MANAGED SERVICES FOR AWS - mediatemple.net · With Media Temple’s Managed Services for AWS, we leverage our human expertise and automation to provide architecture, optimization,

SERVICE GUIDE

MANAGED SERVICESFOR AWS

2

Account Management

Transferring AWS Accounts to Media Temple

Advisory

Fully Managed

Account and Data Ownership

Advisory

Fully Managed

Mixing Service Levels

Guidance with Authority

Disclaimer

Support

Service Delivery

Tooling & Automation

Add-on Services

10

10

10

10

10

Emergency

Urgent

Standard

11

11

11

6

5

8

9

7

Overview 6

Service Level Comparison 8

Managed AWS Service Levels 7

AWS Accounts 10

Response Time SLAs 11

8

7

9

7

Service and Support 12

Your Journey, Our Team

Ready

AWS Cloud Consultant

AWS Solutions Architect

Set

Onboarding Manager (OM)

Deployment Team

Go

Service Delivery Manager (SDM)

24/7/365 Support Team

12

12

12

12

12

12

12

13

13

13

TABLE OF CONTENTS

3

Application Load Testing

DevOps Services

Database Tuning

DevOps Maturity & Strategic Planning

Enhanced Security

SSH IP Allow List

Bastion Instance

VPN Instance

Site Malware Scanning

Audit Logging

21

21

21

21

21

22

Monitoring

Customer Runbooks

Incident Management

1) Communication

2) Incident Response (IR)

3) Resolution

4) Analysis

A Note on Complex Changes

Change Management

Change Management Process

Ongoing Management

Operating System Security Patching

Rollback

Backups

Restores

Account Reviews

Cloud Optimization

Communication

Tickets

Phone

Slack

AWS Escalations

13

13

13

13

13

Service Operations 14

Security 21

Professional Services 23

23

23

24

24

14

14

14

14

14

19

19

19

20

20

15

14

15

15

16

17

17

4

Emergency

Urgent

29

30

31

29

30

31

30

31

32

34

35

34

34

35

34

35

35

33

33

Compute

EC2

Storage & Content Delivery

Database

RDS

Networking & Content Delivery

Developer Tools

Management Tools

Security, Identity, & Compliance

Analytics

Artificial Intelligence

Mobile Services

Application Services

Messaging

Business Productivity

Desktop & Application Streaming

Internet of Things

Contact Center

Game Development

Appendix A: RACI matrix (customer vs. MT responsibility) 25

Appendix C: Supported AWS Services 29

Appendix B: Process for support requests and incident management 28

Appendix D: Default monitoring 36

Appendix E: Default alarms 37

37

37

5

DISCLAIMERSince we’ll add new features and you may add new applications and software to your cloud, it’s important that we

inform you up front what Media Temple’s support entails and what it doesn’t. While this guide doesn’t constitute

a binding agreement by you or Media Temple, it does outline the guidelines of your Media Temple service to help

ensure we’re both operating off the same expectations. That said, this guide is subject to change at any time at the

sole discretion of Media Temple without notice to you. For complete terms governing the services described herein,

please refer to the Managed Services Agreement: x.co/mtawstos.

6

OVERVIEWAs businesses increasingly commit to the cloud, it’s essential to have expertise devoted to harnessing its intricacies

and potential.

Maybe you want to focus on the core competencies of your business or maybe you simply don’t have cloud expertise

in house: Either way, Media Temple helps you get the most out of your cloud investment, reducing the burden on

your team and creating a custom solution for your business.

With Media Temple’s Managed Services for AWS, we leverage our human expertise and automation to provide

architecture, optimization, security, and 24/7/365 live support for your cloud.

Media Temple empowers you to utilize the cloud more effectively and with the assurance that experts are

on your side.

Our support for digital agencies and enterprises extends over two decades in web hosting, providing a foundation

of experience and culture suited to transitioning your business to the cloud. In this new era, our AWS certifications

reach across our team and our long adherence to DevOps methods gives us an edge over those just picking up on the

latest buzzword.

Most importantly, we’re dedicated to applying this expertise specifically toward your business objectives. Our

guidance comes with refined knowledge of the particulars of AWS: Utilizing its best practices, we work to build well-

architected, secure solutions to accommodate your unique requirements. We understand the challenges you’ll face

and the opportunities you have. So, in getting you to proven solutions, our guidance is both clear and decisive.

GUIDANCE WITH AUTHORITY

7

MANAGED AWS SERVICE LEVELSBased on the degree of support you need from Media Temple, we offer two service levels.

With our Advisory service level, you get access to our tooling and guidance

while you manage your AWS cloud on your own. Whether you have existing AWS

proficiency or are building it, the Advisory service level gives you full control, with

our specialized expertise available when you get stuck.

Hands-on device management and services like monitoring and patching aren’t

included. If you want Media Temple to provide hands-on management of your cloud

and its infrastructure, you can move to our Fully Managed service level at any time.

Our Fully Managed service level takes the nitty-gritty work of managing your

AWS cloud off your hands and puts it into the care of Media Temple’s experts.

We’ll handle architecture, deployment, security, and optimization, while delivering

24/7/365 operational support.

You can trust that we’ll have a close eye on your infrastructure, with a goal of

catching, communicating, and fixing issues before you even notice them. The Fully

Managed service level gives you the most direct application of our decades of

support experience and AWS expertise.

ADVISORY

FULLY MANAGED

MIXING SERVICE LEVELSIn case areas of your business have distinct needs, you can have a mix of Advisory and Fully Managed

accounts. However, individual AWS resources can’t be split between accounts. We’ll help figure out the

best way to structure your accounts during onboarding.

8

ADVISORY FULLY MANAGED

Onboarding ManagerPersonal contact, providing onboarding assistance and project management as you get up and running on AWS

• Yes, onboarding call only, to gather business and technical requirements • Yes

Service Delivery ManagerPersonal contact for ongoing account and billing management, including technical and business assistance

• Yes, Service Delivery team • Yes, dedicated point of contact• Regular account reviews

AWS account and escalation management • Yes • Yes

SERVICE LEVEL COMPARISONSUPPORT


Support for AWS servicesSupport from AWS-certified engineers for AWS-related issues

• Yes• Assistance with AWS console

• Yes• See Appendix C: Supported AWS

Services

Initial response time SLAs • Standard: 8 hours• Emergency: 15 minutes• Urgent: 2 hours• Standard: 8 hours

Solution architectureAWS & Media Temple best practices and guidance

• Ongoing consultation• Ongoing consultation• Custom code tailored to your specific

use case

Monitoring • N/A• CloudWatch alarms• Panopta (uptime)• Additional 24/7 monitoring

EC2 operating system management• AMZ• RHEL• Ubuntu LTS

• N/A

• Deployment• Configuration• Management• Optimization• Patching

SERVICE DELIVERY

9

TOOLING & AUTOMATION

ADD-ON SERVICES


Customer portal • Yes • Yes

Infrastructure-as-code templates • Curated CloudFormation templates• CodeDeploy templates

• Curated CloudFormation templates• CodeDeploy templates• Custom templates

Automatic support tickets from Emergency and Urgent alarms • N/A • Yes

Patch management • N/A • Yes

Migration assistanceGuidance, tooling, onboarding, project Management

• Yes • Yes


Migration services • N/A • Add-on

DevOps strategy & services• Application optimization• DevOps best practices• CI/CD

• N/A • Add-on

Application load testing • Add-on • Add-on

Custom professional services • Add-on • Add-on

Our service levels focus on your AWS infrastructure. However, some application-side services are available at an

additional cost.

10

AWS ACCOUNTS

Your existing AWS account will be consolidated as a member account under Media Temple. You’ll have full access to

the AWS console with the exception of Billing and AWS Support. Everything else remains the same.

If you already have a running AWS environment, we’ll work with you to re-architect and migrate your existing

platform to one built to Media Temple’s best practices. This allows us to actively manage and optimize it.

If you leave, you will retain ownership of all your data plus the AWS architecture and configuration.

ADVISORY

FULLY MANAGED

Once you’re a Media Temple customer, an AWS account will be created for you. This member account belongs to you,

and you can delink the account from Media Temple at any time if you no longer need our support.

We will be your liaison with AWS for all your needs, so we’ll escalate any and all AWS support issues on your behalf.

You’ll also receive access to our account management dashboard and tools.

ACCOUNT MANAGEMENT

TRANSFERRING AWS ACCOUNTS TO MEDIA TEMPLE

ACCOUNT AND DATA OWNERSHIP

11

RESPONSE TIME SLAs

Initial response time: <15 minutes

If an AWS infrastructure issue halts your business operations (e.g. your site is no longer accessible to customers), we’ll

be notified by automated alerts and guarantee an initial response in under fifteen minutes.

Initial response time: <2 hours

If your AWS services are degraded or have exceeded their defined thresholds, an Urgent ticket will be created and we

guarantee an initial response in under two hours.

Initial response time: <8 hours

For any assistance you might need, whether it’s configuration, a non-immediate task, or just information, you can

raise a Standard ticket and we guarantee an initial response in under 8 hours. All tickets for the Advisory service level

fall under this SLA.

EMERGENCY

URGENT

STANDARD

Fully Managed only

Fully Managed only

Advisory only Fully Managed only

12

SERVICE AND SUPPORT

A successful journey in the cloud calls for an array of tasks, from planning and assessment to management and

optimization. There’s a lot to be done, but Media Temple makes it a smooth, transparent experience. Our goal is for

your journey to be as simple as: Ready. Set. Go.

YOUR JOURNEY, OUR TEAM

READYYour day-one decisions can influence the options you have on day one hundred. So, at this stage we prepare you for

the shift and plan your new cloud.

AWS Cloud Consultant

With a strong understanding of the cloud, you’ll get more from it. Your AWS Cloud Consultant explains

how your environment will work and ensures you’re comfortable with any new concepts.

AWS Solutions Architect

Your AWS Solutions Architect custom designs infrastructure based on your application. By collaborating

with you in establishing requirements and goals, your architect maps out how your cloud will achieve

scale, security, and performance.

SETRest easy knowing Media Temple works through the details in transitioning you to your new cloud. In this stage, we

deploy your AWS cloud and help ensure our relationship is set for success over the long term.

Onboarding Manager (OM)

Your Onboarding Manager is your primary point of contact. As your guide during the transition from an

idea to infrastructure, your Onboarding Manager will lead an onboarding call, work with you to create

runbooks, and provide project management.

Deployment Team

Media Temple’s AWS Deployment Team builds the environment your Solutions Architect has designed for

you. The team’s DevOps engineers will work to solve the technical challenges of getting your cloud into

production.

13

GOWith your application live in the cloud, our team continues to manage and optimize your environment. As new

technologies become available and new challenges are revealed, we’ll work with you to make your cloud even better.

With your application live in the cloud, our team continues to manage and optimize your environment. As new

technologies become available and new challenges are revealed, we’ll work with you to make your cloud even better.

Service Delivery Manager (SDM)

Once onboarding is complete, your Service Delivery Manager takes over as your point of contact.

Performing regular account reviews with you, they’ll build a deep understanding of your business

objectives and guide any optimizations.

24/7/365 Support Team

Your cloud is in good hands every minute of every day: Our AWS support engineers are available

24/7/365. If issues arise, you can be confident our team will be here to help solve them.

TICKETSOur ticketing system is our primary means of communication, plus it acts as a repository of information

about your account. Each ticket represents a problem to be addressed or decision that’s been made.

PHONEOur AWS support engineers are available for phone support 24/7/365.

SLACKThere may be stages through the life of your account where increased communication is important. For

those stages, we provide a dedicated Slack channel for fluid messaging.

COMMUNICATION

AWS ESCALATIONIncidents and escalations will be managed by us directly with Amazon Web Services.

14

SERVICE OPERATIONS

Media Temple uses New Relic, Panopta, CloudWatch, and other industry-leading platforms to monitor and maintain

your application’s infrastructure. In addition to our default monitoring and metrics configuration, your OM and SDM

will work with you on your specific monitoring requirements while adhering to best practices.

As part of our onboarding process, Media Temple will work with you to tailor the incident management process to

meet your business and technical requirements. As part of your ongoing service delivery, we will audit these books

during regular account reviews.

Media Temple prioritizes our customers’ uptime. We’ve built a streamlined incident-management process that

ensures you receive a rapid and consistent response.

MONITORING

CUSTOMER RUNBOOKS

INCIDENT MANAGEMENT

1) COMMUNICATIONWhen an incident arises, the Media Temple team raises a ticket. This contains all relevant information and is updated

regularly to ensure you remain informed.

3) RESOLUTIONOnce the service disruption has been remediated and your infrastructure is reporting normally, we’ll let you know if

any steps are needed at the application layer. The ticket remains open until you give your approval that the incident

has been resolved to your satisfaction.

2) INCIDENT RESPONSE (IR)We respond to each incident in accordance with the SLAs outlined earlier. Using your runbooks, we work to resolve

the issue based on your organizational and technical guidelines, including:

• Who should be informed

• What information is important

• Which sites/applications take priority

When problems need to be escalated, we follow a clear procedure to pull in resources and remediate service

disruptions quickly.

15

As AWS evolves, we’ll find opportunities to innovate and optimize your cloud. Our Managed Services for AWS

solution helps you manage changes with minimal impact to business.

Your SDM is your main technical consultant and will work with you to define the objective, evaluate options,

coordinate resources, and oversee the process.

For clarity and organization, each change to your AWS infrastructure will generally be tracked and documented in its

own ticket.

CHANGE MANAGEMENT

4) ANALYSISOnce an incident is closed, our support team will work with you to analyze the root cause. For example:

• What happened?

• Why did it happen?

• What resolved the issue?

• How can the issue be prevented in the future?

A NOTE ON COMPLEX CHANGESIn some cases resolution and prevention can involve complex changes to your cloud infrastructure

and/or recommendations to optimize your application. In these cases, Media Temple will use our

change-management process to minimize the impact on your business.

16

CHANGE MANAGEMENT PROCESS

CUSTOMER SDM SUPPORT

REQUEST

PLAN + ASSESS + DESIGN

APPROVAL

IMPLEMENTATION

CONFIRMATION & DOCUMENTATION

CUSTOMERCHANGE REQUESTED

CHANGE/REQUESTCONFIRMED

TICKETCREATED

REVIEWED BYSOLUTION ARCHITECT

DEPLOYMENT &ROLLBACK DOCUMENTED

CHANGESCHEDULED

CHANGEIMPLEMENTED

ROLLBACK

TICKET UPDATEDACCOUNT RECORDUPDATED

APPROVED

SUCCESS

CHANGECANCELLED

CHANGECOMPLETED &DOCUMENTED

17

OPERATING SYSTEM SECURITY PATCHINGMedia Temple’s scope of support for patching is limited to updates for server OS and core services (i.e. Apache, PHP

etc.).

We categorize each update by the severity of the security issue – as defined by AWS – and by its impact.

ONGOING MANAGEMENT

EXPECTED IMPACT OF UPDATE (TO UPTIME)

IMPA

CT

High Outage greater than 20 minutes

Medium Outage of 1 to 20 minutes (e.g., update to NFS)

Low Outage of less than 15 seconds (e.g., update to RDS)

Very Low No outage expected (e.g., update to instances in an Auto Scaling Group)

18

If a security alert is applicable to your infrastructure, Media Temple will handle the change based on the guidelines

stated in the following table.

SEVERITY

Critical Important Medium/Low

IMPA

CT

High

Media Temple will attempt to notify customer at least 24 hours in advance, unless we deem it’s an immediate threat and at that point we will attempt to patch it as soon as possible.

Customer is not able to delay update.

Update will generally be applied during the next maintenance window.

Media Temple will attempt to notify the customer that the update is complete.

Media Temple will attempt to notify customer at least 24 hours in advance.

Customer is able to delay update for up to one month.



Update will generally be applied during subsequent build or quarterly review.

Medium






Customer is able to delay update for up to one month.




Low





Very Low


Update will generally be applied during Media Temple’s regular business hours.

Update will generally be applied during Media Temple’s regular business hours.


19

BACKUPSBy default, instances are backed up using the following methods:

Backups can be tailored to your technical and organizational needs, but custom methods might be subject to an

additional cost.

RESTORESYou can request restores via our ticketing system by including specific instructions on which backup should be

restored and where it should be placed.

Your scheduled maintenance window will occur weekly during a two-hour time period you’ve chosen (by default, this

will be 1am to 3am in your timezone).

Because AWS can add and remove instances from an Auto Scaling Group, Very Low impact updates can be performed

without interruption to your site or application. However, you can request that Very Low impact updates be done

during the assigned maintenance window.

ROLLBACKIn the event that an update fails, Media Temple will switch back to an earlier Amazon Machine Image (AMI)

or revert the configuration to an earlier working state. In this event, we’ll let you know why the rollback

happened and what was done to restore functionality.

Elastic Block Storage (EBS) Daily snapshots stored to S3 bucket with 7-day retention.

Amazon Relational Database (RDS)Continuous backups and daily snapshots (allowing restore from any point in time)

with 7-day retention.

Elastic File System (EFS) Daily duplication to a secondary EFS volume with 7-day retention.

20

ACCOUNT REVIEWS

CLOUD OPTIMIZATION

To ensure we’re meeting your requirements and maximizing the return on your cloud investment, we’ll conduct

regular account reviews with you.

These sessions are an opportunity for you and your SDM to review the following data:

• Optimization for cost, performance, and availability

• Support tickets

• Monitoring alerts

• Change management

• Infrastructure performance

• Application performance

• New AWS products and services

• AWS best practices

• Product roadmap

These account reviews are key touchpoints to measure Media Temple’s progress in helping you meet the business

objectives you’ve defined. We call it Continuously Improving Service Delivery.

We’ll use all available data to take a holistic look at your application and infrastructure, suggesting ways to:

• Lower costs

• Improve performance

• Increase uptime

We handle changes to your infrastructure, while providing guidance to your development team to maximize the

return on your cloud investment. For example, offloading compute tasks to Lambda could be found to reduce

complexity and cost.

21

There are a number of modifications that can be made to your AWS infrastructure at your request that will enhance

security.

SSH IP ALLOW LISTBy default, web instances are configured to accept SSH connections from the public Internet. All instances are

configured with Fail2ban brute-force-detection software, which blocks IPs that repeatedly fail to authenticate.

An additional level of protection can be achieved by configuring a set of IPs that are allowed to connect, thereby

blocking all unauthorized access.

BASTION INSTANCEA further level of protection can be achieved by using a bastion instance. With this, all SSH access goes through a

dedicated instance – which may also have an IP whitelist – and all access to web instances is blocked from the public

Internet.

VPN INSTANCESimilar to how a bastion instance allows for concentrated access to your infrastructure, a VPN allows your local

desktop to access all services (SSH, web, database) directly over an encrypted connection. With this in place, the only

port open to the public internet is the VPN port, and an IP whitelist can be applied for even more protection.

SITE MALWARE SCANNINGFor malware and exploit protection, we can set up services to scan your application code regularly and clean up any

issues found.

ENHANCED SECURITY

The safety of your data and code is essential. To protect it, AWS has developed an extensive set of security guidelines.

All advice and architecture you receive from Media Temple adheres to those guidelines and our own best practices.

Some examples of our practices:

• All resources (e.g. RDS instances) that do not need to be accessed from the public Internet are placed in private

subnets, eliminating the possibility of unauthorized access.

• IAM permissions are granted at a granular level so that each resource that needs access is given the least possible

permission to accomplish its tasks.

• All logs are sent from individual instances to CloudWatch Logs, allowing for analysis.

• CloudTrail logging is enabled on every account, so every API call is logged and available for auditing and analysis.

SECURITY

22

AUDIT LOGGING

By default, CloudTrail is enabled on every account. This service logs detailed information about every action taken

via the web console, command line, and API, no matter if the action was initiated by a human or an AWS service. This

allows for near-real-time monitoring of the activity in your account as well as examination of past activity in the event

of an outage or unauthorized access.

CloudTrail logs are saved to an S3 bucket and are available when needed.

23

APPLICATION LOAD TESTING

DEVOPS SERVICES

These services are available at an additional cost.

PROFESSIONAL SERVICES

Using the parameters you give us, we can provide Load Testing and a report of the results. Most tests will focus on

these questions:

• How many concurrent requests can the base (unscaled) infrastructure support?

• Will the infrastructure support x number of requests?

If required, we’re able to script and test complex operations such as cart checkout or search/form submission.

The tool we use to perform the test depends on the request parameters.

Media Temple can provide guidance and configuration on custom DevOps services utilizing AWS services, including:

• CodeDeploy

• CodeCommit

• CodePipeline

• CodeBuild

Which services you choose depends on your goals. Simple configurations generally include only CodeDeploy – for

deploying applications from S3 or a Git repository (CodeCommit, GitHub, BitBucket, etc) – but more complex

configurations can use a complete pipeline with all services.

24

If your database is routinely running out of capacity or unable to handle the load of your application, we can provide

best-effort advice on how to enhance, tune, or modify database-related resources to improve performance.

Modifications may include moving to a different database engine or instanced size, query modification, query

splitting, index tuning, and database-parameter tuning.

• The time spent investigating and providing advice will be billed hourly and doesn’t guarantee

any specific outcome.

• If we feel we’re unable to provide any meaningful advice after our investigation, we’ll notify you

and stop the work.

• If Media Temple can’t provide a satisfactory outcome, we can recommend third-party vendors that

may be able to help further.

DATABASE TUNING

DEVOPS MATURITY & STRATEGIC PLANNING

Media Temple’s team is comprised of first-class developers and DevOps engineers. If you’re looking to reach your

own maturity as a DevOps culture, we can help with:

• Information about principles, benefits, and tooling

• Analysis of your existing DevOps practices

• Development of a roadmap to reach your DevOps goals

• Guidance as you work to reach those goals

25

APPENDIX ARACI MATRIX: CUSTOMER VS. MEDIA TEMPLE RESPONSIBILITY

R Responsible A Accountable C Consulted I Informed

FULLY MANAGED SERVICE LEVEL ACTIVITIES MEDIA TEMPLE CUSTOMER

Assessment & Discovery

Understanding business objectives

Understanding current challenges

Scheduling and conducting a discovery call

Design & Architecture

Define architecture options to be considered (e.g. EC2 vs. S3, etc.)

Decide on presented architecture from Media Temple

Generate logical diagrams for proposed architecture

Generate detailed code to deploy infrastructure

Author detailed environment documentation

Infrastructure Build

Create, test and deploy infrastructure (See Appendix C – Supported AWS Services)

Infrastructure and configuration validation based on customer requirements

Configure & test WAN connectivity (site-to-site VPN)

Configure alarms and monitors for AWS instances

Configure application runtimes

Configure resource tagging for infrastructure

DNS configurations

Network And Access Security Implementation

Create, test, and apply IAM roles and policies

Create, test, and apply security groups and NACLs

Operating system user management

C

C

C

R A I

R A I

R A

R A

I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

R A CR I

CR IR A

C I

26



Network And Access Security Implementation

Malware detection & removal (Sucuri)

Antivirus

Application Implementation

Creation of golden AMIs

Configure bootstrapping of supported OS using CloudFormation

Arrange extended scope application engagement (Pro Services, service add-ons, etc.)

Migration of application data

Database schema creation, migration, and import

Development and deployment of configuration management artifacts (Chef, Salt, Ansible, etc.)

Creation and management of continuous integration and continuous deployment pipelines

Monitoring

Configuration of OS monitoring (CloudWatch, Panopta)

Configuration of AWS service monitoring (CloudWatch) incl. VPC, EC2, RDS, SQS, ElastiCache, DynamoDB

Configuration of base app monitoring (e.g. Apache, NGINX, SQL)

Configuration and management of log aggregation (e.g. Splunk, CloudWatch, Syslogs)

Configuration of application performance monitoring (e.g. New Relic, AppDynamics, etc.)

Patching

OS patching

3rd-party patching system

(Supported) Application patching

R CA I

CR A I

CR A I

CR A I

CR A I

CCR A I

R A

R A

R A

C I

R AC I

R AC I

R AC I

C I

CR A I

CR A I

CR A II

CR A II

CR A II

CR I

27



Support Operations

24/7/365 support

Definitions of alarm triggers, thresholds, and remediation

Configuration of standard alarms

Configuration of custom alarms

SNS configuration (for standard CloudWatch alarms)

CloudWatch logs configuration & management

Response to alerts to meet SLAs

Backups & Replication **

EBS snapshot backup management

EBS snapshot restores

File-level backup and retrieval

S3 lifecycle policy creation and optimization

DynamoDB cross-region replication

RDS database backups & replication

Service Delivery

Provide named Service Delivery Manager resource

Conduct periodic account reviews

Identify opportunities for cost and performance optimization

Consolidate billing across AWS accounts

Consolidate AWS Console user management across AWS accounts

Provide escalation management to AWS if needed

CR A I

CR A I

CR A I

CR A I

CR A I

CR A I

C

C

C

R

R

R

A I

R A

A

C

C

C R

R

I

I

A C I

A C I

I

R A CC R II

R A CC R II

C I

CR A I

CR A I

CR A I

C CR A I

C CR A I

C CR A I

**Customer is accountable for validating work Media Temple is performing around backups and replication activities. Media Temple is not liable for ensuring integrity of customer data. Regular testing and validation of backed up data should be a part of a customer’s ongoing Disaster Recovery and Business Continuity Planning.

28

APPENDIX BPROCESS FOR SUPPORT REQUESTS AND INCIDENT MANAGEMENT

CREATETICKET

FOLLOW STANDARDSUPPORT GUIDELINES

FOLLOWRUNBOOK

INFORMCUSTOMER

CUSTOMERINITIATES

MEDIA TEMPLEINITIATES

RUNBOOKEXISTS

ESCALATIONREQUIRED

CUSTOMERCONFIRMS ISSUE

RESOLVED

ISSUERESOLVED

ISSUEDOCUMENTED

UPDATETICKET

YES

YES

NO

NO

YES

NO

ESCALATE TOENGINEERS

29

Comprehensive Support Media Temple has significant support expertise and has developed specific support tooling and services.

Best-effortBest-effort activities will be made to resolve issues but with no guarantee of resolution, and with

escalation management to Amazon where required. Over time, best-effort features may transition into

comprehensive support.

APPENDIX CSUPPORTED AWS SERVICES

CATEGORY COMPREHENSIVE SUPPORT BEST-EFFORT SUPPORT

Compute

EC2

Instances (individual)

AMIs

EBS Volumes

Security Groups

Load Balancers

Auto Scaling Groups

EC2 Container Service

Lightsail

Elastic Beanstalk

Lambda

Batch

30


Storage & Content Delivery

S3

Glacier

EFS

Storage Gateway

Snowball

Snowball Edge

Snowmobile

Database

RDS

MySQL/MariaDB

PostgreSQL

Aurora

Oracle

SQL Server

DynamoDB

ElastiCache

RedShift

31


Networking & Content Delivery

VPC

Direct Connect

Route 53

CloudFront

Developer Tools

CodeCommit

CodeDeploy

CodePipeline

CodeBuild

CodeStar

X-Ray

AWS CLI Tool

Management Tools

CloudWatch

CloudFormation

CloudTrail

Config

32


Management Tools

OpsWorks

Service Catalog

Trusted Advisor

Personal Health Dashboard

Security, Identity, and Compliance

Cloud Directory

IAM

Inspector

Macie

Certificate Manager

CloudHSM

Directory Service

KMS

Organizations

Shield

WAF

33


Analytics

Athena

EMR

CloudSearch

ElasticSearch

Kinesis

Redshift

Quicksight

Data Pipeline

Glue

Artificial Intelligence

Lex

Polly

Rekognition

Machine Learning

Apache MXNet

TensorFlow

34


Mobile Services

Mobile Hub

Cognito

Pinpoint

Device Farm

Mobile SDK

Application Services

Step Functions

API Gateway

Elastic Transcoder

Messaging

SQS

SNS

SES

Business Productivity

Chime

WorkDocs

WorkMail

35


Desktop & Application Streaming

Workspaces

AppStream

Internet of Things

IoT Platform

Greengrass

IoT Button

Contact Center

Connect

Game Development

GameLift

Lumberyard

36

APPENDIX D

Instance CPU Utilization CPU utilization of a single EC2 instance

Instance Memory Utilization Memory utilization of a single EC2 instance

Instance Disk Space Utilization Percentage of disk space in use

Instance Credit Usage How many CPU credits the node is using

Auto Scaling Group CPU Aggregate average CPU across an entire ASG

Auto Scaling Group Size Number of instances in an ASG

Relational Database Service CPU CPU utilization of a single RDS instance

Relational Database Service Memory Memory utilization of a single RDS instance

DB Cache Request Count Stats on the number of requests sent to cache

DB Cache Hits/Miss Ratio Cache hit/miss ratio to show cache use

Elastic Load Balancing Healthy Host Count Monitors the number of healthy instances registered with your load balancer

Network In/Out Amount of ingress and egress traffic

CloudFront Traffic Total amount of traffic being served from CloudFront

CloudFront Hit/Miss Ratio Analysis of CloudFront caching effectiveness

Forecasted Cost Projected cost

DEFAULT MONITORING

Additional health checks can be added based on your objectives. Please discuss these requirements with your

Solutions Architect or Service Delivery Manager (SDM).

37

APPENDIX EDEFAULT ALARMS

These alarms are grouped by the response time SLAs associated with them.

EMERGENCY

URGENT

ALARM DESCRIPTION

Site unreachable for 5 minutes External monitoring via Panopta, checked every 60 seconds

ALARM DESCRIPTION

RDS CPU > 90% for 5 minutes RDS instance average CPU utilization greater than 90%

RDS Disk < 5G for 5 minutes RDS instance free disk space below 5G

ASG instances < 2 from limit for > 30 minutes Count of instances in an ASG is approaching the limit (i.e. would alert when there are 8 instances in an ASG with an upper limit of 10)

EBS Snapshots > 1 day old EBS snapshots are done on a daily basis. If one is missed, this alarm fires

© MEDIA TEMPLE INC. | PRIVATE AND CONFIDENTIAL: FOR AWS CLIENT ONLY

Documents

MANAGED SERVICES FOR AWS - mediatemple.net · With Media Temple’s Managed Services for AWS, we leverage our human expertise and automation to provide architecture, optimization,