Limelight Networks, Inc. Partner Document · 2019. 8. 9. · Limelight’s acceptance, if any, of a Traffic Spike (Accepted Spike), will be given at its sole discretion, within a

Limelight Networks, Inc.

Partner Document August 2019

Partner Document

© 2019 Limelight Networks, Inc. | All Rights Reserved 2 of 35 Revised August 8, 2019

Table of Contents

1. Document Information 3 2. Definitions 3 3. Service Usage, Pricing, and Traffic 4

3.1. Service Usage and Pricing 4 3.2. Traffic Spikes 5 3.3. Traffic Shaping 5

4. Services & Products 6 4.1. Content Delivery Services 6

4.1.1. Content Delivery Levels 6 4.1.2. Content Delivery Add-On Services 7 4.1.3. Activation and Advanced Services 7 4.1.4. Content Delivery Service Information 9

4.2. Origin Storage Services 11 4.2.1. Storage Retrieval 11 4.2.2. Intelligent Ingest 11 4.2.3. Origin Storage Add-On Services 11 4.2.4. Origin Storage Activation and Advanced Services 11 4.2.5. Origin Storage Service Information 11

4.3. Video Delivery Services 13 4.3.1. Video Delivery Levels 13 4.3.2. Video Delivery Add-On Services 14 4.3.3. Video Delivery Activation and Advanced Services 14 4.3.4. Video Delivery Service Information 15

4.4. Realtime Streaming Services 16 4.4.1. Realtime Streaming Levels 16 4.4.2. Realtime Streaming Add-On Services 16 4.4.3. Realtime Streaming Activation and Advanced Services 16 4.4.4. Realtime Streaming Service Information 16

4.5. Content Delivery Security Services 16 4.5.1. Secure Traffic 16 4.5.2. SSL Certificates 16 4.5.3. Content Delivery Security Add-On Services 17 4.5.4. Content Delivery Security Activation and Advanced Services 17 4.5.5. Content Delivery Security Service Information 18

4.6. Cloud Security Services 18 4.6.1. DDoS Attack Interceptor (DAI) Service 18 4.6.2. Web Application Firewall (WAF) 18 4.6.3. Cloud Security Add-On Services 19 4.6.4. Cloud Security Activation and Advanced Services 19 4.6.5. Cloud Security Service Information 20

4.7. Limelight Control 23 5. Dynamic Ad Insertion 23

5.1. Dynamic Ad Insertion Support Levels 23 5.2. Dynamic Ad Insertion Activation & Advanced Services 23

6. Activation Services 23 7. Advanced Services 23

7.1. Advanced Services Tiers 24 7.2. Advanced Services Add-On Services 24 7.3. Analytics 24

7.3.1. EdgeQueryTM (EQ) Custom Query Implementation 24 7.3.2. EdgeQueryTM (EQ) Custom Query Data Storage & Retrieval 24 7.3.3. EdgeQueryTM (EQ) Realtime Data Segment Storage & Retrieval 24 7.3.4. EdgeQueryTM (EQ) Daily Data Segment Storage & Retrieval 24

Appendix A: Service Definitions for Limelight’s DAI Products 25 Appendix B: Limelight Product & Service Feature Descriptions 27 Appendix C: Acronyms & Terms 32

Partner Document


1. Document Information This Partner Document contains descriptions of all services offered by Limelight, including usage requirements, calculation methodologies for invoicing, and other terms.

Capitalized words without definition used in this Partner Document have the meanings assigned to them in the appendices, the Terms of Service, the applicable Order Form, and/ or the Service Level Agreement (SLA).

Product/ Service names and features in blue text link to descriptions in the Limelight Service and Product Features section of this document.

2. Definitions Term Definition 5 Minute Data Sample(s) Limelight’s measurement in megabits per second (Mbps), or other bits-per-second unit, of Customer’s total Traffic,

or the uncompressed equivalent, every 5 minutes for each service connection

95th Percentile or 95/5 For Services measured in a bit-per-second unit, Limelight’s measurement every 5-minutes of Customer's Usage, where the highest 5 percent (5%) of the measured Usage is discarded, and the next highest remaining data point is the “95th Percentile”

Annually Recurring Fee(s) A Fee or Fees for Services invoiced one time per calendar year

Average Bit Rate The average of 5 Minute Data Samples in a Billing Period

Base Unit Price The Unit Price applied to Usage, prior to the addition of any Premium Rates

Billing Period A monthly interval of time corresponding to each invoice issued for Customer’s Usage of the Services, unless otherwise designated in an Order Form. The first and last Billing Period may be an interval less than one month.

Burstable Rate The Unit Price for Overages

Customer Portal The Limelight customer control and self-service center portal, sometimes referred to as Control, which is a web-based user interface for Customer to read reports, upload relevant files, create directories, view geographic file locations, and more

Fee(s) Sum(s) to be invoices by Limelight and paid by Customer

Minimum Commitment Customer’s commitment for the duration of the Term to purchase the minimum quantity of Services at the corresponding Unit Prices and Fees as set forth in the Order Form. The Minimum Commitment may include Monthly Recurring Fees, One-Time Fees, Annually Recurring Fees, and any other minimum quantity of Services as set forth in the Order Form.

Minimum Monthly Commitment

Customer’s commitment to purchase the monthly minimum quantity of Services and to pay the Monthly Recurring Fees each Billing Period, as set forth in the Order Form

Monthly Recurring Fee(s) Fee(s) for Services incurred each calendar month and invoiced on a per-Billing Period basis during the Term

One-Time Fee(s) Fee(s) invoiced one time during the Term

Overages Usage in excess of a Usage Commitment

Platform Fee(s) Fixed Fee(s) for accessing the applicable Service each Billing Period

Point of Presence A facility or server within the Limelight network used to provide Services to Customers

Premium Rate A Unit Price in addition to, and not in lieu of, the otherwise applicable Unit Price(s) or Fee(s)

Purchase Commitment Any portion of the Minimum Commitment expressed in United States dollars or other approved currency

Region(al) A discrete geographical area as defined in an Order Form

Regional Hosting Hosting for a specific Region

Request An inquiry to a server to take action either received by the Limelight network or issued by the Limelight network to an origin, regardless of the incidence or type of response

Scope A type of project plan signed by Limelight and the Customer to ensure both parties agree on the same terms under which Limelight will deliver certain services to the Customer

Service Activation Date The date Limelight makes the applicable Services on an Order Form available to Customer or otherwise begins to perform the Services

https://www.limelight.com/terms-of-service/

Partner Document


3. Service Usage, Pricing, and Traffic

3.1. Service Usage and Pricing

3.1.1. Measuring Usage For Services measured in megabits per second (Mbps), gigabits per second (Gbps), or other bit-per-second unit, Usage is based on the 95th Percentile. Services measured in megabytes (MB), gigabytes (GB), terabytes (TB), or petabytes (PB) are invoiced based on cumulative total of Usage, or the uncompressed equivalent, as measured by Limelight. Other Services are invoiced by measuring Usage in the form of the number of Requests, Queries per Second (QPS), the number of hours consumed, or other unit of measure set forth in the Order Form.

Regional Calculations Limelight measures Customer’s Usage on a regional basis, as further provided in this Partner Document and/or Customer’s Order Form.

3.1.2. Invoicing This section describes how Limelight invoices for Services, as well as certain Usage requirements and general Service-related information applicable to the purchase and use of Services. ▪ Invoicing for any particular Service begins on the Service Activation Date for that Service. ▪ One-Time Fees and Annually Recurring Fees are invoiced in advance, following the Effective Date. Monthly

Recurring Fees are invoiced in advance each Billing Period, irrespective of whether Customer uses or satisfies the Usage Commitment. Usage not otherwise included in the Monthly Recurring Fees and Overages is invoiced in arrears each Billing Period.

▪ Any unused portion of the Usage Commitment, if any, does not carry over to any subsequent Billing Period. ▪ If a separate Burstable Rate is not set forth in the applicable Order Form, the Unit Price otherwise stated in

the Order Form applies. Overages are invoiced by multiplying the excess Usage by the applicable Burstable Rate or other applicable Unit Price.

▪ Minimum Commitments are calculated using Usage at the applicable Base Unit Price, without regard to Premium Rates or other Fees.

▪ Customer’s use of the Service means acceptance of delivery of invoices by electronic mail. However, Limelight reserves the right to use other methods of delivery. An additional form of delivery may be available upon Customer’s written request.

Statement of Work A contractual agreement between Limelight and Customer defining specific activities, deliverables, and timelines

Traffic Content sent or received by or on behalf of Customer utilizing the Services

Unit Price The per-unit Fee for Usage of a Service

Uniform Resource Locator The address of a resource (such as a website) on the Internet that consists of a communications protocol, then the name or address of a computer on a network(s), and may also include additional locating information, like a hostname or filename.

Usage The amount of Customer’s utilization of a particular Service.

Usage Commitment That portion of the Minimum Commitment that relates to Usage

Partner Document


3.2. Traffic Spikes Traffic Spike means a 5 Minute Data Sample indicating Customer's bandwidth utilization increases by more than 20 percent over Customer's prior usage, as averaged over the immediately preceding three months for the same time of day and the same geographic location. Traffic Spikes are excluded from Service Level Agreements, credits, or remedies, and Limelight reserves the right, at its sole discretion, to use Traffic Shaping and/ or deny, suspend, or terminate Services in the event that Customer’s Traffic creates a Traffic Spike.

Customer must provide Limelight advance notice of a Traffic Spike no less than 48 hours prior to the Traffic Spike; this notice (Spike Notice) will set forth anticipated Usage. Limelight’s acceptance, if any, of a Traffic Spike (Accepted Spike), will be given at its sole discretion, within a reasonable time after Limelight’s receipt of the Spike Notice, and prior to the anticipated Traffic Spike. Accepted Spikes may be included in a Service Level Agreement, but only at Limelight’s sole discretion and upon written notice to Customer.

3.3. Traffic Shaping Traffic Shaping means Limelight’s manipulation and prioritization of Traffic for more efficient use of bandwidth to reduce the impact of that Traffic from affecting other Limelight customers and the Limelight network, including but not limited to throttling, rate limiting, or geographically redistributing of Traffic.

Partner Document


4. Services & Products 4.1. Content Delivery Services

4.1.1. Content Delivery Levels Professional Premier Enterprise*

Reporting & Analytics

Basic Premium Premium Control portal

Custom views (sub reports)

Live logs

Control reporting APIs

Content Delivery

Backup origin support

GZIP Pass-through

GZIP at the Edge

HTTP methods: GET, HEAD

HTTP methods: OPTIONS, POST

HTTP methods: PUT, DELETE

HTTP VOD Streaming

HTTP Live Streaming

MP4 Seek

FLV Seek

Last Mile Acceleration

Rate Limiting

Web Site Caching

HTTP Header Manipulation

Web Site and Application Acceleration

Web Site and Application Device Detection

Video Acceleration

Security

SSL Delivery via *.hs.llnwd.net cert

Geo Fencing

MediaVault

CORS Management

IP Access Control

S3 Authentication

Real-Time Messaging Protocol Encrypted (RTMPE)

SWF Verification

SNI SSL slot for Customer Certificate

Configuration & Management

Self-Configuration

Plus Plus SmartPurge/ SmartPurge Plus

Unlimited Hostnames/ Configurations

Enhancements

Traffic Director

Traffic Director Queries

Global set of dedicated VIPs

Managed DNS

ARC Light

Multi-device Media Delivery On Demand (MMD OD)

MMD OD usage premium

Multi-device Media Delivery Live (MMD Live)

MMD Live usage premium

MMD Live Standard Definition (SD) slot

MMD Live High Definition (HD) slot

MMD Live Full High Definition (FHD) slot

MMD Live Transmux slot

Multi-device Media Delivery Live Live to VOD

Multi-device Media Delivery Digital Rights Management (MMD DRM)

*Enterprise includes a dynamic content acceleration and Web site optimization solution for personalized, complex Web sites and applications delivered to users on any device, anywhere, with virtually instant response times. This feature accelerates personalized content to increase page views and conversion rates, reduce site abandonment, and speed transaction completion. Integrated with the Limelight global Content Delivery Network (CDN), this feature interoperates with and is tailored to the Customer’s existing infrastructure and online application solutions.

Partner Document


4.1.2. Content Delivery Add-On Services Professional Premier Enterprise

DDoS AI

WAF

SSL slots and certificates

Origin Storage

4.1.3. Activation and Advanced Services

Content Delivery Basic Activation ▪ Implementation of Limelight Content Delivery or streaming Services and all their components ▪ In Scope: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training. Best

practices. Handoff to support team. ▪ Not in Scope: Security services. Web development training. Application development training.

Content Delivery Performance Basic Activation ▪ Implementation of dynamic content acceleration for up to 3 fully qualified domains (FQDNs) ▪ Scope

▪ Conduct kickoff call ▪ Confirm Scope ▪ Inspect sites/ headers and determine configuration(s) ▪ Review/ Revise proposal ▪ Schedule recurring implementation status call ▪ Stage configuration(s), test site(s) ▪ Document configuration(s) and review/ request feedback ▪ Train on testing methodologies, order entry, reporting, purge, best practices, go-live, rollback

procedures ▪ Review configuration document ▪ Handoff for final end-to-end QA testing ▪ Confirm acceptance, schedule go-live date ▪ Send confirmation of completion of work (Production Ready) ▪ Handoff to account and support teams ▪ Create basic runbook ▪ Monitor go-live in real-time with engineer ready to assist if go-live is within 2 weeks of Production

Ready

Content Delivery Tailored Performance Activation This Tailored Implementation of Limelight Content Delivery is designed to meet the Customer's specific needs. ▪ Implementation of dynamic content acceleration for up to 3 fully qualified domain names (FQDNs) ▪ Scope will be specifically defined in a Statement of Work (SOW) and may include

▪ 4 or more hostnames requiring configuration ▪ Integration with other Limelight offerings (e.g. Content Delivery, Content Director, Traffic Balancer/

Failover/ Director, Storage, Video, Content Management) ▪ Front-end acceleration implementation (if applicable) ▪ Real-time monitoring or tap-on-the-shoulder assistance during go-live (if more than two weeks after

Production Ready) ▪ Business rules "at the edge" ▪ Cache-key manipulation (e.g. by cookie, header, geo, language) ▪ Mobile device detection ▪ Origin configuration review ▪ End-to-end health-check ▪ Origin load balancing, failover, geo-targeting, or multiple origin locations ▪ Creation of custom views (sub reports) for specific sites, file types, etc. ▪ Creation of runbooks, custom how-to guides, and other custom documentation ▪ Automated performance/ load testing (e.g. Gomez, Keynote, Catchpoint, SOASTA) ▪ Analysis and "matching" of a non-Limelight configuration file/ document ▪ Integration or load balancing between Limelight and another Content Delivery Network (CDN) ▪ Use of wildcard or RegEx (regular expressions) published hostnames (one configuration matching more

than one FQDN) ▪ Implementation begins when the parties have entered into a SOW.

Partner Document


Domain Name Implementation ▪ Additional or new domain names, including copying an existing configuration ▪ 6 hours of planning, testing, and basic documentation ▪ Real-time monitoring of go-live with engineer ready to assist

Geographic Blocking and Anonymizer Blocking ▪ Anonymizer Blocking supports blocking for only IPv4 addresses. IPv6 addresses are not supported. ▪ Data for Geographic Blocking and Anonymizer Blocking is updated weekly.

Traffic Director Optimization Implementation of Traffic Director, up to 25 policies and 50 resources

MMD Live Activation Setup and configuration of MMD Live and/ or provisioning of Transmux (TX), Standard Definition (SD), High Definition (HD), or Full High Definition (FHD) slots per Order Form.

MMD DRM Activation Setup and configuration of MMD DRM

ARC Light Policy Development ▪ Tailored implementation for one or more ARC Light policies to meet customer-specific needs ▪ Scope is specifically defined in a Statement of Work (SOW) and may include access control; URL hashing;

setting or removal of custom headers; logic driven by client IP, region, cookies, or client headers; redirection; origin selection; and cache control settings. Requires scoping.

ARC Light Policy Implementation Customer-specific configuration and implementation of an existing ARC Light policy

Content Delivery Advanced Activation ▪ Implementation of Content Delivery service bundles and all their components ▪ Scope: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training. Best

practices. Handoff to Support. ▪ Out of Scope: Security services. Web development training. App development training.

Content Delivery Tailored Activation ▪ Implementation of Content Delivery or streaming Services and all their components, plus additional services ▪ Web development and API support ▪ Scope is defined in a Statement of Work (SOW) and may include: Custom configurations. Additional services

(not accelerated). API support. Additional training. Project management.

Partner Document


4.1.4. Content Delivery Service Information

Video Acceleration Available to Content Delivery Enterprise customers with Performance Acceleration Premium and Performance Basic Implementation

Managed DNS ▪ Services are invoiced based on bundles of queries per second (QPS) with 95th Percentile. ▪ Managed DNS ▪ Includes Managed DNS Domain, Managed DNS Hostname, and Managed DNS Resource Record ▪ Overage charges may apply for Usage in excess of included services. ▪ Add-on services

▪ Managed DNS Traffic Director: Managed DNS Traffic Director is an external service not hosted on the Limelight network; this offering is different from Limelight’s Traffic Director and is invoiced per hostname.

▪ Managed DNS Private Pool with Vanity Name Servers: Set of nameserver hostnames/ IP addresses ▪ Managed DNS Gold Support: 24/7 phone support; 24/5 monitored email; 1 business-hour response SLA ▪ Managed DNS Platinum Support: 24/7 phone support; 24/7 monitored email; 30-minute response SLA

SmartPurge and SmartPurge Plus ▪ SmartPurge and SmartPurge Plus functionalities allow Customers to initiate and complete the removal of

Content from the globally distributed edge servers on the Limelight network, based on a published URL and origin URL or pattern of URLs.

▪ Requests through SmartPurge and SmartPurge Plus result in Content deletion or invalidation from the network cache. A deletion forces a cache fill from an origin if an end user requests that Content subsequent to the purge. An invalidation forces the network to check with the origin for the correct version of Content if an end user requests that Content subsequent to the purge.

▪ Customer is solely responsible for any loss of Content and Service disruptions, including those caused by requests to Customer’s origin, resulting from the use of SmartPurge or SmartPurge Plus.

RTMP Traffic Premium RTMP Premium includes both RTMP and RTMPE traffic and is charged separately from HTTP base rates.

China Content Delivery ▪ China content delivery is intended to deliver Customer content into mainland China only. ▪ Traffic Director or Managed DNS is strongly recommended for Customers using both Limelight and China

Delivery on the same domain. While not required, this is to ensure requests generated in mainland China are routed properly. Customers take on responsibility for routing if they forgo Traffic Director or Managed DNS.

▪ China ICP license is not sold as a stand-alone product. Every Customer configuration for China content delivery must have an equivalent Limelight product configuration, which is subject to its own package and Fees.

▪ Limelight uses commercially reasonable means to deliver Customer's Content from within China but does not guarantee that all Customer Content will be delivered from within China at all times. Without limiting the foregoing, Limelight does not guarantee specific capacity within China and may, at its sole discretion, restrict the bandwidth available to Customers within China.

▪ Limelight uses multiple third-party partners to deliver Customer Content from within China but does not guarantee use of any specific partner to deliver Customer Content from within China. Limelight, in its sole discretion, determines which partner will deliver Customer Content in China at any time.

▪ Limelight reserves the right at its sole discretion to deliver Customer's Content from geographic areas outside of China based on geography and access to local network connectivity for performance and availability.

▪ Customer is solely responsible at all times to ensure that Customer Content complies with all local laws in China, including but not limited to any registration requirements for Web site(s) hosted within China and using a China top-level domain.

▪ Customer will provide Limelight with any documentation or registration information (including origin IP addresses) reasonably requested by Limelight, and Customer acknowledges and agrees that Limelight is not responsible for any actions or inactions by, or on behalf of, any Chinese government entity that filters, blocks, alters, damages, or otherwise prevents delivery of all or any part of Customer's Content.

▪ Limelight may, at its sole discretion, utilize the services of a third party to deliver all or part of Customer Content in China.

▪ Limelight is not liable to Customer for disclosure by Limelight of the originator of any Customer Content upon direct inquiry from any government authority, and in accordance with applicable law.

Partner Document


▪ If a Chinese Internet Content Provider License (ICP License) is required for delivery of Content in/ to China, Customer is solely responsible, including cost and expense, for obtaining the ICP License.

▪ China ICP License Service is subject to the following stipulations: ▪ It is a third-party Service and is not covered by the Service Level Agreement (SLA), if any, for any other

China Delivery Service. ▪ Depending on license type, obtaining an ICP License may take up to 9 months. ▪ Purchase of this Service requires that the Customer execute a separate ICP License Request Form with

the third-party provider. ▪ Purchase of this Service does not guarantee that Customer will receive a Chinese Internet Content

Provider License ▪ If Customer obtains an ICP License as a result of the purchase of this Service, Customer remains solely

responsible to ensure that Customer Content and use of the Services comply with all local laws, including but not limited to any registration requirements for Web site(s) hosted within China and using a China top-level domain.

▪ China Content Delivery Services: ▪ Traffic delivered within China for customers with an ICP license ▪ China Delivery: Caching and HTTP delivery of static Web site content, including VOD ▪ China Secure Delivery: Caching and HTTPS delivery of static Web site content ▪ China Dynamic Delivery: Interactive content acceleration and TCP transport acceleration ▪ Traffic delivered from PoPs just outside China for customers without an ICP license ▪ China Edge Delivery: Caching and HTTP delivery of static Web site content, including VOD ▪ China Secure Edge Delivery: Caching and HTTPS delivery of static Web site content, including VOD ▪ China Edge Live Streaming: Live streaming of FMS (RTMP), HDS, and HLS (HTTP) ▪ China Storage: Distributed storage or content origin extension ▪ China Content Delivery services included in every bundle: ▪ China Portal: Service usage and reporting ▪ China Logs: Service usage logs ▪ China Purge: Flexible caching rules and content purging abilities ▪ China Pre-Cache: Cache pre-load ▪ China Geo Blocking: Geo restrictions

▪ China Content Delivery Advanced Services: ▪ Content Delivery Basic Activation ▪ Security Basic Implementation

▪ China Content Delivery Add-On Services: ▪ China Anti-hijack & MediaVault: Anti-hijack based on end user IP address and time token ▪ China ICP License: China ICP license acquisition and maintenance to allow customers to deliver content

directly from nodes within China, behind the firewall ▪ China ICP License Management: ICP license management for customers who require third-party

assistance within China to obtain ICP licenses ▪ China Additional Domains: Additional domain names ▪ China Services Configurations: Additional configurations ▪ China Edge Services Configurations: Additional Edge services configurations ▪ China Customer-provided SSL Certificate: Monthly hosting fee for customers requiring HTTPS services

and providing their own SSL certificate ▪ China Catchpoint monitoring: Performance monitoring using the Catchpoint service in China; ten-

minute interval testing across multiple locations in China

Partner Document


4.2. Origin Storage Services

4.2.1. Storage Retrieval

4.2.2. Intelligent Ingest

4.2.3. Origin Storage Add-On Services

Third-Party CDN Service Egress Third-Party Content Delivery Network (CDN) Service Egress entitles Customer to access Origin Storage from third-party CDNs (when used in conjunction with the Limelight CDN).

Origin Storage/ Video Platform Data Content Report Identify Limelight storage contents to be surveyed. Generation of report. Report delivered as text file to customer. URLs have a 30-day MediaVault token expiry.

Intelligent Ingest GB GBs retrieved from customer origin and ingested into Limelight Origin Storage. Invoiced monthly based on GBs ingested.

Intelligent Ingest Requests Requests to retrieve content from Customer origin for ingest into Limelight Origin Storage. Invoiced monthly based on number of successful requests processed.

4.2.4. Origin Storage Activation and Advanced Services Origin Storage Activation Services come in two levels: Basic Activation and Tailored Implementation. Additional Advanced Services, such as Intelligent Ingest, data upload, data export, and reporting are also available.

Origin Storage Basic Activation ▪ Implementation of the Limelight Origin Storage service using one of the standard replication strategies ▪ Scope includes: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training.

Best practices. Handoff to support team.

Origin Storage Tailored Implementation ▪ A storage solution that meets Customer’s specific needs, inclusive of replicated Content and Customer

configurations ▪ Scope is defined in a Statement of Work (SOW) and may include replication, mutators, custom configuration,

additional service (not accelerated), API support, additional training, project management, data export, data upload

▪ Implementation begins when the parties have entered into a Statement of work (SOW).

4.2.5. Origin Storage Service Information ▪ Origin Storage supports FTP and API (HTTP), insecure upload methods, which Customers use at their own

risk. ▪ Intelligent Ingest via Manifest Upload requires Origin Storage Tailored Implementation. ▪ Intelligent Ingest and Content Delivery are discrete Services, and Limelight invoices these and all other

Services separately, as further described in the Order Form and in this document.

Aspera Upload to Origin Storage The monthly Aspera Platform Fee includes an allotted number of GBs per month for ingest to the Limelight Origin Storage Service, as set forth in the Order Form. Unit Prices for Overages are as set forth in the applicable Order Form. The Platform Fee also includes access to the standard 300 Mbps Aspera Enterprise client, and Customer may elect, for additional Fees, a faster Aspera Enterprise client. Aspera Fees are in addition to other applicable Unit Price(s) and Fee(s) for the Services.

Partner Document


Third-Party CDN Service Egress For content residing in Origin Storage, third-party Content Delivery Network(s) (CDNs) service enables customers to egress from Limelight Origin Storage to one or more third-party CDN(s) in addition to egress to the Limelight network. ▪ Where Content is retrieved from Limelight Origin Storage for egress to a third-party CDN, Customer must

ensure that its third-party CDN service(s) are configured to cache that Content. The minimum requirements of this configuration also must align with the expiry time Limelight provides when the Content is sent to the third-party CDN. If Customer fails to configure cache as required for third-party CDN service, Limelight reserves the right, at its sole discretion, to deny, suspend, or terminate Services.

As between Customer and Limelight, Customer must include the appropriate headers required by Customer’s third-party CDN in Customer’s Content object headers, and Limelight will not be liable in connection with Customer’s failure to include appropriate headers.

Partner Document


4.3. Video Delivery Services

4.3.1. Video Delivery Levels Professional Premier Enterprise

Key Features

Media Management Console

1 Account, up to 5 users

H.264 transcoding and Flash playback

Mobile H.264 transcoding and HTML playback (iPhone®, iPad®)

Automatic device detection (Flash/ HTML5)

Multiple bit rates, adaptive streaming delivery

Player language localization

Geo/ Domain viewing restrictions

Video clipper

Advanced player templates

Visual designer for player customization

Player viral sharing tools (embed, email a friend, link, social sharing)

Limelight ad server (pre-roll and post-roll)

Content Delivery Network (CDN)

External publishing – YouTube syndication

Support for closed-caption files

Overview performance metrics

Advanced performance metrics (video, audio, channel reports)

Advanced engagement metrics

Geographic distribution metrics (country, region, city, DMA)

Platform metrics (operating system, device, browser, platform)

Media scheduling

MRSS and iTunes syndication

Third-party ad-network integrations (e.g. Tremor Media)

Third-party ad-server integrations (VAST/VPAID support)

iOS mobile upload app (download from App Store)

Access to mobile SDKs for iOS and Android

FTP ingestion

MRSS content ingestion

Custom metadata properties

Access to advanced Chromeless Player for full customization

Custom encoding

Video Delivery Security Package



Sub-account management (up to 5)

API

Player API access

Content API access (read access)

Callback API

Content API Access (write access)

Analytics API access

Usage

450 GB 1000 GB 2000 GB Video delivery 100 GB 400 GB 500 GB Media hosting

Partner Document


4.3.2. Video Delivery Add-On Services

Professional Premier Enterprise

Custom encoding

Video Delivery Security Package


MMD OD usage premium


MMD Live usage premium

MMD Live Standard Definition (SD) slot

MMD Live High Definition (HD) slot

MMD Live Full High Definition (FHD) slot

MMD Live Transmux slot

Multi-device Media Delivery Live Live to VOD

Additional users

Additional sub-accounts

Multi-device Media Delivery (MMD) Digital Rights Management (DRM)

Advanced upload via Aspera

Google Analytics integration

Omniture integration

Custom third-party ad-server network integration

Custom player development with ChromelessPlayer

Custom third-party analytics engine integration

Custom CDN integration

4.3.3. Video Delivery Activation and Advanced Services Video Delivery Basic Activation Services Implementation for Limelight Video Delivery Professional

Video Delivery Advanced Activation Services Implementation for Limelight Video Delivery Premier and advanced solutions

Video Delivery Tailored Activation Services Implementation for customized Limelight Video Delivery Enterprise and Video MMD Services

Basic Advanced Tailored*

Account creation

Validation

Welcome Letter

Kickoff call and solution review

1 hr 1 hr Training on simple data migration via MRSS or FTP

Custom player development

Custom encoding profiles

Additional training

API support (read)

API support (write)

Additional API support (mobile)

1 hr Control training

Handoff to support team**

*Scope is defined in a Statement of Work (SOW). **Implementation begins when the parties have entered into a Statement

of Work (SOW).

MMD Live Activation Services ▪ Setup and configuration of MMD Live and/or provisioning of Transmux (TX), Standard Definition (SD), High

Definition (HD) or Full High Definition (FHD) slots per Order Form ▪ Setup and configuration of MMD Live Live to VOD

Partner Document


4.3.4. Video Delivery Service Information

Limelight Video Platform (LVP) API Deprecation Policy: Technology moves quickly and from time to time, Limelight deprecates certain API calls. Following a deprecation notice, Limelight uses commercially reasonable efforts to continue to operate the deprecated API for a period of one year after the announcement.

Multi-device Media Delivery On Demand (MMD OD) MMD OD provides delivery of video in multiple formats to various devices from a set of single-format, multi-bitrate media files. ▪ Server-side transmuxing of multi-bitrate files into the same bitrate profiles in other formats to allow for

playback on different devices ▪ Transmuxing of MP4 and M4A to HLS, HDS, MSS, and MPEG-DASH outputs ▪ Transmuxing of ISMV plus manifest to HDS, HLS, MSS, and MPEG-DASH. ▪ Single playback URL output, to be used by Adaptive Bitrate Streaming (ABS) compatible players that

automatically select the best bitrate for the device

Multi-device Media Delivery Digital Rights Management (MMD DRM) DRM may be added to an MMD service to provide licensed access to encrypted Content. ▪ Customers can use any one or a combination of Microsoft PlayReady, Google Widevine, or Apple® FairPlay®

DRMs on Customers’ MMD-delivered Content. ▪ To enable Limelight to use Apple FairPlay DRM on a Customer’s MMD-delivered Content, the Customer

must first apply for and receive an Apple FairPlay Streaming Deployment Package from https://developer.apple.com/streaming/fps/.

▪ License Key Accesses are tracked for reporting and billing purposes.

Multi-device Media Delivery Live (MMD Live) MMD Live provides delivery of live video in multiple formats to various devices from a single video source and format. ▪ Server-side transcoding of a single higher quality bitrate RTMP stream into lower bitrate profiles to allow

for Adaptive Bitrate Streaming (ABS) to reduce buffer for slower end-user Internet connections ▪ Server-side transmuxing of RTMP streams to HLS, MPEG-DASH, HDS, MSS, and RTMP outputs ▪ Optional recording of live streams to MP4 assets that can be used for video on demand ▪ SmartEmbed video player for standard desktop and mobile browser players ▪ MMD Live is sold by slot, and Limelight reserves the right to deny or disconnect Customer’s ingest or

attempted ingest of video streams with resolutions or bitrates higher than those subscribed for provisioned slots.

MMD Live Standard Definition (SD) Slot Single Standard Definition (SD) ingestion provisioned to accept up to 576p resolution at 1800kbps bitrate (or lower).

MMD Live High Definition (HD) Slot Single High Definition (HD) ingestion provisioned to accept up to 720p resolution at 2400kbps bitrate (or lower).

MMD Live Full High Definition (FHD) Slot Single Full High Definition (FHD) ingestion provisioned to accept up to 1080p resolution at 4000kbps bitrate (or lower).

MMD Live Transmux Slot Multiple bitrate ingestion provisioned to accept up to 16000kbps aggregate bandwidth across up to 8 input bitrates.

https://developer.apple.com/streaming/fps/

Partner Document


4.4. Realtime Streaming Services

4.4.1. Realtime Streaming Levels Enterprise

Reporting & Analytics

Control Portal

Basic analytics

Key Features

Ingest, primary and backup

RTMP ingest

Unlimited streams

Custom stream naming

Custom video resolution and orientation

Custom video and audio bitrates

Stream provisioning API

Stream provisioning user interface

WebRTC and RTSP output protocols

Adaptive bitrate

HTML SDK

Priority playback (audio) Security

Ingest authentication and custom passwords

Secure delivery via Limelight certificate

Geo Fencing

MediaVault

CORS management

IP access control

4.4.2. Realtime Streaming Add-On Services Enterprise

Extended Feature Pack ▪ Fallback delivery via RTMP and HLS ▪ Fallback delivery with VP8 transcode ▪ WebRTC over TCP ▪ Shared objects

Mobile SDK for iOS and Android

4.4.3. Realtime Streaming Activation and Advanced Services Limelight Realtime Streaming Activation

▪ Implementation of Limelight Realtime Streaming and all its components ▪ In Scope: Order validation. Configuration. Welcome letter. Kickoff call and solution review. Training. Best

practices. Handoff to support team. ▪ Not in Scope: Web development training. Application development training.

4.4.4. Realtime Streaming Service Information Limelight Realtime Streaming provides delivery of live video to devices using the WebRTC protocol from a single video source and format.

4.5. Content Delivery Security Services

4.5.1. Secure Traffic Content Delivery Secure Traffic Premium

4.5.2. SSL Certificates SSL Certificates enable customers to securely deliver content via HTTPS using the Limelight Content Delivery Network (CDN). The following certificate types can be purchased and implemented within the CDN for Limelight Customers.

Partner Document


SSL Certificate ▪ Comodo-branded certificate for one (1) Fully Qualified Domain Name (FQDN) ▪ Can be purchased with Domain Validation, Organizational Validation, and Extended Validation options

SSL Wildcard Certificate ▪ Comodo-branded certificate for one (1) wildcard domain ▪ Can be purchased with Domain Validation and Organizational Validation options

SSL Multi-Domain Certificate ▪ Comodo-branded certificates from three (3) up to 250 domains ▪ Can be purchased with Domain Validation, Organizational Validation, and Extended Validation options ▪ Domain Validation and Organizational Validation

▪ SSL Multi-Domain Certificates must be purchased with a minimum of three (3) Fully Qualified Domain Names (FQDNs), three (3) wildcard domains, or three (3) domains that are a mix of both FQDNs and wildcard domains.

▪ Additional FQDNs and wildcard domains can be added to Multi-Domain certificates, up to a maximum of 250 domains in total.

▪ Domains with a Multi-Domain certificate can be replaced or removed. ▪ Extended Validation

▪ SSL Multi-Domain Certificates must be purchased with a minimum of three (3) FQDNs. ▪ Additional FQDNs and wildcard domains can be added to Multi-Domain certificates, up to a maximum of

250 domains in total. ▪ Domains with a Multi-Domain certificate can be replaced or removed.

Global Set of Dedicated VIPs (Virtual IP Addresses) Limelight reserves a global set of dedicated VIPs exclusively for Customer traffic. VIPs are generally used to enable customers to serve zero-rated/non-billable traffic to mobile networks, and once reserved, Limelight will not modify any such VIP without prior notice to Customer at least three months in advance.

Dedicated Global SSL Certificate Hosting

Dedicated Regional SSL Certificate Hosting Dedicated Regional hosting for North America, Europe, Asia Pacific, South America, Rest of World

SNI Global SSL Certificate Hosting

4.5.3. Content Delivery Security Add-On Services

Extra SSL Multi-Domain Certificates ▪ Additional domains can be purchased for existing Multi-Domain certificates.

▪ Extra Fully Qualified Domain Name (FQDN) certificate: Available with Domain Validation, Organization Validation, or Extended Validation

▪ Extra Wildcard certificate: Available with Domain Validation or Organization Validation

▪ An Extra SSL Multi-Domain certificate becomes invalid on the expiration date of the SSL Multi-Domain certificate to which it is added, regardless of any other terms associated with the purchase of either SSL certificate.

4.5.4. Content Delivery Security Activation and Advanced Services

Content Delivery Security Basic Implementation ▪ Implementation of Limelight Content Delivery Security services or SSL certificates ▪ Scope: MediaVault. SWF verification. RTMPE. Rate limiting. Secure traffic delivery. Customer-provided SSL

certificate. Limelight procurement of SSL certificate. Installation and validation of certificate.

Partner Document


4.5.5. Content Delivery Security Service Information

SSL Certificates SSL certificates come in two different versions: ▪ Limelight-provided SSL certificates: Customer is invoiced an Annually Recurring Fee for each SSL certificate.

In addition, a security implementation Fee will be charged for new certificates or for any update to an already purchased certificate.

▪ Customer-provided SSL certificates: Customer is invoiced a Fee for Security Basic Activation for the initial installation of the certificate and for any subsequent updates. As between Limelight and Customer, Customer must obtain a license to use the certificate on a CDN, maintain valid ownership of the domains contained on the certificate, and provide a new certificate to Limelight 30 days prior to the expiration of any existing certificate.

4.6. Cloud Security Services

4.6.1. DDoS Attack Interceptor (DAI) Service Basic Standard Premium

Detection of Layer 3/4 (Network) targeted Distributed DDos Attacks

Access to the DAI portal to view available data about Attack detections and mitigations

24x7 monitoring of the covered shortname/ AnyCast address for potential DDoS Attacks

Passive Mitigation of DDoS Attacks through CDN absorption methods when Attacks are not complex or large enough to be moved to scrubbing

Automatic mitigation by the Security Operations team of DDoS Attacks that occur

Up to 10 domains included per protected shortname

2 Test Failovers annually

Mitigations for DNS-Based, Active Mitigation of DDoS Attacks via globally distributed scrubbing centers within Limelight Networks PoPs

On-network scrubbing

Unlimited mitigations per month

4.6.2. Web Application Firewall (WAF)

WAF Requests Requests are any connection or hit to the WAF service

WAF Endpoints An endpoint is a unique hostname that is separately managed and has its own origin.

Web App Firewall

DDoS attack notification and alerts

Per-IP address rate limiting

CAPTCHA support

Custom WAF rules

Advanced WAF portal

IP Access control: Whitelisting/ blacklisting, geolocation

Bad Bot detection and mitigation

Active mitigation of Layer 7 DDoS attacks

24/7 security operations center monitoring

Fully managed white-glove service

Partner Document


4.6.3. Cloud Security Add-On Services DDoS AI

DDoS Additional 10 Domains package

DDoS Additional 100 Domains package

DDoS Unlimited Domains package

DDoS SSL Certificate Hosting

Web App Firewall

WAF SSL certificates

WAF API Security

WAF Advanced Bot Manager

Security Account Manager

Technical Account Manager

4.6.4. Cloud Security Activation and Advanced Services

Activation for DAI Basic Emergency

Configuration and provisioning of shortname and HTTP AnyCast within the DAI protected AnyCast ranges

Creation of the specialized DAI CNAME and associated DNS entries required for the product to function properly

Validation/ Implementation testing with Customer to move traffic to scrubbing to ensure that website is performing as expected during a scrubbing activation

All configuration and provisioning completed within 24 hours of a confirmed order

Activation for WAF Basic and WAF Emergency WAF Basic

Emergency

Configuration & Provisioning

Enterprise WAF onboarding (white-glove setup)

Installation of SSL certificates on CDN Edge and WAF (when required)

Configuration of WAF redirect when origin requests are made

Configuration of direct-to-origin failover mechanism if ever unavailable

CNAME generation

WAF Configuration Testing & Validation

Turn-up of configured rule sets

Report-only mode enabled

Block mode enabled

All configuration and provisioning completed within 24 hours of a confirmed order

Security Tailored Implementation Scope of Advanced Services is specifically defined in a Statement of Work (SOW).

Security Basic Implementation ▪ Fully Qualified Domain Names (FQDNs) and single wildcard SSL certificates or Customer-provided

certificates. ▪ Scope: MediaVault. SWF verification. RTMPE. Secure traffic delivery; Customer-provided SSL certificate and/

or Limelight procurement of SSL certificate. Installation and validation of certificate.

Partner Document


4.6.5. Cloud Security Service Information

DDoS Attack Interceptor (DAI) Assurance Limelight’s Policy regarding protection of non-DAI customers from denial of service attacks:

▪ Limelight may, but is not obligated to, use Passive Mitigation techniques in the ordinary course in an attempt to assist in the protection of a customer and/or the Limelight network from a DDoS Attack.

▪ Limelight reserves the right, at its sole discretion, to determine whether and how to undertake Passive Mitigation.

▪ Nothing in this policy will be deemed to limit Limelight's right to use Traffic Shaping in the event of a Traffic Spike, as set forth in the Terms of Service and Operative Documents.

▪ DAI services require either the Content Delivery Premier or Content Delivery Enterprise bundle and a minimum 12-month Term.

▪ Additional configuration changes (e.g. updating existing or adding new SSL certificates or adding domains to be protected) required by the Customer after initial provisioning are charged a Configuration Change Fee per request.

▪ Limelight does not invoice Customer for Traffic that is identified as malicious and ultimately removed during a Mitigation.

▪ DAI is a DDoS attack mitigation service designed to offer DDoS Attack detection and Mitigation so that an applicable Web site remains available. DAI endeavors to protect Customer assets, such as the Web site origin, from being impacted by DDoS Attacks by combining the CDN with globally distributed DDoS detection devices and scrubbing centers.

▪ Inclusions: Incoming DDoS Attack detection and customer notifications, active scrubbing for removal of malicious requests and Traffic (Mitigation), and access to the DAI user interface for real-time attack reporting. Limelight retains the right to modify this DAI description at any time.

▪ Exclusions: A DDoS Attack specifically excludes any distribution denial of service caused by Customer. ▪ Service definitions: See the Service Definitions section of Appendix A: Additional Terms for Limelight’s DAI

Products.

Provisions of DAI service: ▪ Following DDoS Detection and Alerting Deployment and/or Provisioning, applicable third-party vendor

provides the Service upon Customer’s direction of Traffic to the Limelight DAI Platform. Customer acknowledges that Deployment of the BGP Redirection Service may require configuration that takes several days and that in such instances, any activation of Services on an expedited basis requires deployment of the DNS Redirection Service rather than the BGP-based platform.

▪ The applicable third-party vendor calculates the Customer’s total amount of Clean Traffic by periodically measuring Clean Traffic bandwidth utilization running through the Limelight DAI Platform during each Mitigation Incident to confirm that Customer is within the total, contracted Clean Traffic amount. At the end of a measurement period (Mitigation Incident), the utilization measurements are ordered from highest to lowest, and the top five percent (5%) of the traffic measurements are discarded. The next highest measurement for inbound or outbound traffic is considered the ninety-fifth (95th) percentile Clean Traffic.

▪ In the event of a Mitigation Incident, any traffic directed to the Limelight DAI Platform that is not for a pre-Provisioned domain, protocol, port, or Endpoint will be blocked.

▪ In the event of a Mitigation Incident, Attack Traffic may be mitigated as far “upstream” as possible (including internet network provider access control lists [ACLs]). In such an event, the Customer is not assessed any Clean Traffic Overage Fees related to the volume of the Attack Traffic.

▪ The DAI Service may be Provisioned to protect up to ten (10) ports per domain for standard TCP-based application layer protocols, including: Web (e.g. HTTP, HTTPS), API (e.g. SOAP, XML, REST), Email (e.g. POP/POP3, SMTP, IMAP/IMAP4), Database (e.g. MySQL, MS SQL, Oracle), and Other (e.g. Telnet, SSH, FTP).

▪ The DAI Service includes Layer 4 rate limiting protection for HTTPS traffic Provisioned on the Limelight DAI Platform. Customer acknowledges that this Service does not open HTTPS packets for inspection, cleaning, or scrubbing unless the Customer has elected to purchase the HTTPS Packet Inspection service at the application Layer 7 level on a per-domain, per-SSL certificate basis. This optional service requires the Customer to provide Limelight and applicable third-party vendor with a second SSL certificate to be loaded onto the Limelight DAI Platform for the traffic that will be subject to HTTPS packet inspection. If the Customer elects this optional service, the Customer warrants that its provision of the SSL certificate and applicable third-party vendor use thereof does not violate any laws, security policies, or regulations.

▪ Support services are provided by the applicable third-party vendor in English only. ▪ Test Failovers must be scheduled forty-eight (48) hours in advance with applicable third-party vendor

customer support. Any Test Failover that exceeds a period of twenty-four (24) hours incurs an additional

Test Failover Fee. The applicable third-party vendor, at its sole discretion, has the right to reschedule a Test

Partner Document


Failover window as needed and will work with the Customer to schedule a new testing window as

appropriate.

Customer responsibilities for DAI services:

▪ Customer shall provide to Limelight and applicable third-party vendors all information requested in connection with the Provisioning Process, including that requested for each Endpoint prior to activation of the Services with respect to that Endpoint and for the DDoS Detection and Alerting services, where applicable.

▪ Customer shall provide Limelight and applicable third-party vendors with information on the Endpoints as requested by the applicable third-party vendor and other information the applicable third-party vendor requires in order to provide the Services, as well as access to the Endpoints in order to perform the Services.

▪ For BGP-based Service, Customer must provide a BGP- and GRE- capable device and properly configure such device.

▪ Customer acknowledges that in order for the applicable third-party vendor to provide the Services, Customer must first redirect traffic for the Endpoint to the Limelight DAI Platform.

▪ Customer acknowledges that operation and performance of the Services involves repeated filtering of traffic to the Endpoint and Customer expressly consents to the same. Customer hereby grants the applicable third-party vendor, for the Term, a non-exclusive, non-transferable, and royalty-free license to access the Endpoint and the internet traffic flowing thereto and any applications contained therein for the sole purpose of performing the Services.

▪ Customer is solely responsible for the direction of all internet traffic for an Endpoint for performance of the Services and redirection from the Limelight DAI Platform once a Mitigation Incident has ceased with Customer taking into account TTLs. Customer’s failure to redirect Traffic for an Endpoint away from the Limelight DAI Platform once a Mitigation Incident has ceased shall, if applicable, cause the Customer to incur additional Mitigation Incident Fees and, if applicable, Clean Traffic Overage Fees.

▪ During a Mitigation Incident, Customer will have access to a technical contact that speaks English with a degree of proficiency sufficient to enable Customer to interact with the applicable third-party vendor’s support team.

▪ Customer must route all Traffic for an Endpoint to Limelight DAI Platform during a Mitigation Incident.

Additional terms for Limelight’s DAI Secure Delivery Basic, Standard, and Premium products ▪ DAI will not prevent or eliminate every DDoS Attack. ▪ Customer must provide relevant and up-to-date contact information for multiple authorized persons who

are immediately available to Limelight in the event of a potential DDoS Attack (Customer Matrix). ▪ During any DDoS Attack or Mitigation, no warranty in any SLA between the parties for service degradations

(performance, availability, or otherwise) applies, regardless of whether Customer has made a Request for Mitigation.

▪ All Usage Fees and other Fees apply for increases in Traffic if Customer does not request a Mitigation. ▪ If Customer is experiencing a DDoS Attack and Limelight determines, in its reasonable business judgment

that the DDoS Attack may cause harm to the Limelight network or Limelight’s other customers, Limelight, in its sole discretion, reserves the right to send the Traffic to scrubbing or otherwise mitigate the DDoS Attack.

▪ If Limelight has not otherwise addressed a DDoS Attack, Customer must request Limelight to move to Mitigation (Request for Mitigation).

▪ Once a Request for Mitigation is made, Limelight will use its reasonable business judgment to determine how to execute a Mitigation of the DDoS Attack.

Additional terms for Limelight’s DAI Secure Delivery Basic and Premium products: ▪ In the event of a suspected attack, Limelight reserves the right, at its sole discretion, to place Customer

traffic into Mitigation without first contacting the Customer, unless the Customer has requested otherwise at the time the applicable DAI service is ordered.

WAF Cloud Security ▪ The WAF subscription is a per-company fee for the right to use the platform ▪ WAF services require either the Content Delivery Premier or Content Delivery Enterprise bundle. ▪ Customer must pass an Enterprise footprint cap check to use AnyCast VIPs. ▪ Minimum 12-month contract term ▪ Requests per month include hits from end users blocked by rules protecting the origin. ▪ Enterprise WAF onboarding (white-glove setup) is offered for the sixty (60) days following a signed contract,

unless noted and approved in advance.

Partner Document


Additional Terms ▪ Authorized Users means Customer’s employees who are authorized to utilize the Service and who are

identified to Limelight in writing. ▪ Documentation means all specifications, user manuals, and other technical materials relating to the Service,

which may be from a third-party reseller. ▪ Limitations: Customer may not permit any person to access and/or use the Service other than the

Authorized Users; introduce software or automated agents or scripts to the Service so as to produce

multiple accounts, generate automated searches, requests, and queries, or to strip or mine data from the

Service; cover or obscure any page or part of the Service via HTML/CSS, scripting, or any other means, if

any; or perform a load test, regression test, or penetration test without Limelight’s prior written approval.

▪ Usernames and Passwords: ▪ Limelight will provide each Authorized User a unique username and password to enable such

Authorized User to access the Service pursuant to the Terms of Service. ▪ Each Customer is entitled to have up to 10 Authorized Users unless agreed otherwise in writing.

Limelight reserves the right to change or update these usernames and passwords at Limelight’s sole discretion.

▪ Each Authorized User’s username and password may only be used to access the Service during 1 concurrent login session. ▪ Customer acknowledges and agrees that

▪ Only Authorized Users are entitled to access the Service with their assigned usernames and passwords provided by Limelight.

▪ Customer will provide to Limelight information and other assistance as necessary to enable Limelight to establish usernames for Authorized Users and will verify all Authorized User requests for account passwords.

▪ Customer will ensure that each username and password issued to an Authorized User will be used only by that Authorized User.

▪ Customer is responsible for maintaining the confidentiality of all Authorized Users’ usernames and passwords and is solely responsible for all activities that occur under these Authorized Usernames.

▪ Customer will notify Limelight promptly of any actual or suspected unauthorized use of any account, username, or password, as well as any other breach or suspected breach of the Order Form or the Terms of Service.

▪ Limelight reserves the right to terminate any username and password that Limelight reasonably determines may have been used by an unauthorized third party.

▪ Usernames and passwords cannot be shared or used by more than one individual Authorized User but may be reassigned to a new Authorized User who is replacing a former Authorized User who has terminated employment (or otherwise changed job function) and no longer uses the Service.

▪ Additional Customer Responsibilities: In addition to and not in lieu of Customer’s responsibilities under the Terms of Service, Customer shall be solely responsible for supporting and maintaining the availability of its Web site(s), the connectivity of its Web site(s) to the Internet, and all Customer Content, IP addresses, domain names, hyperlinks, databases, applications, and other resources as necessary for Customer to operate and maintain its Web site(s) to meet Customer’s business.

▪ Apps: Customer agrees and acknowledges responsibility when installing or utilizing certain third-party apps. These apps are provided “as is” and governed by their own terms of service and privacy policies as set forth by the third parties that provide them. Limelight does not endorse and is not responsible or liable for the services or features provided by these apps that Customer may choose to install. Customer acknowledges and agrees that Limelight is not responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any apps.

▪ Limelight may modify the Content of Customer’s web site(s) based on the features or apps enabled. For example, Limelight may detect email addresses and replace them with a script in order to keep them from being harvested, or Limelight may insert code to improve page-load performance or enable apps. Customer acknowledges that Limelight may, based on Customer’s settings: ▪ Intercept requests determined to be threats and present these requests with a challenge page. ▪ Add cookies to Customer’s domain to track visitors, such as those who have successfully passed the

CAPTCHA on a challenge page. ▪ Add script to Customer’s pages to, for example, add services, apps, or perform additional performance

tracking. ▪ Other changes to increase performance or security of Customer’s Web site(s).

https://www.limelight.com/terms-of-service/https://www.limelight.com/terms-of-service/https://www.limelight.com/terms-of-service/

Partner Document


▪ Limelight will make it clear whenever a feature will modify Content and, whenever possible, provide

Customer with a mechanism to disable the feature.

▪ Limited Warranty: Without limitation of Section 10 (DISCLAIMER OF WARRANTIES) of the Terms of Service,

during the Term, Limelight warrants that the WAF Cloud Security Service will materially conform to

Limelight’s then current documentation for the Service under normal use and circumstances. If Customer

notifies Limelight of a breach of warranty, Limelight will, at its option, either correct the nonconformity in

the Service or issue Customer a credit or refund of a portion of the Fees paid by Customer for the

nonconforming Service that fairly reflects the diminished value of the nonconforming Service. THE

FOREGOING CONSTITUTES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY BREACH OF WARRANTY.

4.7. Limelight Control ▪ Control portal: https://control.llnw.com ▪ Terms of Service: https://www.limelight.com/terms-of-service/

5. Dynamic Ad Insertion Dynamic Ad Insertion This technology enables advertisers to swap out ad creatives in linear, live, or video on-demand content.

Dynamic Ad Insertion Impressions Metrics used to quantify the number of times an ad is rendered

5.1. Dynamic Ad Insertion Support Levels Basic Advanced

Dynamic Ad Insertion Enterprise Support, up to 10 hours per month, 24x7 priority support, Slack channel integration

Dynamic Ad Insertion Enterprise Support, up to 20 hours per month, 24x7 priority support, Slack channel integration

5.2. Dynamic Ad Insertion Activation & Advanced Services Dynamic Ad Insertion Activation Customer implementation of the Dynamic Ad Insertion solution to meet specific needs of the customer

6. Activation Services ▪ Customer agrees that Limelight will begin Activation Services no later than 30 calendar days from the date of full execution

of the applicable Order Form. ▪ Activation Services will be completed no later than 60 calendar days from the date of full execution of the applicable Order

Form. ▪ Customer requests outside this timeframe or outside the scope of Activation Services require a separately executed Order

Form for additional Services.

7. Advanced Services ▪ Advanced Services includes a set number of hours of Advanced Services support and access to an Advanced Services team

member. Access is during normal business hours, in one time zone elected by Customer. Limelight Customer Support provides coverage all other times.

▪ An Advanced Services team member may provide Services onsite at Customer’s location provided Limelight and Customer agree in writing in advance. Customer bears the cost of all travel expenses in connection with Services provided onsite at Customer location unless Customer and Limelight otherwise agree in writing.

▪ At its discretion, Limelight Customer Support escalates issues to the Advanced Services team. ▪ Support hours are consumed by project plan or Rapid Reaction, as elected by Customer. ▪ Project plans will have a written Scope, mutually agreed in advance of work. ▪ Rapid Reaction utilizes hours at Limelight’s discretion for a faster response. ▪ All hours are tracked in 15-minute increments, and reports are available upon request.

https://www.limelight.com/terms-of-service/https://control.llnw.com/https://www.limelight.com/terms-of-service/

Partner Document


7.1. Advanced Services Tiers ▪ Advanced Services support is available in Bronze, Silver, and Gold packages.

Bronze Silver Gold

10 20 40 Consulting hours per month

Access to Advanced Services team member

Advanced Services and line manager contacts and escalation path

Virtual monthly business review conducted by an Advanced Services Delivery Manager (ASDM)

ASDM oversight and management of Advanced Services

▪ SLAs are not included. ▪ Unused hours expire at the end of each month. ▪ Certain customers may qualify for the Basic tier of Advanced Services.

7.2. Advanced Services Add-On Services Information for product-related Advanced Services can be found in the corresponding product’s Activation and Advanced Services section.

7.2.1. Ten Hours Consulting Ten (10) hours of consulting services, one time. Hours are consumed by project plan. Unused hours expire at the end of 30 days.

7.2.2. Live Event Monitoring ▪ Limelight Advanced Services provides tailored implementation services to meet the specific requirements of

the Customer. ▪ Scope, tasks, and deliverables are defined in a Statement of Work.

7.3. Analytics The Advanced Services team works with EdgeQueryTM resources to coordinate the design, implementation, and ongoing access to EdgeQueryTM services.

7.3.1. EdgeQueryTM (EQ) Custom Query Implementation Tailored implementation of an EQ query/ API reporting solution to meet specific Customer needs. Requires scoping.

7.3.2. EdgeQueryTM (EQ) Custom Query Data Storage & Retrieval EQ customer query/ API reporting; ongoing data storage and retrieval; requires scoping

7.3.3. EdgeQueryTM (EQ) Realtime Data Segment Storage & Retrieval Near realtime data subsets; based on hostname and URL patterns; displayed in the Traffic Report

7.3.4. EdgeQueryTM (EQ) Daily Data Segment Storage & Retrieval Daily data subsets; based on hostname and URL patterns; displayed in the Traffic Report

Partner Document


Appendix A: Service Definitions for Limelight’s DAI Products The terminology defined in this section applies only to DDoS AI products.

Terminology Definition Attack Attack Incident Attack Traffic

An incident in which malicious traffic (e.g. DDoS) is directed at an Endpoint that has been placed by Customer on the Limelight DDoS Attack Interceptor Service. The determination as to whether traffic is Attack Traffic is determined solely by applicable third-party vendor. An Attack Incident is measured in seventy-two (72) hour increments or portion thereof.

BGP Redirection Service DAI Service(s)

The Limelight DDoS Attack Interceptor Service, on-demand, Customer-activated, cloud-based service that “cleans” or “scrubs” certain malicious Attack Traffic from the Clean Traffic, directed at the Endpoint and, where applicable, any supplemental services

Clean Traffic The ninety-fifth (95th) percentile peak Mbps of legitimate (non-malicious) traffic going in to or out of the Limelight DDoS Attack Interceptor Service, which is processed by the DAI Service during a Mitigation Incident

Clean Traffic Overage Fee The fee, calculated on a per Mbps basis, which applies in the event that the Clean Traffic during a Mitigation Incident exceeds the amount of Clean Traffic for which Customer has contracted

Configuration Change Fee The fee that applies to any Configuration Change that is not performed on an expedited or emergency basis

Configuration Changes Customer-requested changes to the Limelight DDoS Attack Interceptor Service configuration, such as additions, deletions, and/or updates related to IP addresses, domain names, ports, and protocols

DDoS Detection and Alerting A service that accepts NetFlow management data from Customer routers for the purpose of monitoring and alerting Customer of suspicious traffic based on parameters established during the initial Provisioning Process

DDoS Detection and Alerting Deployment

Initial setup of DDoS Detection and Alerting Services for Customer

DDoS Detection and Alerting Deployment Consultation

A consultation regarding setup of DDoS Detection and Alerting Services

DNS Redirection Service DAI Service(s)

The Limelight DDoS Attack Interceptor Service, on-demand, Customer-activated (via a DNS change), cloud-based service that “cleans” or “scrubs” certain malicious Attack Traffic from Clean Traffic, directed at the Endpoint and, where applicable, any associated supplemental services

Emergency Configuration Change Fee

The fee that applies to a Configuration Change that, in response to a Customer request for emergency or expedited Provision, is performed within four (4) hours of applicable third-party vendor’s approval of Customer request

Emergency Deployment Fee The fee that applies to initial DDoS Detection and Alerting Deployment performed within four (4) hours of applicable third-party vendor’s approval of Customer request

Endpoint(s) The part of the Customer’s infrastructure for which Customer has activated the DDOS AI by directing traffic to the Endpoint onto the Limelight DDoS Attack Interceptor Service

Limelight DAI Service The applicable third-party vendor network to which Customer must direct traffic for an Endpoint in order to access DAI Services

Mitigation Incident An event wherein Customer has directed internet-based traffic for an Endpoint to the Limelight DDoS Attack Interceptor Service for the purpose of mitigating a DDoS Attack

Mitigation Incident Fee The fee, if applicable, assessed in the event of a Mitigation Incident that applies for every period of seventy-two (72) consecutive hours or a fraction thereof

NetFlow A method of examining incoming packets to determine whether traffic is legitimate or potentially Attack Traffic

Premium Deployment for DDoS Detection and Alerting Deployment

A service that includes Customer infrastructure evaluation and provisioning for DDoS Detection and Alerting Deployment

Provision(ing) To provision by Deployment or to make a Configuration Change and/or the process related to the DDoS Detection and Alerting Service

Provisioning Process Limelight’s process for Deployment and Configuration Changes and/or the process related to the DDoS Detection and Alerting service

Partner Document Appendix A: Service Definitions for Limelight’s DAI Products


Terminology Definition Router/ GRE Termination Point

The termination point that GRE tunnels terminates to on the Limelight DDoS Attack Interceptor Service

Test Failover An event in which Customer sends up to 200 Mbps of traffic to the Limelight Networks DDoS Attack Interceptor Platform over a twenty-four (24) hour period for the purpose of testing connectivity between the Endpoints and the Limelight DDoS Attack Interceptor Service

Test Failover Fee The fee charged for each Test Failover period of twenty-four (24) hours or fraction thereof

Partner Document B: Limelight Product & Service Feature Descriptions


Appendix B: Limelight Product & Service Feature Descriptions Product/Feature Description 24X7 Security Operations Center Monitoring

Daily threat intelligence monitoring, vulnerability and threat analysis, full threat simulation and regression testing

Access Control Allows for multiple service levels for different types of users (e.g. different site experiences for non-member, paid member, unpaid member)

Activation Services Activation Services provide dedicated resources to help customers implement key Limelight services, such as Origin Storage, Video Delivery, Web Acceleration, Security, and Content Delivery. Limelight Activation Services consist of consulting packages designed to help customers maximize the use of the Limelight Orchestrate Platform. From fine-tuning configuration settings to live training to workflow integration, customers can deploy their content quicker into the market with assurances that their CDN and Limelight Services configurations are optimal for their specific requirements.

Active Mitigation Any action taken by Limelight to move a Customer's incoming traffic to any authorized PoP for the purpose of defending against a denial of service attack with specialized equipment. This service is only available to customers of Limelight’s DDoS Attack Interceptor product line

Advanced Bot Manager

An add-on feature for Limelight’s Web Application Firewall. This module adds features such as human-interaction challenges and device fingerprinting to allow customers to more easily identify malicious bots that may be accessing their applications.

Advanced Services A suite of specialized consulting services designed to help customers better configure and provision individual services, deliver live events, and integrate services into their existing workflows

Anonymizer Blocking Provides control of anonymizer content by allowing or denying anonymizer access and specifying the level of certainty to apply when identifying anonymizers

API Security An add-on feature available with Limelight’s Web Application Firewall. This module builds a trusted connection between a client and WAF Application Security. It shields and protects the client's API service from being attacked.

ARC Light Custom rules executed by the Limelight Content Delivery Network (CDN) server handling user requests that make real-time modifications to speed connections to content, offloading complex data manipulations from the application infrastructure.

Backup Origin Support Configuration to automatically redirect to a secondary origin upon failure of the primary

Bad-Bot Detection and Mitigation

Incoming requests for content are challenged and fingerprinted to determine if the request was generated by bot/ scriptor human user

Basic tier of Advanced Services

For qualified customers, this bundle includes 5 hours of Advanced Services consulting per month and access to an Advanced Services team member.

CAPTCHA Support Protect Web sites against bots and scripts by requiring human logic

Chromeless Player The Chromeless player is a Limelight Video Delivery player with no user-exposed controls. This allows developers to customize the aesthetics through Flash integration and define the way the user interacts with the video. The Chromeless player is intended for experienced Web programmers that want to design their own video player on top of the Limelight Video Delivery backend. The same Player APIs that are available using the Player Builder are also available for use with the Chromeless player.

Content Delivery Content Delivery provides 24/7 online distribution (content residing on a user’s computer or other device and content streamed in real-time) to broadband and mobile Internet audiences of digital content libraries, including video, music, games, and software. This platform supports streaming media delivery workflows, including industry-standard media servers, protocols, and delivery formats.

Control Limelight Control is the Web-based portal and APIs that Limelight customers use to manage and configure their Limelight services and view activity, traffic, and other reports related to their use of Limelight services

Cookie-Based Authentication

URL authentication information is normally passed to MediaVault via URL query terms, which are appended to each protected URL. For HTTP requests, MediaVault can switch to using a cookie (instead of the URL terms) after the first request from a given user. The cookie is then read on each subsequent request, authentication is performed using the cookie data, and the cookie is updated with new expiration information as needed on each response.

Cross Origin Resource Management (CORS)

Allow multiple content sources while restricting sharing to designated origins

Partner Document Appendix B: Limelight Product & Service Feature Descriptions B: Limelight Product & Service Feature Descriptions


Product/Feature Description Custom Views (Sub Reports)

A Custom View is a filtered view of report data in Control. For a given account, a Custom View limits the displayed data based on whether or not the hostname or content URL matches a pre-defined pattern (URL restriction). A typical use case for Custom Views is to analyze traffic for specific content within an account. Custom Views are available to filter traffic for the following reports: Overview, Daily, Hourly, Hour of Day, Day of Week, Geography, CDN Efficiency, URL Reports, File Reports, URL Prefixes, User Agents, and Published Hosts. Custom Views can be applied either to Published URLs or Origin URLs, and may match any portion of the URL using a Regex pattern. Limelight creates Custom Views on request.

Customer Support Limelight’s first-level Customer Support Center staffed 24/7 to assist customers with issues or requests

DDoS Attack Interceptor

Detection, notification, and mitigation of DDoS attacks against Web sites and applications

DDoS Attack Notification and Alerts

When an attack is detected, Customers are alerted via an email so they can take appropriate measures to defend valuable assets.

Dedicated VIPs The dedicated virtual IP address(es) assigned to the Customer for use with Limelight products and services

Deep Link Prevention Deep-linking is the practice whereby a user obtains access to a URL that points to content and passes the URL to someone else not authorized to access the content (for example, someone who has not paid for your services). MediaVault ’s built-in URL protection ensures deep-link denial.

Device Detection Using Device Detection, Content Delivery can redirect requests at the CDN edge to ensure that the correct content is accessed for each device a Web application supports. Analysis of the user agent and the speed and type of connection being used enables context-specific content to be delivered to each user, and information about each request being made can be sent forward to the Web application infrastructure for dynamic content selection and delivery for every device.

Dynamic Content Content that must be generated at the time of request due to its nature, being timely, personalized, or unique, depending on the parameters used to request it. Dynamic content is always created and served by a content origin or application server, such as a Web server interfacing with a database or a content-management system.

EdgeQueryTM (EQ) Limelight’s data collection engine powered by an edge-based computing platform. EdgeQueryTM provides near-real-time aggregated data for many of the reports in Limelight Control and is also accessible to customers via REST API.

Endpoints A unique hostname that is separately managed and has its own origin

FairPlay® DRM Limelight Video Delivery offers a fully integrated and seamless Apple® FairPlay® DRM solution to protect the delivery of high-quality content on a variety of devices. FairPlay's DRM provides the capability to license, securely distribute, and protect playback of multimedia content on a variety of Apple products. To enable Limelight to use Apple FairPlay DRM on a Customer’s MMD-delivered content, the Customer must first apply for and receive an Apple FairPlay Streaming Deployment Package from https://developer.apple.com/streaming/fps/.

FLV Seek Support for jumping to a specific point within a Flash video file

Fully Managed White Glove Service

Limelight security experts assist in the setup and configuration of the WAF and its associated rules

Geo Fencing Control access based on geolocation

Geographic Blocking Provides control to allow or deny (whitelist or blacklist) access for each geographic country, region, or state specified as well as which parts of the content library are affected by each restriction

GET, HEAD, OPTIONS, POST

HTTP verbs (methods) supported by the CDN edge

Globally Distributed AnyCast Addresses

Ensure large attacks are distributed to multiple Limelight POP locations rather than a single POP for improved mitigation

Google Analytics Plugin

Allows you to integrate a Limelight Video Delivery player with an existing third analytics engine, such as Google Analytics

GZIP at the Edge Object compression at the CDN edge, enabling clients supporting compression to receive a compressed object

GZIP Pass-through Configuration options to request and cache compressed objects when requesting them from content origins

HTTP Header Manipulation

Customizing HTTP request and response headers to control content caching and improve analytics

HTTP VOD Streaming Configuration options for delivering HTTP VOD services, where the Customer’s infrastructure is acting as the content origin

https://developer.apple.com/streaming/fps/

Partner Document Appendix B: Limelight Product & Service Feature Descriptions B: Limelight Product & Service Feature Descriptions


Product/Feature Description Intelligent Ingest

Automatically migrates content from slower storage to Limelight Origin Storage Services using one or both of these modes: Load On Demand (upload automated based on audience requests) or Manifest Upload (upload automated based on a list of content)

Intelligent Ingest GB The number of successful uploads to Limelight Origin Storage completed using Limelight's unique Intelligent Ingest capability, measured in 1K units

Intelligent Ingest Requests

The number of gigabytes ingested to Limelight Origin Storage using Limelight's unique Intelligent Ingest capability

IP Access Control Customers can specify lists of IP addresses that should be whitelisted (allowed) and/ or blacklisted (denied) for specific Content Delivery configuration

Last-Mile Acceleration Accelerate content delivery between the client and the CDN edge through a variety of techniques including TCP optimizations, compression, and persistent connections

Live Logs Let you view your data as quickly as possible after it is available from the Limelight edge servers that deliver your content. Live Logs are available via FTP only. Live Logs data is received on a continuous basis, with most servers reporting hourly. Each edge server that delivers content generates a corresponding Live Logs file in the FTP folder. As new information is received from each edge server, the data specific to the Customer account is extracted, and the corresponding Live Logs file for the account is updated shortly thereafter.

Live Stream