated and coordinated through the DoIT change management process after approval is provided by the customer. Installation will follow DoITs' existing standard patch and update schedule unless an exception is requested.
- New OS software requirements must be communicated to DoIT in a timely manner and are subject to DoIT resource review and possibly renegotiation of the SLA.
- Creation, suspension, and revocation of server accounts will follow the DoIT Service Request Process (Appendix C).
- DoIT will perform virus scans and remediation for servers covered on this agreement. Scan activities will be closely coordinated with the customer to ensure no impact to service.
- DoIT Security will perform regular vulnerability scanning of both servers and applications. DoIT will ensure remediation of system vulnerability findings within 45 days of scan.
- Network configurations
- Firewall services will be provided. Migration to firewall services will be provided during a time that is mutually convenient.
- Changes to networking configurations will be accommodated through the DoIT Service Request Process (Appendix C).
Customer Responsibilities
The customer has responsibility for the business and application relationship with vendors and will continue to use and manage the application layer. The customer is responsible for software/application maintenance. Key tasks include:
- Hardware, servers and storage devices
- Changes in vendor hardware requirements must be reviewed by the customer and provided to DoIT as soon as possible. DoIT will provide an internal review of such requests and will respond in a timely manner.
- Changes to hardware, server, and storage requirements will be reviewed to ensure resource availability. Additional resource requirements may require additional costs.
- The customer is responsible to identify the level of data housed on their server and/or database. Level 1 data will require the server and/or database to be encrypted.
- Applications
- The customer will provide copies of software licenses as reference material for DoIT.
- Updates and/or modification to application software will follow the DoIT Service Request Process (Appendix C) to ensure requirements and instruction are effectively communicated to DoIT.
- The customer will conduct all application testing in development environments and will provide DoIT with written confirmation of acceptance through the DoIT Service Request Process (Appendix C) before move to production takes place.
- The customer is responsible for application support, administration, and related tasks. This responsibility includes all software licensing charges (as appropriate), software vendor contracts, technical support, and software updates as appropriate.
- The customer is responsible for application configuration, typically performed via administration screens. DoIT will ensure that adequate access is granted for the authorized customer staff to perform their tasks.
- The customer is responsible for application development and troubleshooting.
- The customer is responsible for vendor contact for all aspects of application functionality, releases, and debugging. Application issues relating to the OS and virtual environment will be coordinated with DoIT.
- The customer will provide documentation about application dependencies. The purpose of providing dependency documentation is to address any startup or shutdown sequencing that may need to be done, to ensure application data is not compromised.
- The customer will maintain the appropriate level of application security required for end users to access their data.
- DoIT Security will perform regular vulnerability scanning of both servers and applications. The customer will ensure remediation of application vulnerability findings within 45 days of scan.
- All servers will be required to maintain Server Logging per CSU requirement. The customer is responsible to identify and configure application level logging.
- The customer is required to maintain privileged access forms for all users that are granted privileged access to the application. A privileged access user is authorized to perform application layer configurations and functions a standard user is unable to perform. The customer is responsible to audit privileged access (user access review) on an annual basis. Privileged access forms should be made available to DoIT upon request.
- The application must meet University password standards. It is strongly recommended that the application authenticate via DoIT infrastructure (AD/AAD/ADLDS) to ensure password compliance.
- Operating systems
- Customer is responsible for testing the applications in development and identifying issues in a timely manner.
- Copies of any licenses associated with the OS should be provided to DoIT for reference purposes.
Server Access Management will be managed through the DoIT Service Request Process (Appendix C). Server access and audit information can be provided upon request.
DoIT will develop benchmarks based on current virtual environment for disk space, memory, CPUs, and network. Based upon these benchmarks, expected growth/contraction will be monitored. If growth/contraction exceeds 20% of the original environmental footprint, costing associated with the SLA will be renegotiated. This means, for example, if the total number of CPU's in the environmental footprint is 20 and growth exceeds 4 additional, it will exceed the 20% growth/contraction stipulation. Note the same thing occurs if the environments shrink by 4 CPU's.
Service Hours, Response Times, and Trouble Reporting
DoIT will provide 24 X 7 X 365 server monitoring. The following table details Service Hours, DoIT response times, and the trouble-report process.
SERVICE HOURS |
DoIT RESPONSE TIME |
TROUBLE-REPORTING |
(Regular business hours)
Monday-Friday,
7:00 am-5:30 pm |
Within 1 business hour |
All customer support will be available by calling the DoIT Desktop Support line at 562-985-8344, including after hours, weekends, and holidays. An internal DoIT process is in place for escalating incidents or events to proper channels.
Appendix A shows an order of call escalation in the event no one picks up the DoIT Desktop Support line call. Appendix A is unique to each SLA customer. |
(After business hours)
Monday-Friday,
5:30 pm-7:00 am; and all day Saturday and Sunday |
Within 4 hours
(Production Services) |
|
Holidays |
By 11:30 am the next business day |
|
*Note: Response time is defined as the time between initial report of trouble and time an DoIT staff person contacts the customer to begin resolving the issue.
Server Availability
DoIT will strive to provide 100% server uptime. This excludes planned maintenance. System monitoring will be provided by System Center Operations Manager (SCOM).
Scheduled Maintenance
DoIT will exercise a routine schedule for OS updates, firmware upgrades for blade servers, VMware maintenance release upgrades, storage maintenance, and network and data center maintenance. As stated in Change Management section, advanced notifications will be provided and tested in development environments. A set window of time for standard maintenance will be established for quarterly database maintenance. A set maintenance window will also be identified for windows maintenance.
Incident Management
Unplanned service degradation, interruption, or outage will be managed through the DoIT Incident Management process whereby DoIT will send the customer notification and details about the problem, downtime, and other pertinent incident information. The customer will provide DoIT with a current list of notification recipients. See Appendix A for the notification recipient list. Appendix A is unique to each SLA customer.
Problem Management
Recurring incidents/issues will be managed and escalated within DoIT as needed. The customer will communicate concerns about incidents and problems to the Director, Service Management & Operations as soon as possible. Appendix A provides a list for contacting appropriate parties. Appendix A is unique to each SLA customer.
Change Management
Any maintenance or changes will follow the DoIT Change Management process, which involves a review and approval of documented change requests by the DoIT Change Management Board (Appendix D). When necessary, the process may involve a Change Management Notification to Customer prior to the change. When possible ,DoIT will notify the customer at a minimum of 24 hours in advance. However, the nature of the change activity will determine the amount of time of the advance notification. For example, if the change requires preparation activity by the customer, notification will be provided several days in advance and if the change is urgent, less than 24 hours' notice may be provided. In some cases, change activity will involve detailed discussion between DoIT and the customer technical staff before change activity is approved by the Change Management Board. Emergency Changes will follow the DoIT Emergency Change process.
Repair
DoIT will repair or replace existing equipment at no additional charge for servers covered under this SLA.
Disaster Recovery / Service Continuity
Disaster Recovery / Service Continuity services are available as part of this agreement. Requirements for server recovery and business priority must be identified by the customer and agreed upon by DoIT to ensure recovery activities are agreed upon in disaster situations. This service is forthcoming and will be initiated at an agreed upon time.
Data Storage Backup and Recovery
Standard data retention is 90 days. This means if data is lost or deleted from servers, data that is no older than 90 days can be recovered.
Security
Server security and firewalls (data center firewall) services are included in this agreement. Access management will be provided via server security and data center firewall as requested by the customer and/or required by application.
Ad hoc Requests
DoIT provides service as described in this SLA and will provide "best effort" support for ad-hoc requests related to this service. These requests will need to be provided by the customer using the DoIT Service Request process (Appendix C) and be accompanied by any necessary supportive documentation. DoIT will then review the request and determine whether it may be accommodated, as it relates to the scope of this SLA.
New Server Requests
Given the availability of resources, DoIT will provide analysis and quote (if applicable) within one week of completed request for new server(s). If resources are not available, DoIT will inform the customer within this one week period and establish a timeline of when resources will become available. If the quote is approved by the customer, DoIT will build and establish the new server within three weeks from the time of approval. The new server request process can be found in Appendix E.
Appendix A
Specific to each customer and is a list of hosted systems and their specifications.
Appendix B
Specific to each customer and is a list of people contacts.
Appendix C
Service Request Process
Appendix D
Change Management Process
Appendix E
Server Request Process