Service Description · Cloud Hosting OFFICIAL Infrastructure as a Service Date: 21/05/2019 Six Degrees Technology Group Limited CLIENT CONFIDENTIAL Page 1 of 106

Cloud Hosting OFFICIAL Infrastructure as a Service

Date: 21/05/2019

Six Degrees Technology Group Limited CLIENT CONFIDENTIAL Page 1 of 106

Service Description Cloud Hosting

OFFICIAL Infrastructure as a Service

G-Cloud 11



Contents

Six Degrees OFFICIAL Infrastructure as a Service (IaaS) Overview .......................................................................... 8

General ................................................................................................................................................................................ 8

Green IT .......................................................................................................................................................................... 8

IaaS Services ..................................................................................................................................................................... 8

Compliance .................................................................................................................................................................. 10

Definitions ......................................................................................................................................................................... 10

Public Sector Cloud .............................................................................................................................................................. 11

Public Sector Cloud Architecture ................................................................................................................................. 11

OFFICIAL Vulnerability Management & Protective Monitoring .............................................................................. 12

Platform Options .............................................................................................................................................................. 13

Community Cloud ............................................................................................................................................................. 15

Network ......................................................................................................................................................................... 15

Internet Breakout ........................................................................................................................................................ 17

Managed WAN ............................................................................................................................................................. 17

DDoS Mitigation ........................................................................................................................................................... 17

PSN Connectivity ........................................................................................................................................................ 17

Purchasing Model ........................................................................................................................................................ 17

Management of Resource Pools .............................................................................................................................. 19

Named Servers ........................................................................................................................................................... 20

Oracle SPARC .............................................................................................................................................................. 20

Storage and Storage Presentation......................................................................................................................... 20

Service Options and Service Implementation .......................................................................................................... 22

OFFICIAL Data Management & Handling .............................................................................................................. 22

Management of Virtual and Dedicated Resource Pools ................................................................................... 23

Management of Named Virtual Servers and Physical Servers ....................................................................... 23

Six Degrees Server OS Management Services ................................................................................................... 23

Six Degrees Server Antivirus Management Service .......................................................................................... 24

Licensing ...................................................................................................................................................................... 24

Capacity Management, Expansion and Reporting.............................................................................................. 25

Logging ......................................................................................................................................................................... 26

Platform Patching ...................................................................................................................................................... 26

Data Migration and Implementation ........................................................................................................................... 26

Bespoke Solutions .......................................................................................................................................................... 26

Offboarding ....................................................................................................................................................................... 27



Decommissioning Process ............................................................................................................................................ 27

Business Continuity Service Portfolio ............................................................................................................................. 28

Backup as a Service Overview .................................................................................................................................... 28

Backup as a Service Features ................................................................................................................................. 31

Backup as a Service Options................................................................................................................................... 32

BaaS Purchasing Model ............................................................................................................................................ 32

Set-up Fee ................................................................................................................................................................... 33

Product Items .............................................................................................................................................................. 34

Instance ........................................................................................................................................................................ 35

Backup Target Locations ......................................................................................................................................... 35

Backup as a Service Implementation .................................................................................................................... 35

Ready for Service ....................................................................................................................................................... 37

BaaS Service Operations .......................................................................................................................................... 37

BaaS Monitoring ......................................................................................................................................................... 37

BaaS Reporting ........................................................................................................................................................... 37

BaaS Archive ............................................................................................................................................................... 38

Self- vs. Managed Backup Service Driven Responsibility ................................................................................ 38

Caveats and Limitations ........................................................................................................................................... 39

Encryption Key Retrieval from BaaS Escrow ....................................................................................................... 40

Decommissioning Process ....................................................................................................................................... 40

Backup as a Service Requirements and Dependencies .................................................................................... 41

Veeam Cloud Connect Service Overview .................................................................................................................. 43

Veeam Cloud Connect Service Features .............................................................................................................. 45

Veeam Cloud Connect Service Options ................................................................................................................ 46

Veeam Cloud Connect Purchase Model ................................................................................................................ 46

Set-up Fee ................................................................................................................................................................... 46

Veeam Cloud Connect Product Items ................................................................................................................... 46

Veeam Cloud Connect Service Implementation ................................................................................................. 47

Veeam Cloud Connect Ready for Service ............................................................................................................. 47

Veeam Cloud Connect Service Operations .......................................................................................................... 48

Veeam Service Driven Responsibility .................................................................................................................... 48

Veeam Cloud Connect Decommissioning Process ............................................................................................ 49

Disaster Recovery as a Service (DRaaS) Overview ................................................................................................ 50

DRaaS Service Overview .......................................................................................................................................... 50

DRaaS Service Features ........................................................................................................................................... 52

DRaaS Service Options ............................................................................................................................................. 53



Additional Information ............................................................................................................................................... 53

Set-up Fee ................................................................................................................................................................... 54

DRaaS Product Items ................................................................................................................................................ 55

DRaaS Service Implementation .............................................................................................................................. 57


DRaaS Service Operations ....................................................................................................................................... 57

DRaaS Service Requirements and Dependencies .............................................................................................. 59

Server OS Management Service Overview .................................................................................................................... 61

Server OS Management Service Prerequisites ........................................................................................................ 62

Server OS Management Service Features ................................................................................................................ 62

Server OS Management Service Monitoring ....................................................................................................... 63

Server OS Management Service Reactive ........................................................................................................... 63

Server OS Management Service Proactive .......................................................................................................... 63

Server OS Management Service Service Implementation .................................................................................... 65


Active Directory Service Overview .................................................................................................................................. 66

Definitions ......................................................................................................................................................................... 66

Active Directory Service Prerequisites ...................................................................................................................... 66

Exclusions ......................................................................................................................................................................... 67

Service Features ............................................................................................................................................................. 68

Active Directory and DNS Monitoring .................................................................................................................... 68

Active Directory Troubleshooting ........................................................................................................................... 68

Annual Active Directory Audit ................................................................................................................................. 68

Active Directory Continuous Auditing and Assessment ................................................................................... 69

Optional Services ............................................................................................................................................................ 70

Azure Active Directory Sync Tool ........................................................................................................................... 70

Active Directory Federation Services .................................................................................................................... 70

Group Policy Review .................................................................................................................................................. 70

Schema Upgrades ....................................................................................................................................................... 71

Domain and Forest Functional Level Upgrades ................................................................................................... 71

Active Directory Management Service Implementation ........................................................................................ 72


SQL Server Management Service Overview ................................................................................................................. 73

Definitions ......................................................................................................................................................................... 73

SQL Server Management Service Prerequisites ..................................................................................................... 73

SQL Server Management Service Features ............................................................................................................. 73



SQL Server Management Service - Functionality Available ............................................................................ 73

SQL Server Management Service Implementation ................................................................................................. 77

Ready for Service ............................................................................................................................................................ 77

Cloud firewall service overview ....................................................................................................................................... 78

Cloud Firewall Service Features .................................................................................................................................. 78

Cloud Firewall Service Description ............................................................................................................................. 78

Essential Virtual Firewall .......................................................................................................................................... 78

Virtual Firewall Advanced......................................................................................................................................... 79

Virtual Firewall Premium .......................................................................................................................................... 81

Six Degrees’ Cloud Firewall Service Operation ........................................................................................................ 81

Firewall Deployment and Configuration ................................................................................................................ 81

Virtual Firewall Advanced & Premium ................................................................................................................... 81

Firewall Management ................................................................................................................................................ 81

Firewall Monitoring .................................................................................................................................................... 82

Software and Patch Management ......................................................................................................................... 83

Edition/Capacity Upgrades ..................................................................................................................................... 83

Managed WAN/MPLS Termination........................................................................................................................ 83

Logging ......................................................................................................................................................................... 83

Cloud Firewall Service Implementation ..................................................................................................................... 84

Virtual Firewall Essential .......................................................................................................................................... 84

Virtual Firewall Advanced or Premium .................................................................................................................. 84


Office 365 Management Service Overview ................................................................................................................... 85

Office 365 Management Service Features ............................................................................................................... 85

Feature availability ..................................................................................................................................................... 87

Office 365 Management Service ............................................................................................................................88

Office 365 Management Service Options (add-ons).......................................................................................... 89

Product Items .............................................................................................................................................................. 90

Office 365 Management Service Implementation................................................................................................... 90


Office 365 Management Service Operations ........................................................................................................... 90

Our Support Team ...................................................................................................................................................... 90

Office 365 Management Service Billing ..................................................................................................................... 91

Subscriptions and Cancellations ............................................................................................................................. 91

Moving to Six Degrees for Existing Office 365 customers ................................................................................ 91

Office 365 Management Service Levels ..................................................................................................................... 91



Microsoft Azure Services ................................................................................................................................................... 92

Compute ............................................................................................................................................................................ 92

Network ............................................................................................................................................................................. 92

Storage .............................................................................................................................................................................. 92

Microsoft Azure Operations .......................................................................................................................................... 93

Azure Portal Access................................................................................................................................................... 93

Azure Service Implementation ................................................................................................................................ 93

Six Degrees Migration and Professional Services .............................................................................................. 93

Six Degrees Server OS Management Service ..................................................................................................... 93

Managed Antivirus ..................................................................................................................................................... 94

Data Migration and Implementation ...................................................................................................................... 94

Amazon Web Services ........................................................................................................................................................ 95

Overview ........................................................................................................................................................................... 95

Support .............................................................................................................................................................................. 95

Data Centre Locations ................................................................................................................................................... 95

Severity Definitions ........................................................................................................................................................ 95

Service Constraints ........................................................................................................................................................ 95

Minimum Infrastructure Requirement ................................................................................................................... 95

Maintenance and Planned Outage ......................................................................................................................... 96

Customer Responsibilities........................................................................................................................................ 96

Onboarding and Offboarding Processes .................................................................................................................... 96

Onboarding .................................................................................................................................................................. 96

Offboarding .................................................................................................................................................................. 96

Commercial Relationship .............................................................................................................................................. 96

Ordering ........................................................................................................................................................................ 96

Use by Other Suppliers ............................................................................................................................................. 96

Invoicing ....................................................................................................................................................................... 97

Termination by Customers ....................................................................................................................................... 97

Service Credits ........................................................................................................................................................... 97

Termination by Six Degrees ..................................................................................................................................... 97

Minimum Contract Period......................................................................................................................................... 97

Pricing ................................................................................................................................................................................ 97

Monthly Managed Service........................................................................................................................................ 97

Six Degrees SLA - Introduction ........................................................................................................................................ 98

Service Levels – Cloud Infrastructure ........................................................................................................................ 98

Compute & Storage Platform .................................................................................................................................. 98



Advanced & Premium Virtual Firewall ................................................................................................................... 99

Advanced & Premium Virtual Load Balancer ....................................................................................................... 99

Service Level Definitions: Cloud Infrastructure .................................................................................................. 99

Service Levels – Business Continuity ...................................................................................................................... 100

Backup as a Service (BaaS) .................................................................................................................................. 100

Disaster Recovery as a Service (DRaaS) ............................................................................................................ 100

Veeam Cloud Connect Backup .............................................................................................................................. 100

Service Level Definitions: Business Continuity .................................................................................................. 101

Service Levels – Cloud Applications......................................................................................................................... 102

Office 365 ................................................................................................................................................................... 102

Service Levels - Public Cloud ..................................................................................................................................... 102

Microsoft Azure ........................................................................................................................................................ 102

Service Level Agreement Uptime Values ................................................................................................................ 104

Service Continuity Management ............................................................................................................................... 104

Service Level Agreement Exclusions ....................................................................................................................... 105

Service Credits .............................................................................................................................................................. 106



SIX DEGREES OFFICIAL INFRASTRUCTURE AS A SERVICE (IAAS) OVERVIEW

General

Under G-Cloud 11 we are bidding for Cloud Hosting. Any Features not included in Cloud Hosting are not covered in this Service Definition.

Green IT

Six Degrees’ IaaS services support the governments Greening ICT Strategies. Six Degrees recognises that its operations can impact both directly and indirectly on the environment. Our goal is to protect the environment through good management and by adopting best practice throughout our organisation. We work to integrate environmental considerations into our business decisions, consultancy and client solutions. Indeed one of the Equinix data centres that we utilise won the Green Data Centre award from DataCenter Dynamics. This innovative use of sustainable and renewable energy technology was a key factor for us to select that facility as a part of our operations. We also have the EU Code of Conduct Energy Efficiency Award certifying that our data centres have adopted energy efficiency best practices: our Birmingham Central site has a PUE of less than 1.3 indicating our commitment to green initiatives.

IaaS Services

Six Degrees Infrastructure Services portfolio provides a range of scalable hybrid cloud platforms. Six Degrees OFFICIAL IaaS services have been built to meet the demand for cloud infrastructure that provides high security, Enterprise-ready features and the ability to support mission and business-critical workloads. Designed from the ground up as an Enterprise solution, our IaaS provides high levels of support and guaranteed resource available to you when needed. Our IaaS services make it possible to run practically any Enterprise application.

The service supports OFFICIAL and OFFICIAL SENSITIVE classified data workloads, offers a choice of both virtual and bare-metal infrastructure, per hour billing options and includes a 99.99% service level agreement as standard.

Our offering designed for the Public Sector, including local authorities, is capable of delivering services to organisations connected via the Public Services Network (PSN) up to OFFICIAL classification, including OFFICIAL SENSITIVE handling.

For our Public Sector cloud platform, Six Degrees leverages the highly secure, UK Public Sector approved data centres provided by ARK. Using these sites provide guaranteed data sovereignty, ensuring that the customer’s data will never be hosted outside of UK borders. ISO 27001 and PCI certified data centres provide additional peace of mind.

Integration with Six Degrees Next Generation Network enables us to provide high-speed, uncontended connectivity across all cloud platforms and Managed WAN (also known as Layer 3 VPN) connectivity to customer sites. Delivered as a fully managed, Enterprise-grade, low-latency service, Six Degrees managed connectivity services can form the building blocks of the customer’s network infrastructure.

Six Degrees is also an ExpressRoute and Direct Connect partner enabling us to integrate public cloud connectivity directly into our network and cloud solutions, enabling the customer to build and deploy hybrid cloud solutions across the Six Degrees Enterprise Cloud platform and public cloud providers.

The table on the next page gives a high-level overview of our Cloud portfolio.



SUPPORT SERVICES

Clou

d Su

ppor

t Se

rvic

es

Cloud Advanced / Premium

Client Service Management

End User Service Desk (1st line)

Remote Monitoring Management (RMM) & Patching

CONSULTANCY AND PROFESSIONAL SERVICES

Clou

d Pr

ofes

sion

al

Serv

ices

Cloud Readiness Assessments Data Centre Optimisation Assessments

Server Migration Office 365 (O365) Migration

ENTERPRISE CLOUD PUBLIC SECTOR CLOUD PUBLIC CLOUD

Clou

d In

fras

truc

ture

Designed for commercial mid-market and Enterprise organisations requiring geo-diversity and private connectivity.

Delivers highly available application uptime for critical

business applications.

Designed for the Public Sector, including local authorities.

Capable of delivering services to organisations connected via

the Public Services Network (PSN).

Up to OFFICIAL classification, including OFFICIAL SENSITIVE

handling.

Designed to support organisations with highly

fluctuating requirements and global installation

requirements across availability zones.

Certified Azure and AWS partner.

BACKUP DISASTER RECOVERY (DR) PUBLIC CLOUD DR

Busi

ness

Con

tinui

ty Designed to protect Servers

and Desktops, full machines and at file level. Gives peace of mind for data integrity with a

customisable range of options for replication frequency and

length of retention.

Designed to replicate servers from on-premises/colocation or Enterprise/Public Sector

Cloud.

Allows continuous replication and failover to restore service

in a severe failure scenario.

Replicates services from Private Cloud to Public Cloud,

delivering cloud-neutral protection for critical

workloads.

MODERN WORKPLACE DATA AND BI UNIFIED COMMS

Clou

d Ap

plic

atio

ns

Office 365 – provides the market-leading services for business productivity tools,

including Exchange, Skype for Business/Teams, SharePoint

and OneDrive.

Remote Desktop and VDI (Virtual Desktop Infrastructure)

Email security, continuity, archiving and backup.

Anti-virus and anti-malware protects your server and

desktop estate.

Business Data intelligence and analytics.

Utilising the market-leading Business Intelligence (BI)

product suite to create business insights and rich

presentation from structured and unstructured data.

Skype for Business and Avaya services enrich worker

collaboration and communication. Empowers

employees from all locations to be productive.

MANAGED SERVICES

Clou

d M

anag

ed

Serv

ices

Cloud Firewall / Cloud Load Balancer Server OS / Active Directory / SQL Server/ Application Uptime

Office 365 / Virtual Desktop Infrastructure (VDI) / Remote Desktop Services (RDS)



Compliance

Where Six Degrees is providing Services that are Compliant with a Specified Standard, you should be aware that only the Services we are providing carry an accreditation. Anything you use those services for does not inherit the accreditation from the Services on which it sits.

1.2.1.1 PCI DSS

Six Degrees ensure all of its accredited PCI DSS Services are maintained according to the relevant PCI DSS requirements to ensure the security of cardholder data on behalf of the Customer. This statement ONLY applies to Services that Six Degrees provides. The Customer must ensure that all of its own functions relating to cardholder data, application or otherwise, are both PCI DSS accredited and maintained, and that all relevant steps are taken to protect cardholder data.

Definitions • “vCPU” (or in the plural “vCPUs”): is defined as one or more virtual central processing unit(s) (CPUs)

compatible with Intel x86 instruction sets

• “vRAM”: is defined as virtual random access memory used for real-time processing

• “Storage”: is defined as non-volatile media for storing files, databases, applications or virtual servers

• “VMDK”: is defined as Virtual Machine Disk, the file stored on a data store representing each individual disk configured within a virtual machine

• “IOPS”: is defined as the number of input/output operations per second on a disk

• “GiB”: is defined as 1,024MiB

• “TiB”: is defined as 1,024GiB

• “RTO”: Recovery Time Objective

• “RPO”: Recovery Point Objective

• “ATOT”: At Time Of Test

• “ATOD”: At Time Of Disaster

• “Compute”: A combination of vCPU and vRAM resources

• “SMC” – Service Management Centre

• “CMDB” – Configuration Management Database

In addition to the definitions above, in this document we use the “RACI” Responsibility Matrix. It is used to denote our role and your role in various Sections in this document. Each role has one or more of the following letters:

“R” shall denote “responsible” indicating the party who does the work to achieve the task;

“A” shall denote “accountable” indicating the party who:

i) is ultimately answerable for the correct and thorough completion of the task,

ii) delegates the work to the responsible party; and

iii) approves the work that the responsible party provides.

“C” shall denote “consulted” indicating the party whose opinions are sought and with whom there is two-way communication; and



“I” shall denote “informed” indicating the party who shall be are kept up-to-date on progress, often only on completion of the task or deliverable; and with whom there is just one-way communication.

PUBLIC SECTOR CLOUD

Public Sector Cloud Architecture

Six Degrees Public Sector Cloud has been designed to provide exceptional levels of resiliency, incorporating a minimum of N+1 resiliency across all components. The platform is designed to provide a highly available, highly scalable Infrastructure as a Service (IaaS) platform for customer solutions.

Based on tier 1 Enterprise-grade hardware, the platform includes the following:

• Resilient connectivity to the Six Degrees core Next Generation Network, each network stack is connected to two independent Six Degrees Core nodes

• N+N network fabric resiliency with two physically separate fault domains for the network fabric • N+1 storage fabric resiliency with two physically separate fault domains for storage • Resilient storage and network connectivity to all compute hardware split across both fault domains • N+1 compute nodes in each chassis providing high availability • Delivered from UK-based ARK data centres in Corsham and Farnborough, as well our London and Slough

based data centres

At a functional level the Public Sector Cloud platform delivers the following:

• Options for virtual or physical servers • Options for resource pools or named servers • Options for management including RDP, vCloud Director and API • Geo diverse data centres • Options for Managed or Unmanaged Virtual Firewalls • Options for Managed or Unmanaged Virtual Load Balancers • Internet and Managed WAN (MPLS) connectivity

Below is an example of a Dual Site (GEO HA) replicated solution. Public Sector Cloud is deployed in 2 availability zones (DCs), including multiple application tiers, managed virtual load balancer, managed virtual firewalls and a 3rd party Global Load Balancing solution.



OFFICIAL Vulnerability Management & Protective Monitoring

Regular IT Health Checks will be conducted to ensure Six Degrees Technology Group Ltd systems remain patched. To provide interim views of vulnerabilities, Six Degrees Technology Group Ltd operate a proactive Nessus scanning service, which alerts on any unpatched or at risk services.

Six Degrees Technology Group Ltd ensure all 5 key aspects of protective monitoring are conducted on our secure Public Sector Cloud as part of our protective monitoring strategy:

• Business traffic crossing a boundary

• Activity at a boundary

• Alerting on events

• Accurate time in logs

• Data backup status

Originally aligned to GPG 13 (Protective Monitoring for HMG ICT Systems), Six Degrees Technology Group Ltd visualised monitoring and auditing platform ensures the right measures are being interrogated to avoid complexity and maintain the secure operation and continuation of our IaaS platform.

The configuration and associated processes of Six Degrees Technology Group Ltd OFFICIAL management platform relate to the highest levels of implementation guidance for NCSC’s 14 Cloud Security Principles:

1. Data in transit protection

Database server

Application Server

Database server

Webserver

Webserver

Webserver

Webserver

Webserver

Database Cluster

Load balancer

Firewall

Application Server

Webserver

Webserver

Webserver

Webserver

Webserver

Load balancer

Firewall

A.Webapp.6dg.co.uk B.Webapp.6dg.co.uk

Amazon Route 53

Polling Polling

Webapp.6dg.co.uk



2. Asset protection and resilience

3. Separation between consumers

4. Governance framework

5. Operational security

6. Personnel security

7. Secure development

8. Supply chain security

9. Secure consumer management

10. Identity and authentication

11. External interface protection

12. Secure service administration

13. Audit information provision to consumers

14. Secure use of the service by the consumer

Our SOC (Security Operations Centre) Service is a fully managed and continuously monitored Security, Incident and Enterprise (SIEM) capability with industry-standard log and event retention capabilities with the ability to meet all known compliance regimes including HMG (OFFICIAL), PCI, CPNI, ISO27001 and SEC (SANS). A dedicated team of SOC analysts and managers are responsible for providing a personalised and technically enhanced service. The skillset of the team ensures all functions of the service have experts in their field available to provide any assistance required.

Platform Options

Within the Public Sector Cloud Platform, customers can choose between a Community Cloud Service or a Dedicated Private Cloud Service:

Public Sector Cloud

Community Cloud Dedicated Cloud

What you get • Shared hardware with options for physical servers – proven best practice architecture, built and managed by Six Degrees

• Hardware dedicated to the customer – designed to a Six Degrees proven architecture, built and managed by Six Degrees

How you manage it

• Direct RDP to servers, through VCloud Director or API

• Through vCloud Director, vCenter or API



Why you would choose this

• Platform built and managed natively by Six Degrees, locally in the UK from ARK Data Centres providing local accountability and control

• Flexibility of design and capability beyond public cloud

• Predictable costs

• Security or performance conscious.

• Not wishing to share resources with other customers.

• Specific compliance requirements

What you need to consider

• Cannot use existing Windows Server licences

• Need Software Assurance on existing licences for mobility

• Ceiling limits on some resources

• The platform has to be specified to cater for all fluctuations of use; does not benefit from consume on demand capability

• OPEX and no hardware EoL. • The customer can utilise their

existing licensing without requiring Software Assurance

• Leverages a proven design and expert resource to build and manage

Availability/Pricing • Standard product and pricing including the Usage Billed Monthly in Arrears (Hourly Metered Billing) model, available immediately

• Built on demand to the customer requirement



Community Cloud

Network

Within the customers’ Public Sector Cloud solution, Six Degrees will provide a number of core network components that will include the following:

• Virtual Server Network Card – Up to four network cards per virtual server which can be connected to any VLAN’s within the customer’s environment

• VLAN – Dedicated VLAN’s per customer solution for use as LAN or DMZ networks • Internal IP Addressing – A /24 private IP address range will be assigned to each VLAN be default,

optionally this can be extended up to a /21 private IP range upon request • Public IP Addresses – /29 (3 useable), /28 (11 useable) or /27 (27 useable) blocks of useable public IP

addresses • Public DNS Services – Six Degrees will provide access to our public facing DNS service for Internet name

resolution • Managed Virtual Firewall – A range of Managed Virtual Firewalls are available including a selection of

bandwidth, add-on services and high availability • NSX Virtual Firewall –NSX Edge firewall appliance provided on a per customer basis configurable through

the vCloud Director web or API interfaces • Managed Virtual Load Balancer – An optional element is a range of virtual load balancers • NSX Virtual Load Balancer – Load balancing provided by the NSX Edge appliance provided on a per

customer basis configurable through the vCloud Director web or API interfaces • Internet Breakout – 100MiBps of resilient Internet breakout is provided as standard, additional bandwidth

can be purchased on request • Managed WAN Connectivity – Resilient or non-resilient connectivity to a Six Degrees Managed WAN

service • DDoS mitigation service protecting against flood type attacks (e.g. DNS amplification & SMURF attacks)

for all external IP addresses • PSN Connectivity

2.4.1.1 Virtual Server Network Card

Within each virtual server, Six Degrees supports up to four virtual network cards. Each virtual server can be connected to any VLAN available within the customer solution. The virtual network cards can be configured as E1000 (1GiBps) or VMXNET 3 (10GiBps) adapters. Within a virtual resource pool, all network cards are connected to customer specific VLAN’s on a shared distributed virtual switch.

2.4.1.2 VLAN

VLAN’s are configured within a customer VRF providing logical per customer isolation. VLAN’s are per cloud platform. During the initial deployment Six Degrees will deploy VLAN’s in line with the agreed solution design, customers can configure additional VLAN’s as required through the vCloud Director Web interface or API.

Within the Public Sector Cloud platform site, any VLANs created will be available to the virtual platform as well as any dedicated physical or other platform services, such as OVM, that Six Degrees might provide. Six Degrees does not support stretched VLAN’s between data centres.



2.4.1.3 Internal Private IP Addressing

For each VLAN provisioned, Six Degrees will allocate a /24 private IP address range, if this range conflicts with an existing IP address range within the customer’s network, the customer can request that is it changed prior to the configuration of any virtual machines for no additional cost.

Once virtual machine and firewall configuration has been completed, changing the private IP address range will be charged at standard professional services rates.

2.4.1.4 Public IP Addresses

Non-transferable Public IP addresses blocks are provided by Six Degrees. Within a public IP address block, three addresses are used to support the highly available network infrastructure leading to the following IP address availability:

• /29 – 3 useable public IP addresses



Larger Public IP Address blocks can be provided on request.

2.4.1.5 Public DNS Service – Internet Name Resolution

Six Degrees will provide two public facing DNS service IP addresses. The service is built on a resilient multi-site infrastructure ensuring continuous availability.

2.4.1.6 Virtual Firewall

As part of the Public Sector Cloud solution, Six Degrees will provision a virtual firewall solution. A range of options are available for the virtual firewall solution including both unmanaged and managed solutions.

Full details of the Cloud Firewall specification, functionality and operations are located in the Six Degrees Cloud Firewall Service Description.

2.4.1.7 Perimeter Firewall

As part of the Public Sector Cloud infrastructure Six Degrees deploy and manage a perimeter firewall for all customers, this appliance provides a second layer of stateful firewall protection in addition to any firewall solution the customer deploys.

2.4.1.8 Virtual Load Balancer

Within the Public Sector Cloud Platform, Six Degrees provides the option of a dedicated virtual load balancer. A range of options are available for the virtual load balancer including both unmanaged and managed solutions.

Full details of the Cloud Load Balancer specification, functionality and operations are located in the Six Degrees Cloud Load Balancer Service Description.



Internet Breakout

As standard, if the customer has purchased Internet breakout, Six Degrees will provide a resilient 100MiBps Internet service. This service is an unfiltered Internet service delivered through the Public Sector Cloud resilient network fabric.

If additional bandwidth, Internet Protection (such as DDOS) or security services are provided, these are available as optional add-on products.

Managed WAN The Public Sector Cloud platform fully supports the delivery of Six Degrees Managed WAN connectivity directly into the platform providing connectivity to existing customer sites.

Managed WAN connectivity will be terminated on the 10GiBps Public Sector Cloud network fabric and delivered over the resilient network connectivity to the customer cloud network.

If the customer has an existing 3rd party MPLS, Six Degrees can integrate with it by utilising a cross connect at any one of our nationwide POP’s. From there, Six Degrees will use our Next Generation Network to deliver the customer’s services as Managed WAN to the Public Sector Cloud platform.

Please note there may be additional charges from the customer’s MPLS provider to cross connect with Six Degrees.

DDoS Mitigation

All ingress internet traffic to the Public Sector Cloud is subjected to volumetric (L3/L4) DDOS mitigation protection. This protection is achieved by passing all traffic via a UK primary scrubbing centre, with 4 Tbps of attack ingestion capacity, before delivering clean traffic, using BGP routing, to the Six Degrees Public Sector Cloud. DDOS protection is always on, capturing attacks at the moment they occur, using advanced behaviour analytic technology and reactive IP filtering through null routes and limited ACL filtering.

PSN Connectivity

Our services can utilise an assured data transport mechanism. Six Degrees Technology Group Ltd can provide PSN Protect network connectivity.

Purchasing Model

The Customer may purchase Public Sector Cloud resource in two models. Each platform solution is restricted to a consistent model.

• Usage Billed Monthly in Arrears (Hourly Metered Billing) – Under this model Six Degrees provides access to our Public Sector Cloud platform, resources can then be consumed on a pay as you basis. Please refer to the Billing and Payment Guide for more detail.

• Resource Pools – A resource pool provides the customer with a pool of vCPU, RAM and storage with the capability to create, remove or resize virtual servers as required.

• Named Servers – Named Servers are pre-defined virtual or physical servers with a defined resource configuration for the term of the contract, if the customer wishes to modify the resource specification of the server this would be treated as a change order.

The customer can choose to purchase a resource pool with shared resource or the customer can choose to have dedicated resource, meaning that vCPU and RAM will be provided from dedicated hardware.



The customer specifies the amount of resource they require in terms of vCPU, vRAM and Storage. Then, through VMware vCloud Director or the OVM Portal, the customer controls what servers they deploy. The customer can change resource specifications and servers as often as they like within the confines of the resource pool that they have purchased.

2.4.6.1 Usage Billed Monthly in Arrears (Hourly Metered Billing) The options available under the Usage Billed Monthly in Arrears model are as follows:

• vCPU– 1 TO 1500 • vRAM 1 TO 3500TiB • SAN Storage – 100GiB to 100TiB

The compute resource is provided from a pool of multi-tenant compute nodes. These nodes are configured as a single shared compute cluster with N+1 high availability at a platform level.

Within the platform there are a predefined maximum per virtual server configuration rules in place. These include:

• vCPU –Maximum of 16 vCPU per virtual server • vRAM – Maximum of 128GiB RAM per virtual server • Storage – Maximum volume size of 2TiB with no more than 10TiB per Virtual Server

Under the consumption-based model, Six Degrees commits to ensuring capacity is available to support incremental growth of 20% of capacity with a minimum of 224 vCPU, 465GB RAM and 4TB of storage available. If additional capacity is required beyond this amount, the customer must notify Six Degrees and a lead time of six (6) weeks will apply to the capacity increase.

2.4.6.2 Resource Pool – Virtual

The options available for a virtual resource pool are as follows:

• vCPU– 1 TO 1500 • vRAM 1 TO 3500TiB • SAN Storage – 100GiB to 100TiB

Within a virtual resource pool, the compute resource is provided from a pool of multi-tenant compute nodes. These nodes are configured as a single shared compute cluster with N+1 high availability at a platform level.

If there is a requirement for node affinity or resources split across multiple compute clusters, these features are available within the dedicated resource pool.

Within a virtual resource pool, there are a predefined maximum per virtual server configuration rules in place. These include:

• vCPU –Maximum of 16 vCPU per virtual server • vRAM – Maximum of 128GiB RAM per virtual server • Storage – Maximum volume size of 2TiB with no more than 10TiB per Virtual Server

Resource Pools are available as a static pool limited to the committed resource level, or on a consumption-based model. When a consumption-based model is chosen, the resource pool will be configured with no resource limits thus allowing the customer to scale resources as required.

Within the consumption-based model, Six Degrees commits to ensuring capacity is available to support incremental growth of 20% of capacity with a minimum of 224 vCPU, 465GB RAM and 4TB of storage available. If additional capacity is required beyond this amount, the customer must notify Six Degrees and a lead time of six weeks will apply to the capacity increase.



Within a virtual resource pool it is also possible to purchase “reserved resources”. These “reserved resources” provide guaranteed access to additional vCPU, VRAM and SAN Storage for burst purposes. In addition, these “reserved resources” can be used to ensure the appropriate resource is available if the customer has a predictable burst event.

2.4.6.3 Resource Pool – Dedicated

The options available for a dedicated resource pool are as follows:

VCPU VRAM STORAGE PHYSICAL COMPUTE NODE EXPANSION INCREMENT

224 115 100GiB to 100TiB

Dual 2.6Ghz 14 Core CPU, 128GiB RAM

Per 224 vCPU and 115GB RAM

224 230 100GiB to 100TiB



224 465 100GiB to 100TiB



448 930 100GiB to 100TiB



672 1,395 100GiB to 100TiB



896 1,860 100GiB to 100TiB



1,120 2,325 100GiB to 100TiB



1,344 2,790 100GiB to 100TiB



1,568 3,255 100GiB to 100TiB



Within a dedicated resource pool, the underlying compute hardware is dedicated to the customer. Six Degrees recommend a maximum oversubscription ratio of 4:1 which equates to 224 vCPU per physical compute node. However, the customer may choose to exceed this amount if their workload is appropriate.

The underlying compute hardware will be configured in an N+1 configuration providing high availability in the event of a compute node failure; the useable vRAM purchased takes into account the N+1 configuration.

Six Degrees recommends a minimum of 75GiB of storage is allocated for system drives on all virtual servers.

For customers with a dedicated resource pool, there must be 10% space free on all data stores to enable the platform-level snapshots to complete successfully. If the free space falls below this amount, the daily platform-level snapshots will not be available.

Within a dedicated resource pool there are a predefined maximum per virtual server configuration rules in place, these include:

• vCPU –No limit • vRAM – Limited by the per compute node physical RAM, recommendation that no virtual machine exceeds

25% of the underlying per compute node RAM as listed in the specification table above • Storage – Maximum volume size of 2TiB with no more than 10TiB per Virtual Server.

Management of Resource Pools



Virtual and Dedicated resource pools can be managed using vCloud Director or OVM, this facility provides a web-based interface for resource management allowing the customer to allocate resources, control and access virtual servers. In addition, customers can use the vCloud API or OVM API to provision and manage virtual servers.

Named Servers

By purchasing named servers, the customer does not have to purchase a pool of resource that may not be fully utilised. The customer gets to choose between virtual servers and physical servers.

The following specifications are available:

VIRTUAL SERVERS PHYSICAL SERVERS

vCPU – 1 to 16

CPU – Choice of:

• 2*4 Core 2.6GHz • 2*10 Core 2.4GHz • 2*14 Core 2.6GHz • 2*18 Core 2.7GHz

vRAM – 1 to 128GiB

*RAM deployed as fixed – not contended

RAM – 64, 128, 256, 384, 512, 768GiB

System Drive – 50GiB to 500GiB

Available in 50GB increments

Local Drive - Choice of:

• 2x600GiB 15K SAS RAID 1 • 2x480GiB SSD RAID 1 • 6x600GiB 15K SAS RAID 6 • 6x480GiB SSD RAID 6

Storage Drive – 100GiB to 2TiB

Up to five storage drives per Virtual Server

Available in 100GB increments

Shared SAN storage may also be provided for physical servers

All virtual servers are fully licensed for any current edition of Microsoft Windows Server; for Physical Servers the appropriate licensing must be specified and purchased.

Oracle SPARC

Oracle SPARC is only available per physical server based on a minimum 12 month commitment. As standard each physical server is an Oracle T7 server with 32 cores (224 vCPU) and 488GB RAM. Other configurations are available on request.

Storage and Storage Presentation

The Public Sector Cloud Platform utilises Solid State Drives (SSD) to deliver a high performance, highly resilient storage architecture. All storage is provided from Enterprise-grade SAN’s with integrated resiliency, RAID and hot spare drives.

Additional storage types including guaranteed IOPS storage are available on request.



Storage is presented to virtual machines as a VMDK within the Virtual Cloud Platform. If support for RDM’s (Raw Device Mapping) is required Six Degrees can provide this functionality on request.

For customers with a dedicated resource pool, storage is presented as data stores available within vCloud Director and OVM, Six Degrees recommends thin provisioning for virtual servers.

2.4.10.1 Bandwidth and Throughput

Server performance is highly affected by storage throughput Read/Write speeds. These can vary during the day and throughout each month on the platform due to usage patterns. Please note that different applications can utilise storage in different ways: the default file sizes that they read and write, and how reading/writing is processed with single or multiple threads. Both can affect the performance the customer may see for typical transfer speeds.

The storage platform is designed to provide 2 IOPs per GiB storage per logical disk, higher performance tiers of storage including guaranteed IOPS are available on request.



Service Options and Service Implementation

OFFICIAL Data Management & Handling

2.5.1.1 OFFICIAL Data security policy

Six Degrees Technology Group Ltd is an accredited company under ISO/IEC 27001:2013 and OFFICIAL / OFFICIAL SENSITIVE and, as such, adheres to the approved security policy noted below.

It is the policy of the organisation to ensure that at Six Degrees Technology Group Ltd:

• Information will be protected against unauthorised access

• Confidentiality of information will be assured

• Integrity of information will be maintained

• Regulatory and legislative requirements will be met

• Business continuity plans will be produced, maintained and tested

• Information security training will be available to all staff

• All breaches of Information Security, actual or suspected, will be reported to and investigated by the Information Security Manager.

2.5.1.2 OFFICIAL Information Assurance

It is the policy of the company to protect all information against unauthorised access while maintaining the confidentiality and integrity of that information. We comply with all regulatory and legislative requirements and maintain and test a comprehensive business continuity plan.

2.5.1.3 Data Processing

Six Degrees Technology Group Ltd is registered as a data controller under the Data Protection Act 1998 and has a Data Protection Officer to oversee the specific administrative implications of this particular Act who can be contacted regarding any Data Protection issues.

2.5.1.4 Data Migration

Six Degrees Technology Group Ltd can and will return all customer generated data as agreed in a relevant call-off agreement. Once data has been returned and confirmed by the customer and, if asked to do so, Six Degrees Technology Group Ltd will purge and destroy all data belonging to the customer or consumer from any computers, storage devices and storage media that are to be retained after the end of the subscription period and the subsequent extraction of consumer data.

2.5.1.5 Data Storage and Processing locations

Our IaaS services are delivered for the Public Sector Cloud platform from four locales; these sites are physically and geographically separate, with no interdependencies. Data is unable to pass from one locale to another without being deliberately migrated as a result of a customer decision to do so.

2.5.1.6 OFFICIAL Data Handling



Six Degrees Technology Group Ltd and their suppliers adhere to SPF information handling requirements that have been agreed with HMG and ICO.

Six Degrees Technology Group Public Sector Cloud documentation will be marked in accordance with their internal data classification policy (and under the new GSC is likely to be considered OFFICIAL Sensitive at most) with stringent need to know controls applied.

Documents relating to the IaaS environment, its design and operation are kept under lock and key in a secure office when not in use.

Controls employed for secure erasure of media will be detailed in Six Degrees Technology Group Ltd Public Sector Cloud SysOPS documentation developed by the appropriate service provider. These must conform to Six Degrees Technology Group Ltd standing documentation, HMG policy and IAS5 as agreed with the service Accreditor.

Management of Virtual and Dedicated Resource Pools

2.5.2.1 vCloud Director and OVM

For services purchased as virtual or dedicated resource pools, Six Degrees will provision the resource pool, network components and virtual firewall in accordance with our default configuration (available in the Six Degrees Cloud Firewall Service Description).

Optionally, Six Degrees can provision individual Virtual Servers to a defined base template. The customer must specify the quantity of virtual servers required along with CPU, RAM, storage partitioning, network information and the operating system selection. Six Degrees will deploy a template virtual server to the defined specification and update the server with the latest available security and critical updates.

Management of Named Virtual Servers and Physical Servers

For solutions with named virtual servers or physical servers, by default all network components and virtual servers are provisioned up to the operating system install. Root admin username and passwords are provided to the customer; it is strongly recommended that these are changed straightaway.

Servers will be deployed within a workgroup unless additional professional services have been purchased for migration or further implementation work. In the event that these services have been purchased, such work will be captured in a Statement of Work separately and delivered by the Six Degrees professional services team.

Six Degrees Server OS Management Services

If a customer has purchased Six Degrees Server OS Management Services, these must be allocated to named services. For services where a resource pool has been purchased, the customer must supply the named instances that they wish to allocate the server management services to in order to activate the service.

Once allocated, a Server OS Management Service can be reallocated to a new virtual or physical server once a quarter or when the currently allocated server is decommissioned.

For full details of the services and functionality available, please see the Six Degrees Server OS Management Service Service Description.



Six Degrees Server Antivirus Management Service

Six Degrees’ optional Server Antivirus Management Service can be purchased with any virtual server, resource pool or physical server. A prerequisite for taking the Server Antivirus Management Service is that the virtual or physical server must already be covered by the Six Degrees Server OS Management Service.

If purchased, Six Degrees will provision a dedicated web portal for the customer to access and manage the deployment of the Antivirus software.

It is the customer’s responsibility to ensure the software has been deployed to all virtual or physical servers, Six Degrees monitors any active servers within the Server Antivirus Management platform. In the event an infection is identified, a P2 incident will be raised within ServiceNow and the issue will be investigated.

For full details of the services and functionality available, please contact your Account Manager.

Licensing

As part of the Six Degrees Public Sector Cloud platform, there are multiple licensing options available. These include:

• Microsoft SPLA – Six Degrees can provide Microsoft licences for SQL and Applications on a monthly basis, these licences are rented and can be used within the Six Degrees Public Sector Cloud platform or on-premises where the servers are under Six Degrees administrative control. Customers utilising this licensing model have included software assurance to always be able to use the latest version of the software, it also includes downgrade rights enabling the use of previous versions of Microsoft products.

• Microsoft CSP – Six Degrees is a Microsoft Cloud Solution Provider (CSP), this status enables us to provide Office 365 based licensing for use within our Public Sector Cloud platform, as well as Public Cloud services on Azure and Office 365.

• Open/Select/EA – If a customer has an existing volume licence agreement, certain licences can be used within the Six Degrees Public Sector Cloud as long as they have active Software Assurance, exceptions include Windows Server and Microsoft Office licences. In the event that a customer wishes to utilise their existing licensing, they must complete a Licence Verification Mobility form and submit this to their Microsoft representative or reseller.

NOTE: It is the customer’s responsibility to ensure they are appropriately licensed for all software used within the Six Degrees Public Sector Cloud platform above the Operating System.

2.5.6.1 Supported Operating Systems

All solutions are fully licensed for any currently supported release of Microsoft Windows Server; however, other operating systems are available, including Red Hat Enterprise Linux.

It is the customer’s responsibility to ensure that the appropriate licensing has been purchased for any virtual servers running on the Six Degrees Public Sector Cloud platform.

Supported Operating Systems include the following:

MICROSOFT WINDOWS LINUX

Microsoft Windows Server 2008 CentOS 6 Microsoft Windows Server 2008R2 CentOS 7 Microsoft Windows Server 2012 Suse Linux Enterprise 11 Microsoft Windows Server 2012R2 Suse Linux Enterprise 12 Microsoft Windows Server 2016 Red Hat Enterprise Linux 6



MICROSOFT WINDOWS LINUX

Red Hat Enterprise Linux 7 Ubuntu 14 Server Ubuntu 16 Server Ubuntu 17 Server

2.5.6.2 Consumption-based Licensing

Where the customer is using a consumption-based billing model for the Public Sector Cloud platform, it is important to note that, although the platform is fully licensed for Windows Server, any other chargeable licences have a minimum term of one (1) month. In the event that a virtual server is started using a chargeable licence, the customer will be charged for a minimum of one (1) months’ worth of licence usage.

Capacity Management, Expansion and Reporting

2.5.7.1 Resource Pool – Virtual

It is the customer’s responsibility to manage resource consumed within the resource pool; the customer must order additional resource in advance of being required.

Total resource available will be as invoiced and resource consumed will be the sum of the provisioned machines – which can be found through OVM or vCloud Director in the vOrg resource allocation properties.

Six Degrees operates an industry standard ratio of 4:1 for virtual to physical core allocation.

Resource pools can be specified with burst capability. In which case there would be no vCPU, vRAM or storage restrictions, thus it would allow the customer to burst beyond the contracted resource level. Burst usage will be billed as detailed in the Six Degrees payment and billing policy.

2.5.7.2 Resource Pool – Dedicated

It is the customer’s responsibility to manage resource consumed within the resource pool; the customer must order additional resource in advance of being required.

Additional resource can be added in fixed quantities as per the table in Section 2.4.6.3.

Total resource available will be as invoiced and useable resource can be found through the vOrg resource allocation properties in vCloud Director. Please note that the resource information displayed will include the HA blade which must be subtracted from the resulting total.

Resource consumed will be the sum of the provisioned machines, which can be found through OVM or VCloud Director vOrg resource allocation properties.

2.5.7.3 Named Virtual Servers

It is the customer’s responsibility to manage resource consumed within a named virtual server.*

Virtual Servers can be expanded via a sales order. Physical server RAM and storage can be upgraded in line with the defined physical server models available. Physical server CPU’s are fixed after the initial purchase.

*Server OS Management Services can be purchased to cover individual server capacity management reporting – please see the Server OS Management Service Product Overview and Service Description for more information.



Logging

Six Degrees will maintain the following logs for our Public Sector Cloud platform:

ITEM TYPE LIVE ARCHIVE

Network Fabric Critical and Warning 1 Year 2 Years

Storage Fabric Critical and Warning 1 Year 2 Years

Storage Array Critical and Warning 1 Year 2 Years

Compute Hardware Critical and Warning 1 Year 2 Years

VMWare ESXi Host Critical and Warning 1 Year 2 Years

OVM for X86 Critical and Warning 1 Year 2 Years

Oracle SPARC Critical and Warning 1 Year 2 Years

Current logs are immediately available, archive logs are available on request and will be provided within 48 hours.

Platform Patching

As part of providing the Public Sector Cloud platform, Six Degrees provide ongoing maintenance and management of the underlying hardware supporting that platform. Please contact the Support Team for our current patching policy.

All patching is carried out using the following process:

• Scan of the device to identify missing Critical and Security patches

• All patches are identified patches are tested within our lab environment prior to production deployment

• Request for Change (RFC) raised internally to approve patch installation during a pre-agreed maintenance window

• Patches installed during the maintenance window

The only exception to the above will be in the event of a known critical exploit. In the event of a critical exploit being identified, Six Degrees reserves the right to carry out emergency maintenance on the platform to address the exploit.

Data Migration and Implementation

Six Degrees has a wide range of migration, implementation and other professional services available beyond the standard Public Sector Cloud build. These services integrate closely with our Public Sector Cloud platform to provide a seamless customer experience from the provision of virtual machines to the migration of data or services into the Public Sector Cloud Platform. If you’re interested in these services, please contact your Account Manager.

Bespoke Solutions

If the solution the customer requires is not covered by the specifications provided within this document, Six Degrees can provide a wide range of bespoke solutions utilising our knowledge of industry best practice design to deliver a custom Public Sector Cloud platform that meets the customer’s specific requirements.



For any custom solution, Six Degrees will work closely with the customer to build a clear detailed specification and to agree the statement of work and deliverables ensuring that the solution delivered meets the customer expectations.

Offboarding

Six Degrees provides offboarding capabilities following the end of the customer’s initial contract term; virtual machines can be exported and made available for download over SSL.

Please note that customers will not be granted hypervisor level access to Six Degrees Public Sector Cloud platform for data migration purposes.

Decommissioning Process

For services provided on the Six Degrees Public Sector Cloud platform, Six Degrees cannot provide any form of certified destruction due to the shared nature of the underlying hardware infrastructure. However, the customer is free to move their data away from our service at any time and, once notified, Six Degrees will remove all customer data from the platform using the standard platform tools.



BUSINESS CONTINUITY SERVICE PORTFOLIO

Six Degrees Business Continuity portfolio provides a breadth of recovery services suited for customer needs. Our portfolio ranges from data protection as part of the Backup offering, to system replication and failover as part of the DR offering. Both the Backup and DR offering are available at Six Degrees data centres.

There are many variations of Tiers. However, the concept is pretty straightforward whereby the top Tier workloads are usually mission-critical, require extremely fast recovery e.g. active-active scenario, and the cost is significantly higher. As one goes down the stack, the RTO (Recovery Time Objective) and RPO (Recovery Point Objective) requirement is slower and, likewise, the cost is lower.

Typically, Six Degrees’ business continuity offering falls under Tier 2 (Disaster Recovery as a Service) and Tier 3 (Backup as a Service) category. Sections 3.1 through Section 3.1.14.2 focuses on the Six Degrees Backup as a Service offering. Sections 3.2 through 3.2.10 focus on the Veeam Cloud Connect Service offering.

Backup as a Service Overview

Six Degrees Backup as a Service (also known as BaaS) is for customers who need to protect their physical or virtual x86 workloads to an offsite cloud backup target location (i.e. Six Degrees). The platform provides every customer the ability to configure and manage their backup scheduling, retention, monitoring and encryption process to meet their business policies and demands.

Six Degrees is able to offer the following service types for the BaaS offering:

• Self-Backup Service • Managed Backup Service

Self-Backup service is typically for customers who want to maintain full control of their backup process and its administration. This process could also complement their existing local backup in a situation where their local backup is not accessible.

Faster RTO/RPO, Higher Cost

Slower RTO/RPO, Lower Cost

Tier 1

Tier 2

Tier 3

Tier 4

RTO and RPO in seconds

~4 hours RTO and ~30 mins RPO

~<24 hours RTO and ~24 hours RPO

~>24 hours RTO and ~24 hours RPO

Figure 1: Example tiering with possible RTO and RPO



Managed Backup service is for customers who need Six Degrees to manage their backup administration and process it on their behalf. Managed Backup would complement the customer’s existing IT team, but would not burden the in-house team with the day-to-day management of the process. However, the customer ultimately owns their backup strategy and policies to meet their business objectives. Currently, Managed Backup service is only available to existing Six Degrees Infrastructure as a Service customers.

Six Degrees provides a truly Enterprise-grade backup infrastructure with granular level restores e.g. file, folder, database and full system. It also comes with the common backup properties such as deduplication, compression and encryption that you would expect from an Enterprise offering.

By default, the Six Degrees BaaS offering comes with a single backup target location. However, the customer could optionally upgrade to built-in resiliency by having two identical copies of the data across two different Six Degrees data centres.

PRIMARY ITEM DESCRIPTION

Primary Management Support • Self-Backup (for all customers) • Managed Backup (optionally available for existing Six Degrees

Infrastructure as a Service customers)

Primary Workload Support Physical and Virtual x86

Primary Recovery Targets Six Degrees Data Centres in the United Kingdom

Primary Support Staff 24x7 onshore, UK-based team

At a high-level, Six Degrees Backup as a Service is designed for customers who need a cloud-based backup platform to manage and retain full control of their backup process.

X86 Physical

X86 Virtual

Agentless Backup proxy

Production Source Six Degrees Primary DC

Backup Copy 1

Backup Copy 2

Six Degrees Secondary DC

Replicate Backup Backup Software

Server

Backup Software

Server

Restore

Restore from (if primary DC fails)

Customer Production Source Cloud Backup Target Cloud Backup Target

Backup to (if primary DC fails)



Set-up the backup platform for the customer and maintain the overall backup infrastructure, storage, licence and software at the target site, including overall capacity management of the multi-tenant platform.

Provide the customer with step-by-step onboarding documentation and be available for support.

Follow onboarding documentation to deploy the backup on servers to be protected, configure, schedule, monitor, report and manage their backup/restore activities and processes, including their capacity requirement, throughout the lifecycle of the contract.

Self-Backup

In addition to performing all items listed in Self-Backup, Managed Backup also includes: configuring, scheduling, deploying, monitoring, reporting and managing customers’ backup administrations including alerting on their capacity threshold throughout the lifecycle of the contract. Two (2) restore activities are included per month. Anything more than two would be chargeable.

Owns backup strategy and policy, and advise Six Degrees on required changes. Own and drive any backup tests with Six Degrees, as part of customer’s Business Continuity validation.

Managed Backup



Backup as a Service Features

This section describes the features of Backup as a Service.

FEATURES DESCRIPTION

Ease of Deployment Agentless proxy software for backing up required workloads

Built-in Resiliency Optional resiliency having two identical copies of data across two different data centres

Cost Efficiency De-duplication and compression to optimise on data storage at target. Six Degrees charges for stored data at target.

Secure Data Encryption for data in transit and rest controlled by customer

Granular Backup and Restore Backup and restore capability at file, folder, database and full server level

Support Model 24x7 local, UK-based support team

Service Model Self-Backup (default for all customers)

Managed Backup (optional for existing Six Degrees Infrastructure as a Service customers)

Pricing Model Based on data storage at target site (after de-duplication and compression)

Flexible Configuration Granular backup scheduling and retention to meet business needs

System Protection Physical or Virtual x86

Workload Protection Windows or Linux

OPEX Model No capex, licence nor management outlay to build, maintain and improve backup infrastructure

Reporting

Self-Backup: Build and produce on-demand reporting to analyse and understand the backup performance.

Managed Backup: Weekly basic reporting to provide backup performance. Ad hoc reporting on request.

Long Term Retention Retain data up to the number of years required for auditing and regulatory reasons

Pricing Model

There are 2 models from which a customer can choose:

• Commit + Burst Model: Customers are charged on committed storage (and instance) on a monthly basis and are additionally charged on burst usage for anything beyond.

• Commit + Cap Model: Customers are charged on committed storage (and instance) on a monthly basis and capped on their commitment. Hence, no burst usage will be incurred.

NOTE: Hard cap model may cause backup failures on insufficient storage capacity.




BaaS Escrow Secure encryption key storage and retrieval service

Backup as a Service Options

This section describes the Backup as a Service Options.

BACKUP AS A SERVICE OPTIONS

MODEL SET-UP FEE MONTHLY COMMIT BURST USAGE

Self-Backup

Commit + Burst Model

No.

Self-onboarding documentation provided.

Yes – monthly minimum storage commit.

Yes – additional storage above commit level calculated monthly based on high watermark burst.

Commit + Cap Model

No.

Self-onboarding documentation provided.

Yes – monthly minimum storage commit.

No – due to cap applied on commit level.

Managed Backup

Commit + Burst Model

Yes – based on number of instances.

Yes – monthly minimum storage and instance commit.

Yes – additional storage and instance above commit level calculated monthly based on high watermark burst

Commit + Cap Model

Yes – based on number of instances.

Yes – monthly minimum storage and instance commit


BaaS Purchasing Model

Customers can purchase BaaS in two different ways, which are outlined below:

3.1.3.1 Option 1 – Minimum commit on storage with a burstable usage model

Customer simply commits to a minimum quantity every month, at the rate defined per the contract. Any additional quantity used above and beyond the committed quantity in a given month will be charged at the burstable rate defined in the contract. The charges for the additional storage used in a given month will be calculated based on the peak storage.



3.1.3.2 Option 2 – Option 2 – Minimum commit with a cap model

Customer simply commits to a minimum quantity every month, at the rate defined per the contract. Customer will also be capped on the commit amount hence no burstable usage will be allowed. However, Six Degrees will not be responsible for any backup failures due to insufficient storage.

Set-up Fee

3.1.4.1 Self-Backup

Self-Backup service customers will not incur a set-up fee by default because the onboarding is owned by the customer, using the onboarding documentation provided by Six Degrees.

3.1.4.1.1 Self-Backup: Basic Onboarding Effort

In the event Six Degrees cannot provide the self-onboarding documentation, then the Six Degrees’ support team will provide basic onboarding knowledge, as defined below, for the customer to help them enable their backup process.

Six Degrees will ensure the BaaS platform is ready for the customer to start performing their backup activities. However, in addition to that, the basic onboarding effort will consist of the following tasks:

SERVICE ONBOARDING SIX

DEGREES CUSTOMER

BASIC ONBOARDING Facilitate a remote training call using the backup software and admin portal RA C

Configure and schedule a backup process for one (1) instance RA C

Demo restore function (this function can only be used after the initial seeding process)

RA C

Demo BaaS escrow process RA C

3.1.4.2 Managed Backup Managed Backup service customers will incur a set-up fee cost by default as the onboarding effort will be undertaken by Six Degrees.

3.1.4.2.1 Managed Backup: Full Onboarding Effort The Full Onboarding Effort is for customers who have procured Six Degrees’ Managed Backup service. This setup fee is highly dependent on the scope of the contract and will be based on the number of instances protected.

Diana Szalai

This should be a Heading 5 style. But Word would not let me create a Heading 5 style - ?

Diana Szalai

This should also be a Heading 5 style.



SERVICE ONBOARDING SIX

DEGREES CUSTOMER

FULL ONBOARDING Facilitate a remote training call using the backup software and admin portal RA CI

Configure and schedule backup process for one (1) instance RA CI

Demo restore function (this function can only be used after the initial seeding process)

RA CI

Demo and configure BaaS escrow (key management) process RA CI

Configure and schedule backup process for all instances in-contract RA CI

Ensure all instances in-contract complete initial seeding and synchronisation process

RA CI

Help configure BaaS escrow process RA CI

Perform acceptance test, including restore test(s) RA CI

Sign-off and handover completed; environment given to customer to continue performing lifecycle management.

RA CI

Note: Customers may need to be involved to provide necessary access and credentials to configure the backup process from their source environment.

Product Items

3.1.5.1 Storage

Customers are charged on the “stored storage”, measured in GB, on the target site irrespective of Self- or Managed Backup choice. The stored storage on the target site will typically be smaller in size than the protected storage on the source site. This size difference is simply due to the de-duplication and compression mechanism in place; hence, ultimately passing that cost saving on to customers. However, because different file types have different compression ratios, the customer needs to be aware that Six Degrees is unable to provide the exact storage that the customer will use during the Pre-Sales process. Instead, customers will be provided an estimate at that time and any additional storage deltas will be charged accordingly.

3.1.5.2 Minimum Commit + Cap model

Customers may be charged for marginal burst storage above their committed cap level depending on the backup technology behaviour that Six Degrees have no control over. Generally, customers should assume:

• If quota limit is not reached all backup request are allowed by the backup technology. • If quota limit is reached while backup session are in progress, then they will be allowed to continue until

they are completed. • If a backup request is made after the quota limit is reached then it will be denied, therefore no new

backup will occur.

NOTE: Based upon condition b) above, it is possible that the quota may be exceeded. Generally, this situation is because the backup technology does not know how much data will be collected prior to the start of a backup



session. Therefore, it will not be able to determine if the quota will be exceeded by a new backup request. For this reason, the quota may be marginally exceeded.

Instance

Additionally, Managed Backup customers will also be charged for a management fee based on the number of instances that are being protected.

Backup Target Locations

Customer data is backed up to the following primary Six Degrees data centre location(s):

• Primary Birmingham • Secondary London

Optionally, the data is then replicated into the secondary Six Degrees location to provide built-in resiliency. All are multi-tenant environments.

3.1.7.1 Backup Target Locations

Customer data is backed up to the following primary Six Degrees data centre location(s):

• Primary Birmingham • Secondary London

Optionally, the data is then replicated into the secondary Six Degrees location to provide built-in resiliency. All are multi-tenant environments.

Backup as a Service Implementation

After Order Acceptance, we will implement the Service as outlined in the table below:

SERVICE IMPLEMENTATION SIX

DEGREES CUSTOMER

Phase 1: BaaS Infrastructure and Platform Set-Up Send Welcome Pack and Technical Data Capture form to Customer RA I

Complete and return Technical Data Capture form to Six Degrees I RA Place orders for network connectivity (if Customer procured connectivity from Six Degrees)

RA CI

Confirm projected Ready for Service Date with Customer (this date is usually the same as the contract commencement date)

RA CI

Provide virtual or physical server resources and SQL server resources for Client Host(s)

CI RA




DEGREES CUSTOMER

Prepare backup storage and platform (both Primary and Secondary sites) RA I Implement/Configure Backup network connectivity RA CI Run internal acceptance tests to confirm environment is ready for customer RA I Facilitate a training call on using the BaaS software and admin portal RA C Deliver Backup licences and provide technical support RA I Demo and test connectivity between BaaS Client Hosts and Backup Storage for one protected server

RA CI

Initiate ‘Ready for Service’ and BaaS Handover Pack environment to customer RA I Exit Phase 1: Start billing customer. RA I

Phase 2: Backup Configuration and Initial Seeding (Self-Backup) Install and undertake initial backup seeding and testing for the remainder of the servers to be protected

CI RA

Configure backup schedule and retention for all protected servers - RA Provide remote technical support during installation e.g. using desktop sharing RA CI Implement and safely store BaaS encryption keys - RA Implement and safely store encryption keys via Six Degrees BaaS Escrow process (optional) CI RA

Ensure data seeding between source and target are synchronised I RA Perform acceptance test (including restore activity) and highlight any issues found NOTE: Issues on backup software may involve working with 3rd party vendor

I RA

Work to resolve highlighted issues (may involve working with 3rd party vendor) RA CI Exit Phase 2: Successful backup seeding and moves to steady state I RA

Phase 2: Backup Configuration and Initial Seeding (Managed Backup) Install and undertake initial backup seeding and testing for the remainder of the servers to be protected

RA CI

Configure backup schedule and retention for all protected servers RA CI Provide support that Six Degrees cannot perform during backup installation on source servers

CI RA

Implement and safely store BaaS encryption keys RA CI Ensure data seeding between source and target are synchronised RA I Perform acceptance test (including restore activity) and highlight any issues found NOTE: Issues on backup software may involve working with 3rd party vendor and/or customer

RA CI

Work to resolve highlighted issues (may involve working with 3rd party vendor) RA CI Exit Phase 2: Successful backup seeding and moves to steady state RA I



Ready for Service

3.1.9.1 Self-Backup Ready for Service For Self-Backup customers, the ‘Ready for Service’ Date will be the date when Six Degrees have the Backup as a Service platform ready for Customer to configure their environment to perform Backup operations.

3.1.9.2 Managed Backup Ready for Service For Managed Backup customers, the ‘Ready for Service’ Date will be the date when Six Degrees have the backup service operational and protected for the agreed scope as defined in the Statement of Work.

BaaS Service Operations

3.1.10.1 BaaS Platform Administration Six Degrees Service Operations will be initiated once BaaS moves into Ready for Service. Listed below are the key activities that the customer should expect from the Six Degrees’ BaaS platform administration perspective with a RACI matrix.

BAAS PLATFORM ADMINISTRATION SIX DEGREES CUSTOMER Six Degrees Backup infrastructure (primary and secondary) maintenance and monitoring, including storage

RA I

Six Degrees Backup Software maintenance, monitoring and upgrade RA CI

Troubleshooting and resolving infrastructure issues RA CI

Work with 3rd party vendor and supplier for hardware, software and licence issues and upgrades

RA CI

Backup escrow service for secure storage (optional) - RA

Backup escrow service for secure retrieval (optional) RC AI

BaaS Monitoring We continually monitor the BaaS infrastructure elements of the Primary Backup Storage and the Secondary Backup Storage. Where a fault is identified, we will create an Incident in our Service Request System and work to resolve it immediately.

BaaS Reporting

Managed BaaS customers will be provided basic reporting on a regular basis. This reporting will generally be comprised of the following statuses:

Successful backup jobs

Failed backup jobs

Protected storage (including Total Protected storage)

Stored storage (including Total Stored storage)

Total Instance protected



Backup job status (active, unregistered or deactivated)

Storage capacity utilisation (utilised vs available)

Burst profile (% of burst allowed – need clarification)

Target backup location (Six Degrees, Azure and/or AWS)

BaaS Archive

Six Degrees provides archiving capability for data older than 7 days to reside in the public cloud to leverage cheaper storage and align with a customer’s public cloud strategy. Generally, the archiving option must only be used for infrequently used data because archived data is packaged in such a way so as to minimise storage used on the target site. Therefore, it takes significantly longer to rehydrate (e.g. ready) the data for consumption again.

DESCRIPTION SELF-BACKUP MANAGED BACKUP

Public Cloud Target N/A Azure

Default Archive From N/A 7 days (can be extended based on customer request)

Default Archive To N/A 60 days (can be extended based on customer request)

Estimated Time to rehydrate data ready for Restore

N/A 48 hours (highly dependent on data size)

Self- vs. Managed Backup Service Driven Responsibility


Data Protection Technology

Backup software and licence Six Degrees Six Degrees

Target Platform and Management

Backup infrastructure, storage and management

Six Degrees Six Degrees

Agent/Agentless Installation at Source

Install and configure backup software at source

Customer Six Degrees

Backup and Restore Connectivity

Network connectivity between source and target

Six Degrees (if procured) or Customer provided

Six Degrees (if procured) or Customer provided

Backup Administration and Process

Configuring backup schedule and retention based on customer’s policy





Initial Data Seeding and Steady-State Management

Manage and monitor backup jobs


Backup Issues

Troubleshooting backup issues and resolve in timely manner

Customer (with the help of Six Degrees)

Six Degrees

Basic Reporting

Weekly reporting on backup status Customer Six Degrees

Ad hoc Reporting

Any ad hoc reporting as required Customer

Six Degrees

(up to 2 per month)

Restore Activity

Restoring data to original source Customer

Six Degrees

(up to 2 per month)

Caveats and Limitations

*Indicates Managed Backup only

DESCRIPTION SUPPORT TYPE COMMENTS

Self-Backup Onboarding Customer

a) No onboarding fee charged. b) Customer is expected to self onboard via

step-by-step documentation provided by Six Degrees.

Managed Backup Onboarding *

Six Degrees One-time onboarding fee charged. Six Degrees will manage the customer onboarding.

Daily Backup Checks * On Failures Daily backup checks will be monitored and investigated on failed backups.

Storage Capacity Limit Alert on 80%

contracted storage

Alerts sent to customer based on stored storage. Customer is responsible to advise Six Degrees to increase storage allocation as we required. Six Degrees will not be responsible if backup failures occurs due to insufficient storage limit on target.

Restores * Only to original source

with sufficient storage space

Six Degrees will only restore to original source. Customer needs to ensure there is sufficient storage space on the original source for the restore to be performed.

Flat File Restore – Six Degrees will perform this restore on behalf of customer on request. This is assuming the specific file is part of the backup process.

Full Application Restore – Six Degrees will only support full application restore (e.g. MS SQL) for customers who



DESCRIPTION SUPPORT TYPE COMMENTS

are currently being managed by Six Degrees for the respective application.

Additional Restore(s) * Chargeable Two (2) restores per/month are provided as part of the Managed Backup. Additional restore(s) will be charged.

Managed Backup * Six Degree

Infrastructure as a Service customers

Managed Backup is currently provided to Six Degrees Infrastructure as a Service customers.

However, non-Six Degrees Infrastructure as a Service customers who are interested in having a Managed Backup service will be considered on a case-by-case basis.

Reporting * Basic – weekly

Ad hoc – on request

Basic – Six Degrees will send key metrics as part of the report to customer nominated email.

Ad hoc – Six Degrees will generate this as best effort on customer request if the data is available.

Burst Pricing Enabled by default Burst pricing forms the default offering unless customer request it to be capped on commit model contract.

Encryption Key Retrieval from BaaS Escrow

In the event that your private encryption key is lost, you can raise a Service Request with us to request the reconnection of a new Client Host installation to the BaaS platform. We will authorise the recovery of the key from within the BaaS platform. Then you will be able to reconnect to the BaaS Storage, provided you do so from the new Client Host within twelve (12) hours.

Decommissioning Process The backup data on the target environment can be decommissioned for various reasons, which are outlined below in a RACI matrix.

BAAS DECOMMISSIONING PROCESS SIX

DEGREES CUSTOMER

Inform Six Degrees of the decommissioning of the servers/data.

NOTE: Customers may still be charged if they are in-contract. CI RA

All backup agentless software/proxy and related components on the source side are deleted.

CI RA

Delete relevant data on target site (Six Degrees) via the portal.

NOTE: This process is irreversible once initiated. CI RA

All customer backup data, related components and environment are completely deleted from the target site both, primary and secondary Six Degrees data centres.

NOTE: This process is irreversible once initiated.

RA CI



Backup as a Service Requirements and Dependencies

3.1.18.1 Customer Dependencies

We provide Backup as a Service subject to the following dependencies:

DEPENDENCIES DESCRIPTION

Virtual or Physical server client host

This host needs to be provided to deploy the agentless software. It needs to be per Site and by workload types i.e. Windows vs. Linux.

e.g. If customer has Windows and Linux workloads to backup and restore, then, at a minimum, two (2) client hosts would be required, one for each type of workload.

Microsoft SQL or PostgreSQL database for client host This database is required to run the backup processing software.

Restore capability This capability will only be available after the initial seeding of the backup data is completed.

Network connectivity from source to target

This connectivity either needs to be procured from Six Degrees or provided by the Customer in the form of standard internet or dedicated connection.

NOTE: Network connectivity is only required from customer Source to Six Degrees Target (primary data centre). The replication copy from Six Degrees primary to secondary data centre will be taken care of by Six Degrees as it forms the standard offering.

Customer Project Lead and Technical contacts

Customer will designate these focal points with the appropriate level of expertise to support the successful implementation and operation of the service.

Full Scope Details

Customer will provide all information and configuration details to onboard the service.

NOTE: Six Degrees reserves the right to amend the fees and/or contract should there be any changes to customer requirement(s) from the initially agreed contract.

Additional charges for out of hours work All implementation work will be carried out during business hours. Six Degrees will invoice additional charges for work carried Out of Hours.

Customer’s 3rd party management Customer will manage any 3rd party activities during Service Implementation and Operations.

BaaS bandwidth capacity Customer will ensure there is sufficient bandwidth capacity for the data to be backed up.

Backup and restore via portal This self-service offering requires that customer’s staff have relevant technical skills to manage their backup process via this BaaS offering. Six Degrees will provide initial training courses as




part of the onboarding of the service. Any additional training required may incur charges.

BaaS Escrow

This service is to store and retrieve the encryption keys in the event the customer loses the encryption keys.

NOTE: Only the customer knows the unique encryption keys. If the encryption keys are lost they will be unable (and neither will Six Degrees) to decrypt the stored data. Customer must make their own arrangements to retain a copy of the encryption keys unless this BaaS Escrow option is taken.

BaaS Platform Upgrade

Six Degrees will continuously look to improve the BaaS architecture and platform including the 3rd party software technology used to provide the customer with the best experience possible.

Six Degrees will look to keep customer downtime to a minimum, but expect the customer to acknowledge that this is not always possible. Failure to adhere to Six Degrees’ improvements may leave customers at security and failure risk on an old platform that may no longer be supported, including 3rd party vendors.

3.1.18.2 Supported Data Sources and Resource Requirements

The list of compatible capabilities for the BaaS offering is found in the customer self-service portal: https://my.6dg.co.uk.

Please contact your account manager to retrieve a copy of these requirements if you are unable to access the link above. These additional documents should be reviewed in conjunction with this BaaS Service Description.

https://my.6dg.co.uk/



Veeam Cloud Connect Service Overview

Six Degrees Veeam Cloud Connect falls under the Backup as a Service (also known as BaaS) offering and is for customers who need to protect their physical or virtual x86 workloads to an offsite Veeam target location (i.e. Six Degrees). The platform provides every customer the ability to configure and manage their Veeam backup scheduling, retention, monitoring and encryption process to meet their business policies and demands on their Veeam server platform at their location, and to simply use Six Degrees’ Veeam Cloud Connect target for their offsite primary or secondary backup.

By simply enabling Veeam Cloud Connect from your console and pointing to the Six Degrees location, your data is safely backed up on our repository and is accessible at any time. You can run your backups directly to or copy your in-house backups to Six Degrees’ Veeam Cloud Connect repository. Our Veeam Cloud Connect offering expects and assumes that you (the customer) will maintain full Veeam administration responsibilities on your end and use the Six Degrees’ Veeam Cloud Connect repository for offsite backup and protection for your data safe haven, again, administered by you (the customer).


Primary Management Support Self-Service Backup (for all customers)

Primary Workload Support Physical and Virtual x86

Veeam Cloud Connect Recovery Target

Six Degrees Data Centre in the United Kingdom


X86 Physical

X86 Virtual

Veeam Backup and Replication

Server

Six Degrees Data Centre

Customer Backup repository

Backup Veeam Cloud Connect Server

Restore

Customer Site Six Degrees Veeam Cloud

Connect Target

Local Backup

Cloud Gateways



At a high-level, Six Degrees Veeam Cloud Connect is designed for customers who are already (or going to be) running regular Veeam backup and replication infrastructure on their premises and require an offsite Veeam repository for data protection.

Six Degrees will…

Host and ensure the availability of the Veeam Cloud Connect repository, which includes Cloud Connect platform monitoring and patching.

Assume full Veeam responsibility including scheduling, monitoring, testing and reporting of the backup data and status both at customer and Six Degrees premises.

Customer will…

Veeam Cloud Connect



Veeam Cloud Connect Service Features

This section describes the features of Backup as a Service Veeam Cloud Connect.


Cost Efficiency Leverage your existing Veeam infrastructure to get your data offsite

Secure Data Secure data transfers over SSL/TLS connection using a single port to simplify firewall configuration.

Granular Backup and Restore As supported by Veeam and configured by Customer

Support Model 24x7 local, UK-based support team for Six Degrees Veeam Cloud Connect access and connectivity issues.

Service Model Self-Backup (default for all customers)

Pricing Model Based on storage consumption at target site

System Protection Physical or Virtual x86

Workload Protection Windows or Linux

OPEX Model No capex, licence nor management outlay to build, maintain and improve offsite Veeam infrastructure

Reporting Self-Reporting: Build and produce on-demand reporting to analyse and understand the backup performance via your own Veeam Backup Replication (VBR) server.

Veeam Clound Connect Location

London and Birmingham South

Connectivity Internet only



Veeam Cloud Connect Service Options

This section describes the Veeam Cloud Connect Service Options.

VEEAM CC MODEL SET-UP FEE MONTHLY COMMIT BURST USAGE

Self-Service Commit + Cap

Model No

Yes – monthly minimum storage commit and number of Veeam instances protected.


Veeam Cloud Connect Purchase Model

3.2.3.1 Minimum commit with a cap model

Customer simply commits to a minimum quantity every month, at the rate defined per the contract. Customer will also be capped on the commit amount, hence no burstable usage will be allowed. Six Degrees will not be responsible for any backup failures due to insufficient storage and it is your (the customer’s) responsibility to request for increased capacity which will result in a new contractual fee.

Set-up Fee

Customers using Six Degrees Veeam Cloud Connect service will not incur a set-up fee by default because the onboarding is owned by the customer, using the credentials provided by Six Degrees.

Veeam Cloud Connect Product Items

3.2.5.1 Storage

Customers are charged on the “stored storage”, measured in GB, on the Six Degrees Veeam Cloud Connect platform. The stored storage on the target site will typically be smaller in size than the protected storage on the source site. This size difference is simply due to the de-duplication and compression mechanism in place via Veeam. Hence, that cost saving is passed on to customers. However, because different file types have different compression ratios, the customer needs to be aware that Six Degrees is unable to provide the exact storage that the customer will use during the Pre-Sales process. Instead, customers will need to estimate based on their Veeam usage experience and, accordingly, advise Six Degrees before procuring the service.

3.2.5.2 Six Degrees bandwidth consumption

Customers who have procured internet connectivity from Six Degrees may be charged a burst rate if above the committed bandwidth from our Network offerings. This bandwidth is highly dependent on the data transfer and restore between the source and target locations.



Veeam Cloud Connect Service Implementation

After Order Acceptance, all that you require is:

• your username, • password and • a DNS Name (IP Address of the Veeam Cloud Connect repository) that we send to you.

Simply click “Add Service Provider” and enter the credentials we have provided to you. The cloud repositories will appear in your backup infrastructure and will work like other backup repositories. They will be available even if your primary backup is lost.

Veeam Cloud Connect Ready for Service

For Veeam Cloud Connect customers, the ‘Ready for Service’ Date will be the date when Six Degrees have provided the credentials and DNS name ready for Customer to start configuring and backing up their data to Six Degrees.



Veeam Cloud Connect Service Operations

3.2.8.1 Veeam Cloud Connect Platform Administration

Six Degrees Service Operations will be initiated once Veeam Cloud Connect moves into Ready for Service. Listed below are the key activities that the customer should expect from the Six Degrees’ BaaS Veeam Cloud Connect platform administration perspective.

VEEAM CLOUD CONNECT PLATFORM ADMINISTRATION SIX DEGREES CUSTOMER Six Degrees Veeam Cloud Connect infrastructure maintenance and monitoring, including storage

RA I

Veeam Backup and Replication Software and Server maintenance, monitoring and upgrade at Customer Site

- RA

Troubleshooting and resolving Six Degrees Veeam Cloud Connect infrastructure issues at Six Degrees

RA CI

Work with 3rd party vendor and supplier for hardware, software and license issues and upgrades of Veeam Cloud Connect at Six Degrees

RA CI

3.2.8.2 Veeam Cloud Connect Monitoring

We continually monitor the Veeam Cloud Connect infrastructure elements. Where a fault is identified, we will create an Incident in our Service Request System and work to resolve it immediately.

Veeam Service Driven Responsibility

DESCRIPTION RESPONSIBILITY

Veeam Backup and Replication at Customer Site

Veeam software, server and licence Customer

Six Degrees Veeam Cloud Connect Platform

Target repository infrastructure, storage and maintenance Six Degrees

Backing up data to Six Degrees

Install and configure backup software at source to backup to target Customer

Backup Administration and Process

All activities, configuration and scheduling of backup between source and target

Customer

Initial Data Seeding and Steady State Management

Manage and monitor backup jobs Customer



DESCRIPTION RESPONSIBILITY

Backup Issues

Troubleshooting backup issues and resolve in timely manner

Customer (escalation to Six Degrees if there is a Veeam Cloud Connect availability issue)

Basic Reporting

Any reporting on backup status Customer

Restore Activity

Restoring data to original source Customer

Data Encryption

Encryption data at rest Customer

Veeam Cloud Connect Decommissioning Process

The backup data on the target environment can be decommissioned for various reasons.

BAAS VEEAM CLOUD CONNECT DECOMMISSIONING PROCESS SIX

DEGREES CUSTOMER



All backup configuration and related components on the source side are deleted.

CI RA



All customer backup data, related components and environment are completely deleted from the target site at Six Degrees data centres.

NOTE: This process is irreversible once initiated. RA CI



Disaster Recovery as a Service (DRaaS) Overview

Typically, Six Degrees’ business continuity offering falls under the Tier 2 (Disaster Recovery as a Service) and Tier 3 (Backup as a Service) category. Sections 3.2.1 thru 3.2.10 focuses on the Six Degrees Disaster Recovery as a Service offering.

Nevertheless, Six Degrees is able to offer Tier 1 (active-active) architecture using our Public Sector Cloud supporting High Availability and Geo High Availability deployments for applications that require this configuration.

DRaaS Service Overview

Six Degrees Disaster Recovery as a Service (also known as DRaaS) is for customers who need offsite protection for their virtual x86 workloads to the Six Degrees Cloud target and, at the same time, want to have full control of their DR process. This service is a hypervisor-based, storage agnostic replication that has RPO (Recovery Point Objective) with a sliding point in time (down to increments in seconds) with no impact to RTO (Recovery Time Objective).

This service could complement a customer’s existing local backup in a situation where their local systems or entire production systems are not accessible. Six Degrees provides a truly Enterprise-grade DRaaS platform with typical RTO and RPO capability between minutes and hours. It also comes with replication properties such as compression (in order to optimise data transfers between source and target) and orchestrated failover of a subset (or the entire) protected systems with boot order recovery priorities that you would expect from an enterprise offering.

By default, the Six Degrees DRaaS offering comes with built-in storage and compute resources to replicate the data and failover ATOT or ATOD as and when you need it. DRaaS is a self-service offering: the customer is in control to configure and manage their replication, failover, monitoring and reporting process to meet their business policies and demands. Customer can also use the failback feature to re-replicate the data from the Six Degrees Target back to their Source post-ATOD seamlessly. The service can be summarised in a logical diagram as shown below.

Diagram 1: DRaaS Summary

Replicated Data Failover

ATOT/D

DRaaS Server

VM 1

VM 2

VM 3

Six Degrees DC

Failback to source (post ATOD)

Customer Production Source

Cloud DRaaS Target

User 1 User 2

User 3 User 4

Customer End Users

Failover connectivity (traffic re-routed ATOD)

X86 Linux Virtual

X86 Windows

Virtual

DRaaS Software




Primary Management Support Self-service (after initial onboarding)

Primary Workload Support Virtual x86 (Windows or Linux)

Primary Recovery Targets Six Degrees Data Centre in the United Kingdom


At a high-level, Six Degrees Disaster Recovery as a Service is designed for customers who need a cloud-based DR platform with replication and compute orchestration built in, providing under 4 hours RTO and RPO in minutes, and also want to manage and retain full control of their DR process.

Six Degrees will…

Provide the DR platform and software with necessary storage and compute for replication.

Maintain the target site including overall capacity management of the DR platform.

Deploy agentless software to demo successful replication to protect one server to target platform.

Deploy remaining servers to be protected, configure and replicate source workloads to target site.

Monitor, report and manage DR activities, tests and processes, including their capacity requirements, throughout the lifecycle of the contract.

Customer will…

DRaaS (Self-Service)



DRaaS Service Features

This section describes the features of Disaster Recovery as a Service.


Ease of Deployment DR software is deployed on each Virtualisation Host. No agent is required on each Virtual Machine.

Orchestrated Failover Built-in storage and compute resource for fast failover ATOT or ATOD

Transfer Efficiency Data compression to optimise on bandwidth utilisation during replication

Service Options Resource Pool - Virtual or Resource Pool – Dedicated

Service Type Self-Service, putting customer in control of their DR process

Resiliency Compute and Storage built on High Availability architecture

Support Model 24x7 local, UK-based support team

Pricing Model Based on protected Storage and VM requirement

System Protection Virtual x86

Virtualisation Support VMware or HyperV

Workload Protection Windows or Linux based workloads

Storage Support Storage agnostic service

OPEX Model No capex, licence or management outlay to build, maintain and improve DRaaS platform

On Demand Reporting Build, produce and analyse on demand reports to understand the replication/failover performance

Retention

Default: 4 hours

Optional : 48 hours

NOTE: The longer the retention, the bigger the storage requirement which will have an impact on the price.

Replication Technology Zerto

Boot Order Recovery Supports boot order sequence to ensure applications recover in a working state

RTO Capability From 15 minutes*

NOTE: This time indication is not a SLA commitment.

RPO Capability From seconds*

NOTE: This time indication depends on bandwidth network and change rate. It is not a SLA commitment.

Uninterrupted Replication ATOT Perform ATOT process without interrupting live replication for the protected environment



DRaaS Service Options

This section describes the Disaster Recovery as a Service Options.

DR AS A SERVICE OPTIONS

MODEL SET-UP FEE MONTHLY COMMIT MONTHLY USAGE

Self-Service

Resource Pool – Virtual

Yes – basic onboarding

Optional – full onboarding

Yes – based on storage and compute commit

N/A

Resource Pool - Dedicated

Yes – basic onboarding

Optional – full onboarding

Yes – based on storage and compute commit

N/A

3.3.3.1 Purchase Model Customers can purchase DRaaS in two different ways:

3.3.3.2 Option 1: Resource Pool – Virtual infrastructure with committed Storage and Compute resources

Customer commits to storage and compute resources that will be allocated from the Six Degrees’ shared DR platform. Though shared, they are logically segregated by means of virtualisation software and logically separated volumes.

3.3.3.3 Option 2: Resource Pool - Dedicated infrastructure with committed Storage and Compute resources

Customer commits to storage and compute resources that will be dedicated to them from the Six Degrees DR platform. Compute resources are delivered using one or more blade servers that are dedicated to the customer. Storage resources are delivered to the customer from our shared storage array.

Additional Information

Customer can mix and match between Virtual and dedicated components to meet their workload performance needs:

Resource Pool – Virtual for shared Compute and Storage

Resource Pool – Dedicated for dedicated Compute and shared Storage

Six Degrees will reserve the contracted Resources (vCPU, vRAM and Storage) on the DR Target Environment. By using our Resource Admin Portal, the customer can assign and modify these Resources to VMs as required.

The vCPU Resource is allocated to VMs in units of vCPUs. The vRAM and Storage Resources are allocated to Virtual Machines in units of Gigabytes (“GiB”).



Set-up Fee

By default, both options listed above in Section 3.2.3 come with the basic onboarding effort, which is a fixed fee irrespective of the DRaaS scope. Unless stated otherwise, these tasks will be delivered remotely.

3.3.5.1 Default – Basic Onboarding Effort

Six Degrees will ensure the DRaaS platform is ready for the customer to start performing their replication activities. However, in addition to that, the basic onboarding effort will consist of the following tasks:

DRAAS SERVICE ONBOARDING SIX

DEGREES CUSTOMER

BASIC DRAAS ONBOARDING Facilitate a remote training call using the DR software and admin portal RA C

Configure and replicate data for one instance RA C

Configure VM sizing related to one replicated instance RA C

Demo failover function (this function can only be used after the initial seeding process)

RA C

3.3.5.2 Optional – Full Onboarding Effort

The Full Onboarding Effort is an optional service and can be provided upon customer request. This setup fee is highly dependent on the scope of the contract and will be based on a daily rate card.

DRAAS SERVICE ONBOARDING SIX

DEGREES CUSTOMER

FULL DRAAS ONBOARDING Facilitate a remote training call using the DR software and admin portal RA CI

Configure and replicate data for one instance RA CI

Demo failover function (this function can only be used after the initial seeding process)

RA CI

Configure and replicate data for all instances in contract RA CI

Configure VM sizing related to all instances in contract RA CI

Ensure all instances in contract complete initial seeding and synchronisation process

RA CI

Perform acceptance test, including failover test(s) RA CI

Sign-off and handover completed environment given to customer to continue performing lifecycle management.

RA CI



DRaaS Product Items

3.3.6.1 Storage and Compute Customers are charged on the data protected (measured in GiB), and the compute contracted on the target site. Any additional VMs, outside of the contractual agreement, will not be protected unless specifically requested and agreed by Six Degrees.

3.3.6.2 High Availability

Resource Pool - Virtual: All vCPU and vRAM resources are delivered on multiple blade server platforms that are able to take the loss of an entire blade, whilst maintaining our provisioning metrics.

Resource Pool - Dedicated: As standard, a resource pool – dedicated is provided without N+1 resiliency.

Storage: Delivered from an Enterprise-grade SAN with built-in high availability connected to an N+N storage fabric.

3.3.6.3 DRaaS Target Locations

Customer data can be replicated and failed over ATOT/D to the following Six Degrees data centre location(s):

• Birmingham (Resource Pool - Virtual or Dedicated) • London (Resource Pool - Virtual or Dedicated)

3.3.6.4 Connectivity Options Replication Connectivity: used to replicate data from source to target (DRaaS platform) for customer’s protected systems. ATOT/D Failover Connectivity: used for users to connect to the target environment upon failover of the protected systems. Six Degrees connectivity options to the target DRaaS platform are as follows:

I) Managed WAN II) Virtual Point-to-Point

3.3.6.5 Backup Options DRaaS is not a backup service hence it will not have any granular level restore, e.g. File or Folder, which customers would expect from a true backup service. Therefore, by default, replication retention is up to the previous four (4) hours and can be extended to the previous forty-eight (48) hours. But this DRaaS service is not designed to provide medium or long-term retention. If you desire that retention, please consider our BaaS offering outlined in this document in Section 3.1 .

3.3.6.6 Resource Admin Portal Customer will administer their target DRaaS resources using the vCloud Director or VMware vCenter GUI hosted at Six Degrees. The customer will be provided the total contracted Compute resources which they will be able to set up and allocate accordingly using a catalogue of templates.



3.3.6.7 DRaaS Software

The DR Software is integrated into your VM production environment and includes a replication feature set to manage the applications and VMs. The replication software provides:

Support for Windows and Linux applications,

Management tools to test and automate failover,

Management tools to provide grouping, templating and cloning,

Data compression,

Automated assignation of IP addressing to Virtual Machines and RPO characteristics on a per-VM basis.

When dimensioning the capacity of your VM platform, the Virtual Machines needed for DR Software need to be included.

When you create any new VMs on your production environment and then configure them on the DR Software, the changes are updated on the Target Environment in the VMware environment and, where configured to do so, the DR Software commences replication of the new VM(s).

The DR Software has a journal log which creates a set of recovery points over the previous 4 hours (by default). Any of those recovery points may be used to bring VMs back into service once the DR has been invoked. You must dimension the Replication Connectivity adequately to ensure that journal logs can be transferred to the Target Environment Resources to meet your RPO and retention objectives.

The DR Software allows for DR to be invoked either from your Site or from our Target Environment.

3.3.6.8 DR Software Administration

The DR Software is administered through the “DR Admin Portal” GUI. The key features of the DR Admin Portal are as follows:

Overall Status – General information about the site, including the status of the Virtual Protection Groups being protected or recovered to the site.

Virtual Protection Groups (VPGs) – All the VPGs from both the source and target sites are listed alongside summary details of each VPG.

Virtual Machines – A list of all protected Virtual Machines, on both source and target sites, with summary information of each Virtual Machine.

Sites – Details of the paired sites. This tab lists all the paired sites to the source site and provides summary details of each paired site.

Setup – Details about Virtual Replication Appliances (VRAs), storage and repositories.

Monitoring – Details about the alerts, events and tasks for the site.

Reports – Replication and failover recovery reports to allow for DR process analysis.

3.3.6.9 ATOD DRaaS Platform Daily Usage Fee

In ATOD mode, customer can failover and use the DRaaS platform for up to fourteen (14) days without any charges. The DRaaS platform may be used for extended time as agreed with Six Degrees and will incur daily usage fee beyond the initial free period.



DRaaS Service Implementation

After Order Acceptance, we will implement the Service as follows:


DEGREES CUSTOMER

Phase 1: DRaaS Infrastructure and Platform Set-Up Send Welcome Pack and Technical Data Capture form to Customer RA I

Complete and return Technical Data Capture form to Six Degrees I RA

Place orders for network connectivity (if Customer procured connectivity from Six Degrees) RA CI

Confirm projected Ready for Service Date with Customer (this date is usually the same as the contract commencement date)

RA CI

Provide virtual server resources at source to deploy DR software for Client Host(s) CI RA

Prepare replication storage and compute platform at target site RA I

Implement/Configure replication and failover network connectivity RA CI

Run internal acceptance tests to confirm environment is ready for customer RA I

Facilitate a training call on using the DRaaS software and admin portal including defining initial protection groups, RPOs and IP addressing schema

RA C

Deliver DRaaS licences and provide technical support RA I

Demo and test connectivity between DRaaS Client Hosts and DRaaS target platform for one protected server

RA CI

Complete high-level handover report specific to signed contract and agreed items during implementation

RA I

Initiate ‘Ready for Service’ and DRaaS Handover Pack environment to customer RA I

Exit Phase 1: Start billing customer after 48 business hours (unless issues are encountered on the platform)

RA I

Phase 2: DRaaS Configuration and Initial Seeding Install and undertake initial replication, seeding and testing for the remainder of the servers to be protected

CI RA

Configure replication and failover properties for all protected servers - RA

Provide remote technical support during installation e.g. using desktop sharing RA CI

Ensure data seeding between source and target are synchronised I RA

Perform acceptance test (including failover activity) and highlight any issues found NOTE: Issues on DRaaS software may involve working with 3rd party vendor

I RA

Work to resolve highlighted issues (may involve working with 3rd party vendor) RA CI

Exit Phase 2: Move to steady-state upon successful replication seeding and failover process

I RA

Ready for Service

The ‘Ready for Service’ Date will be the date when Six Degrees have the Disaster Recovery as a Service platform ready for Customer to configure their environment to perform DR process and operations.

DRaaS Service Operations

3.3.9.1 DRaaS Platform Administration



Six Degrees Service Operations will be initiated once DRaaS moves into Ready for Service. Listed below are the key activities that the customer should expect from the Six Degrees’ DRaaS platform administration perspective.

DRAAS PLATFORM ADMINISTRATION SIX DEGREES CUSTOMER Six Degrees DRaaS platform maintenance and monitoring, including storage

RA I

Six Degrees DRaaS Software maintenance, monitoring and upgrade RA CI

Troubleshooting and resolving DRaaS platform issues RA CI

Working with 3rd party vendor and supplier for hardware, software and license issues and upgrades

RA CI

3.3.9.2 DRaaS Monitoring

We continually monitor the DRaaS infrastructure elements and where a fault is identified, we will create an Incident in our Service Request System and work to resolve it immediately.

3.3.9.3 DRaaS Self-Service

DRAAS SELF-SERVICE SIX DEGREES CUSTOMER Configuring replication and failover policy I RA

Management of initial seeding and ongoing replication I RA

Monitoring of RPO, RTO and replication Storage utilisation I RA

Set alerts specific to customer’s DR process I RA

Respond/Resolve to alerts specific to customer’s DR process CI RA

Generating on-demand DR reports via portal - RA

Failover from available RPOs ATOT and ATOD CI RA

Support ATOD and failback (back to source post DR) RA RA

Create Requests for change for modifications/additions of VMware Virtual Machines and DR Software using Change Control

C RA

3.3.9.4 Decommissioning Process

The DR data on the target environment can be decommissioned for various reasons, as requested by the customer. Typically, this process is done at the end of a contract termination.

DRAAS DECOMMISSIONING PROCESS SIX

DEGREES CUSTOMER





DRAAS DECOMMISSIONING PROCESS SIX

DEGREES CUSTOMER

All DR agentless software/proxy and related components on the source side are deleted.

CI RA



All customer DR data, related components and environment are completely deleted from the target site and both compute and storage resources are returned to the pool.

NOTE: This process is irreversible once initiated.

RA CI

DRaaS Service Requirements and Dependencies

3.3.10.1 Customer Dependencies

We provide Disaster Recovery as a Service subject to the following dependencies:


Virtual Machine client host This compute host needs to be provided in order to deploy the agentless DR software at the source site.

VMware A VMware vCenter Server must be deployed within the source environment.

Hyper-V System Center Virtual Machine Manager must be deployed within the source environment.

RPO capability This capability will only be available after the initial seeding of the replication data is completed. It is also dependent on the network bandwidth in place.

RTO failover

The RTO is dependent on the recovery plan boot order priorities. Boot order priorities are in sequential order.

Example: Customer has 5 systems in Priority 1 and 3 systems in Priority 2. Priority 2 systems will not start the booting process until Priority 1 is complete. Therefore, the total RTO will increase in this case.

Network connectivity from source to target

This connectivity either needs to be procured from Six Degrees or provided by the Customer in the form of standard internet or dedicated connection.

NOTE: Customer should consider both replication connectivity and failover connectivity (for ATOT and ATOD).

Initial Replication (seeding) This initial seeding must be completed for the protected systems before an ATOT or ATOD failover can be initiated.

Project Lead and Technical contacts Customer will designate these focal points with the appropriate level of expertise to support the successful implementation and operation of the service.




Full Scope Details

Customer will provide all information and configuration details to onboard the service.

NOTE: Six Degrees reserves the right to amend the fees and/or contract should there be any changes to customer requirement(s) from the initially agreed contract.

Additional charges for out of hours work All implementation work will be carried out during business hours. Six Degrees will invoice additional charges for work performed Out of Hours.

Customer’s 3rd party management Customer will manage any 3rd party activities during Service Implementation and Operations.

DRaaS bandwidth capacity Customer will ensure there is sufficient bandwidth capacity for the data to be replicated and end user connectivity to failover target ATOT and ATOD.

DRaaS process via portal

This self-service offering requires the customer’s staff to have relevant technical skills to manage their DRaaS process via this DRaaS offering. Six Degrees will provide initial training courses as part of the onboarding of the service. Any additional training required will incur charges.

3.3.10.2 Supported Data Sources and Resource Requirements

The list of compatible capabilities for Windows and Linux workloads are found in the customer https://my.6dg.co.uk self-service portal.

The resource requirement for the agentless software/proxy on the client host at the source site are found in the customer https://my.6dg.co.uk self-service portal.

Please contact your account manager to retrieve a copy of these requirements if you are unable to access the links above. These additional documents should be reviewed in conjunction with the DRaaS Service Description.





SERVER OS MANAGEMENT SERVICE OVERVIEW

“Server OS Management Service” provides you with add-on managed services for virtual and physical servers hosted within Six Degrees Enterprise and Public Sector Cloud platforms. It is also available for Tier 1 public clouds.

Server OS Management Service is available in four variants:

• Unmanaged – Provides predefined monitoring

• Monitoring – Provides predefined monitoring with alerts sent to the customer

• Reactive – Provides predefined monitoring with alerts sent directly to the customer, access to the Six Degrees the Support Team for platform support

• Proactive – Provides custom monitoring and alerting with Six Degrees the Support Team proactively troubleshooting incidents and contacting the customer. Support is included for issues up to the operating system.

Server OS Management Service services can be purchased at any time as an add-on to the following Cloud Infrastructure products:

• Virtual Server – The service will be assigned to a specific Virtual Server. • Resource Pool (Multi-tenant) – You purchase a quantity of the service. These Resource Pools will be

assigned to nominated Virtual Servers and recorded within the Six Degrees CMDB. The assignment can be updated once per quarter or upon the decommissioning of a Virtual Server.

• Resource Pool (Dedicated) - You purchase a quantity of the service. These Resource Pools will be assigned to nominated Virtual Servers and recorded within the Six Degrees CMDB. The assignment can be updated once per quarter or upon the decommissioning of a Virtual Server.

• Physical Server (Dedicated) – The service will be assigned to a specific Physical Server (Dedicated). • Microsoft Azure Virtual Machine – The service will be assigned to a specific named server.

All services include customer notification; notifications will be sent to a nominated customer email address or distribution list that must be supplied as part of service implementation.



Server OS Management Service Prerequisites

The following prerequisites are required to deploy the Server OS Management Service:

• A Six Degrees monitoring probe software must be installed within the customer virtual infrastructure, • The monitoring probe software must have network access to all virtual servers that are being monitored, • A domain local user account is required to run the monitoring service, the account must have permission

to access any virtual servers that are monitored, • The monitoring service is supported on servers running a version of Microsoft Windows Server that is

supported by Microsoft, for Linux only Red Hat Enterprise Linux is supported, • The patching service only supports servers running a version of Microsoft Windows Server that is

supported by Microsoft (Either in mainstream or extended support).

Server OS Management Service Features The following is a high level overview of the functionality available within each respective variant:

UNMANAGED MONITORING REACTIVE PROACTIVE

Host Level Monitoring

Platform Infrastructure Monitoring and Replacement

Infrastructure Incident Management

24x7 Monitoring & Alerting

Reactive Support

Standard Performance Monitoring & Alerting

Proactive Support

Patch Management (OS level) Critical and Security Patches

Custom Performance Monitoring and Alerting

Predefined run book capability



Server OS Management Service Monitoring

Server OS Management Service Monitoring provides customers with the following functionality:

4.2.1.1 Standard Performance Monitoring & Alerting

Server OS Management Service Monitoring includes pre-defined monitoring and alerting capability. The monitoring set includes the following:

• Virtual Machine Status – Based on a ping response

• vCPU – Above 95% usage for 4 hours

• vRAM – Above 95% usage for 4 hours

• Network Interface Card – Above 95% usage for 4 hours

• Disk – Above 95% usage for 4 hours

All alerts generated by the monitoring system will emailed directly to an email address defined by the customer.

Customisable alerting is available with Server OS Management Service Proactive.

Server OS Management Service Reactive

Server OS Management Service Reactive provides customers with the following functionality:

4.2.2.1 Standard Performance Monitoring & Alerting

Server OS Management Service Reactive includes pre-defined monitoring and alerting capability. The monitoring set includes the following:

• vCPU – Above 95% usage for 4 hours

• vRAM – Above 95% usage for 4 hours

• Network Interface Card – Above 95% usage for 4 hours


All alerts generated by the monitoring system will be raised as P2 level incidents.

Customisable alerting is available with Server OS Management Service Proactive.

4.2.2.2 Reactive Support

In the event of an alert being received, you can contact the Support Team for assistance with troubleshooting the issue if you believe the issue is at the operating system level or with the Cloud Platform.

Server OS Management Service Proactive

Server OS Management Service Proactive provides customers with the following functionality:

4.2.3.1 Custom Performance Monitoring & Alerting

The Server OS Management Service Proactive provides customers with customisable monitoring and alerting capability with alerts sent to the Six Degrees Service Management centre and proactively investigated by technical specialists.

The monitoring set includes the following:

• vCPU – Customisable above 80% for a minimum of 30 minutes



• vRAM – Customisable above 80% for a minimum of 30 minutes

• Network Interface Card– Customisable above 80% for a minimum of 30 minutes

• Disk – Customisable above 80% for a minimum of 30 minutes

Thresholds below this level can be configured in conjunction with a statement of works.


4.2.3.2 Proactive Support

In the event of an alert being triggered, the Support Team will triage the alerts and engage a technical specialist to investigate: the technical specialist will contact you in line with our support procedures documented in the operations manual, providing ongoing updates and agreeing remedial action as required.

4.2.3.3 Patch Management (Operating System level) Critical and Security Patches

Server OS Management Service Proactive includes patching for Windows Operating System (OS) Critical and Security patches. The server patching will take place as follows:

• Monthly scan of the server to identify missing Windows Operating System Critical and Security patches on an pre-agreed date;

• Request for Change (RFC) raised with the customer to approve patch installation during a pre-agreed maintenance window;

• Patches installed during the maintenance window and customer notified upon completion.

4.2.3.4 Predefined run book capability

Server OS Management Service Proactive also includes run book capability enabling the Support Team to execute pre-agreed run books in response to pre-defined alerts.

Run books must be supplied in the Six Degrees run book template (available on request from the Support Team), once submitted the run book must be approved by the Six Degrees Support Team before it becomes live.

Run books can be updated a maximum of once a quarter per run book, any changes to a run book must be approved by the Six Degrees Support Team before they go live.

This service is limited to five (5) pre-agreed run books; for additional run books, please contact your Account Manager.



Server OS Management Service Service Implementation


SERVICE IMPLEMENTATION – SERVER OS MANAGEMENT - MONITORING US YOU

Customer to provide target email address for alerts I RA Six Degrees to deploy monitoring probe within the customers infrastructure RA I Six Degrees to configure standard monitoring and alerting for the specified virtual machine RA I Six Degrees to send test alert to the customer and confirm receipt RA CI Six Degrees to hand update the CMDB and hand the service over to BAU RA I

SERVICE IMPLEMENTATION – SERVER OS MANAGEMENT - REACTIVE US YOU

Customer to provide target email address for alerts I RA Six Degrees to deploy monitoring probe within the customers infrastructure RA I Six Degrees to configure standard monitoring and alerting for the specified virtual machine RA I Six Degrees to send test alert to the customer and confirm receipt RA CI Six Degrees to hand update the CMDB and hand the service over to BAU RA I

SERVICE IMPLEMENTATION – SERVER OS MANAGEMENT - PROACTIVE US YOU

Customer to provide target email address for alerts I RA Customer to confirm customer specific monitoring thresholds I RA Six Degrees to deploy monitoring probe within the customers infrastructure RA I Six Degrees to configure custom monitoring and alerting for the specified virtual or physical machine

RA I

Six Degrees to send test alert to the Support Team and confirm receipt RA CI Six Degrees to hand update the CMDB and hand the service over to BAU RA I

Ready for Service

The ‘Ready for Service’ Date will be the date when we mutually agree to start Server OS Management Service, or two (2) weeks after the customer is notified that the service has been deployed.



ACTIVE DIRECTORY SERVICE OVERVIEW

“Active Directory Management Service” provides you with add-on managed services for the management of Active Directory services deployed on Six Degrees’ Public Sector Cloud platform. The “Active Directory Management Service” is also available for Tier 1 public clouds.

Active Directory Management Service can be purchased at any time as an add-on to an existing infrastructure within our Public Sector Cloud platform as well as Tier 1 public clouds. A single Active Directory Management Service provides coverage for a single Active Directory forest.

All services include customer notification. Notifications will be sent to a nominated customer email address or distribution list that must be supplied when the Active Directory Management Service is implemented. Please cross-reference the Service Implementation section in this document.

Definitions

“AAD”: Azure Active Directory,

“AD”: Active Directory,

“Active Directory forest”: the highest level of organisation within Active Directory,

“AD DS”: Active Directory Domain Services,

“BAU”: Business as Usual,

“CMDB”: Configuration Management Database,

“DFSR”: Distributed File System Replication,

“DNS”: Domain Name Service,

“FRS”: File Replication Service,

“KDC”: Key Distribution Centre,

“OU Structure”: Organisational Unit Structure (in Active Directory),

“P2 Incident”: Priority 2 Incident, please cross-reference the Operations Manual for more detail about priorities for incidents for this Service,

“SSL”: Secure Sockets Layer.

Active Directory Service Prerequisites

The following prerequisites are required to deploy Active Directory Management Service:

All Domain Controllers must be covered by the Server OS Management (Proactive option) services,

A Six Degrees monitoring probe software application must be installed within the customer virtual infrastructure,

The monitoring probe software must have network access to all virtual servers that are being monitored,

A domain account is required to run the monitoring service, the account must have permission to access any virtual servers that are monitored,

The service is supported on servers running a version of Microsoft Windows Server that is covered by Microsoft’s Mainstream or Extended support,

Backup as a Service is required to provide Active Directory backups. Six Degrees Backup as a Service is offered and defined in its Service Description.



Exclusions The following items are not covered by the Active Directory Management Service:

Custom schema extensions are not supported,

Split domain DNS configurations are not supported,

Multiple Active Directory forest configuration is not supported.



Service Features The following is a high-level overview of the functionality available within the services:

ESSENTIAL ADVANCED PREMIUM

Active Directory and DNS Monitoring

Active Directory Troubleshooting

Annual Active Directory Audit

Active Directory Continuous Auditing and Assessment

Active Directory and DNS Monitoring

Active Directory Management Service includes monitoring of key Active Directory and DNS metrics. These metrics include:

ACTIVE DIRECTORY AND DNS MONITORING US YOU

Availability – Responds to a bind request in less than 5 seconds RA I Service Monitoring – Critical service failure on any Domain Controller (Services monitored include AD DS, DNS, FRS, DFSR, Windows Time, Netlogon, KDC)

RA I

DNS – DNS response in less than five seconds from any Domain Controller RA I DNS – Consistent name resolution results across all AD DNS providers RA I Replication Monitoring – No replication failures on any Domain Controller in the last twelve (12) hours

RA I

Group Policy – Group policy objects have been consistent across all Domain Controllers in the last (12) twelve hours

RA I

Backup – Successful Active Directory (System State) backups completed for seven days

RA I


Active Directory Troubleshooting

Active Directory Management Services Advanced and Premium both include full access to the Six Degrees Service Management Centre for troubleshooting Active Directory and DNS issues. Issues should be raised by the customer following the standard operational process and will be logged and passed to our technical team for investigation.

Annual Active Directory Audit

As part of Active Directory Management both Advanced and Premium services, Six Degrees will perform an annual audit of your Active Directory to highlight any concerns and provide recommendations. The audit will include the following areas:

Stale user and computer accounts

OU Structure review

High level Group Policy review

Active Directory site configuration



Active Directory link configuration

Active Directory backup and restore process

Active Directory change management process

Any recommendations arising from the audit will be documented and provided to the customer for review. In addition, we will provide an estimate for Professional Services to resolve the highlighted concerns.

Active Directory Continuous Auditing and Assessment

As part of the Active Directory Management Premium service, Six Degrees will deploy a tool to provide continuous auditing and monitoring of your Active Directory. Six Degrees will work with the customer to define agreed criteria for the audit tool including:

Frequency of Active Directory audits

Customer security policy definition

Compliance requirements

Audit trail and logging requirements

Alert configuration for customer notifications

Once deployed all alerts generated by the monitoring system will be raised as P2 level incidents and investigated in-line with our standard operational process*.

This service covers up to ten Active Directory Domain Controllers as standard, the number of domain controllers can be increased at an additional cost. Please contact your Account Manager for details. *Please cross-reference our Operations Manual for more information about our standard operational process.



Optional Services

Azure Active Directory Sync Tool In addition to the core Active Directory monitoring, Six Degrees can monitor and provide support for the Azure Active Directory (AAD) Sync Tool. This optional service includes the following:

AZURE ACTIVE DIRECTORY SYNC TOOL US YOU

Service Monitoring – Azure AD Sync Tool service is active and replicating changes RA I Replication Status – Azure AD Sync Tool replication is completing successfully with no errors

RA I

A prerequisite of this service is that the current Azure Active Directory Sync Tool deployment is operating successfully with no current errors.

Active Directory Federation Services Active Directory Federation Services (ADFS) forms a key part of a hybrid Public Cloud deployment. Six Degrees has defined a standard set of monitoring and support services associated with ADFS.

As part of supporting ADFS, Six Degrees will configure the AAD Connect Health service to provide enhanced monitoring. This service provides a wide range of ADFS alerting capability including:

ACTIVE DIRECTORY FEDERATION SERVICES US YOU

Service Monitoring – All ADFS services are started RA I Test authentication failure RA I SSL Certificate is due to expire RA I

Further details of the alerts included are available on the Microsoft website.

https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-health-alert-catalog

A prerequisite of this service is that the current Active Federation Service deployment is operating with no current errors.

Group Policy Review As an optional Professional Services engagement, Six Degrees can complete an audit of the current Group Policy deployment. Following the audit, Six Degrees Consultants will review the current configuration and highlight areas of concern or recommendations where improvements can be made. Six Degrees Professional Services will provide an estimate of the costs to rectify those areas.

https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-health-alert-catalog



Schema Upgrades Available as an optional Professional Services engagement, Six Degrees can carry out Active Directory Schema upgrades.

This engagement will be delivered through Six Degrees standard change control process* with a clearly defined statement of works covering the prerequisites required to successfully complete a Schema upgrade.

*Please cross-reference our Operations Manual for more information about our standard change control process.

Domain and Forest Functional Level Upgrades Available as an optional Professional Services engagement, Six Degrees can carry out Active Directory Domain and Forest Functional Level upgrades.

This engagement will be delivered through Six Degrees standard change control process* with a clearly defined statement of works covering the prerequisites required to successfully complete a Domain or Forest functional upgrade.

*Please cross-reference our Operations Manual for more information about our standard change control process.



Active Directory Management Service Implementation After Order Acceptance, we will implement the Service as follows:

SERVICE IMPLEMENTATION – ESSENTIAL US YOU

Customer to provide the Active Directory forest details and connection information I RA Six Degrees to configure Active Directory Monitor RA I Six Degrees to send a test alert to confirm successful configuration of monitoring RA CI Six Degrees to update the CMDB and hand the service over to customer for BAU RA I

SERVICE IMPLEMENTATION – ADVANCED US YOU

Customer to provide the Active Directory forest details and connection information I RA Six Degrees to configure Active Directory Standard RA I Six Degrees to carry out the initial Active Directory audit RA CI Six Degrees to update the CMDB and hand the service over to customer for BAU RA I

SERVICE IMPLEMENTATION – PREMIUM US YOU

Customer to provide the Active Directory forest details and connection information I RA Six Degrees to agree Active Directory auditing parameters with the customer RA CI Six Degrees to deploy enhanced monitoring tool within the customers infrastructure RA I Six Degrees to carry out the initial Active Directory audit RA CI Six Degrees to update the CMDB and hand the service over to customer for BAU RA I

Ready for Service The ‘Ready for Service’ Date will be no later than two weeks after the date when the customer is notified the Active Directory Management Service has been deployed.



SQL SERVER MANAGEMENT SERVICE OVERVIEW

SQL Server Management Service provides you with add-on managed services for Microsoft SQL Server application deployments within the Six Degrees’ Public Sector Cloud platform. It is also available for Tier 1 public clouds.

SQL Server Management Service can be purchased at any time as an add-on to a physical or virtual server deployed in our Public Sector Cloud platform as well as Tier 1 public clouds. A single SQL Server Management Service supports all Microsoft SQL Server instances deployed on a named physical or virtual server. Where log shipping, Failover Clustering or an AlwaysOn availability group is deployed, the secondary server is covered as long as it remains passive. In the event the secondary server is active, it will require its own SQL Server Management Service subscription.

All services include customer notification; notifications will be sent to a nominated customer email address or distribution list that must be supplied as part of service implementation.

Definitions • “CMDB” – Configuration Management Database • “vCPU” (or in the plural “vCPUs”): one or more virtual central processing unit(s) (CPUs) compatible with

Intel x86 instruction sets • “vRAM”: virtual random access memory used for real-time processing • “Storage”: non-volatile media for storing files, databases, applications or virtual servers • “GiB”: is defined as 1,024MiB • “TiB”: is defined as 1,024GiB

SQL Server Management Service Prerequisites

The following prerequisites are required to deploy SQL Server Management Service services:

• The physical or virtual server must have Server OS Management Service Proactive services, • A domain or local user account is required to run the monitoring service, this account must have

permission to access all servers that are monitored,

• The service is supported on Microsoft Windows servers running a version of Microsoft SQL Server that is supported by Microsoft,

An account with the appropriate permissions to access and backup Microsoft SQL Server must be provided.

SQL Server Management Service Features

SQL Server Management Service - Functionality Available The following is a high level overview of the functionality available within SQL Server Management Service:

• SQL Server availability monitoring

• SQL Server performance monitoring

• SQL Server patch management

• SQL Server event monitoring

• SQL Server database backup and recovery management

• Database Index and Statistics maintenance

• Capacity management



• SQL Server performance reviews

• 3rd Party Support

6.3.1.1 SQL Server Availability Monitoring

includes monitoring of SQL Server availability using the following metrics:

• SQL Server Service availability –SQL Ping responses from the server in the last 30 seconds

• SQL Server High availability (AlwaysOn Availability Group) – Availability Group State is Healthy

• SQL Server High availability (AlwaysOn Availability Group) – Synchronisation state is “Synchronized” for all nodes

• SQL Alert for severity 21 – Fatal Error in Database Process

• SQL Alert for severity 22 – Fatal Error Table Integrity Suspect

• SQL Alert for severity 23 – Fatal Error Database Integrity Suspect

• SQL Alert for severity 24 – Fatal Error Hardware Error

• SQL Alert for severity 25 – Fatal Error

• SQL Alert for Error 823 – Read or Write Request Failure

• SQL Alert for Error 824 – Logical Consistency I/O Error

• SQL Alert for Error 825 – Read-Retry Required

All alerts generated by the monitoring system will be raised as Priority 2 (P2) level incidents. Please refer to the Operations Manual for prioritisation of Incidents.

6.3.1.2 SQL Server Performance Monitoring

SQL Server Management Service includes monitoring of key SQL Server performance metrics to identify potential performance related issues. These metrics include:

• Physical Disk – Average disk sec/Read above 20ms for 60 seconds

• Physical Disk – Average Disk sec/write above 20ms for 60 seconds

• System\Processor Queue length above 2 for 60 seconds

• Processor(_Total)\% Processor Time above 80% for 60 seconds

• Network interface\Bytes total/sec – lower than 60% of sustainable bandwidth of the network

• SQL Server Buffer Manager – Buffer Cache hit ratio less than 90%

All alerts generated by the monitoring system will be raised as Priority 2 (P2) level incidents.

The following items are configured with monitoring for use during troubleshooting. Please note that these monitors do not raise incidents.

• Disk activity – Current Disk Queue Length above 2 for 60 seconds’ duration

• Paging File(_Total)\%Usage

• Memory – average Pages/sec is below fifty



• SQL Server Buffer Manager – Page reads/sec and page writes/sec above an agreed baseline

• SQL Server Memory Manager – Target Server Memory equals or is less than Total Server Memory

6.3.1.3 SQL Server Patch Management

SQL Server Management Service includes patch management of Microsoft SQL Server. Six Degrees will work with the customer to assess security and product patches as they are released in order to confirm the applicability to the customer’s environment.

SQL Server patch management includes security and critical patches, this service does not includes SQL Server Version or Edition upgrades.

For patches, as they are identified as required, patching is carried out using the following process:

• Agreed list of patches to deployed is signed off by the customer

• All patches are identified patches are tested within the customers development environment prior to production deployment

• Request for Change (RFC) raised internally to approve patch installation during a pre-agreed maintenance window

• Patches installed during the maintenance window


6.3.1.4 SQL Server Event Monitoring

SQL Server Management Service includes pre-defined monitoring and alerting capability. The monitoring set includes the following:

• SQL Server Service availability –SQL Ping responses from server in the last 30 seconds

• SQL Server High availability (AlwaysOn Availability Group) – Availability Group State is Healthy

• SQL Server High availability (AlwaysOn Availability Group) – Synchronisation state is “Synchronized” for all nodes

• SQL Alert for Error 823 – Read or Write Request Failure

• SQL Alert for Error 824 – Logical Consistency I/O Error

• SQL Alert for Error 825 – Read-Retry Required

All of the above alerts generated by the monitoring system will be raised as Priority 2 (P2) level incidents.

In addition to the above alerts, the following alerts are also monitored and will be raised as Priority 1 (P1) incidents:

• SQL Alert for severity 21 – Fatal Error in Database Process

• SQL Alert for severity 22 – Fatal Error Table Integrity Suspect

• SQL Alert for severity 23 – Fatal Error Database Integrity Suspect

• SQL Alert for severity 24 – Fatal Error Hardware Error

• SQL Alert for severity 25 – Fatal Error



6.3.1.5 SQL Server Database Backup and Recovery Management

As part of SQL Server Management Service, Six Degrees will implement, monitor and manage an agreed backup schedule for named databases per physical or virtual server. Please note this service requires that the customer takes the Six Degrees BaaS service to provide backup storage, please refer to the Backup as a Service (BaaS) Service Description.

The standard backup schedule is as follows:

1. Hourly transaction log backups retained for seven days

2. Daily full database backups retained for fourteen days

3. Weekly full database backups retained for two months

4. Monthly full database backups retained for one year

Six Degrees will monitor the backups and troubleshoot any backup failures. In addition to monitoring the backups, Six Degrees will provide restore management. Requests to restore a specific database can be made through the customer’s standard Service Request process.

If a customer requires a custom backup schedule, Six Degrees will document and implement this schedule during the configuration of the SQL Server Management Service.

6.3.1.6 Database Index and Statistics maintenance

SQL Server Management Service includes Database maintenance, Index maintenance and Statistics maintenance to optimise database and query performance.

The standard maintenance tasks are as follows:

5. Daily Database integrity check for database corruption

6. Weekly Index maintenance - Rebuild or reorganise index dependent on the level of index fragmentation

7. Weekly statistics update for top query optimiser performance

The above tasks can be adjusted according to the customer’s requirements.

6.3.1.7 Capacity Management

As part of the SQL Server Management Service, Six Degrees will monitor key capacity elements of the customers SQL Server deployment which includes the following:

• Storage (per logic volume) – Customisable alerting above 80% for a minimum of 30 minutes

• Database growth trend -- to baseline and forecast database growth and adjust capacity accordingly

Thresholds below this level can be configured in conjunction with a statement of works (SoW).

All alerts generated by the monitoring system will be raised as Priority 2 (P2) level incidents.

6.3.1.8 SQL Server Performance Reviews

Included within the SQL Server Management Service are quarterly performance reviews of your SQL Server deployment. Utilising a range of tools, Six Degrees will review the performance and configuration of your SQL Server deployment and provide recommendations for any configuration of resource changes to optimise performance.



6.3.1.9 3rd Party Support As part of the SQL Server Management Service, Six Degrees will work with 3rd parties to assist with the troubleshooting and support of applications hosted on the named SQL Server. The support and troubleshooting service is limited to the diagnosis of issues relating to Microsoft SQL Server.

SQL Server Management Service Implementation After Order Acceptance, we will implement the Service as follows:

SERVICE IMPLEMENTATION – SQL SERVER MANAGEMENT SERVICE US YOU

Customer to provide the named Microsoft SQL Server instances for Six Degrees to monitor

I RA

Six Degrees to deploy monitoring probe within the customers infrastructure RA I Six Degrees to configure SQL Server Management Service monitoring and backups RA I Six Degrees to carry out the initial SQL Server performance review RA CI Six Degrees to hand update the CMDB and hand the service over to BAU RA I

Ready for Service The ‘Ready for Service’ Date will be no later than two (2) weeks after the date that the customer is notified the SQL Server Management Service has been deployed.



CLOUD FIREWALL SERVICE OVERVIEW

Within the Six Degrees’ Cloud portfolio we provide a range of firewall services, these include the following:

• Unmanaged Essential Virtual firewall: NSX Edge based appliance. • Fully managed Virtual Firewall Advanced: a single vendor virtual firewall. • Fully managed Virtual Firewall Premium: a multi-vendor virtual firewall solution. This item is an add-on to

the Fully managed Virtual Firewall Advanced offering.

Cloud Firewall Service Features The following is a high level overview of the functionality available within each respective variant of Six Degrees’ Cloud Firewall:

FEATURE ESSENTIAL ADVANCED PREMIUM

Stateful Inspection firewall

NAT

Site-Site IPSEC VPN

Single site high availability

App-ID

Threat Intelligence

URL Filtering

Remote Access VPN

Multi-vendor firewall protection

High Availability

Managed

Unmanaged

Cloud Firewall Service Description

Essential Virtual Firewall

The Essential Virtual Firewall (a NSX Edge based appliance) is available in a range of sizes and is provided as an unmanaged appliance. Each supports differing capacities of load, these sizes are as follows:

APPLIANCE SIZE FW PERFORMANCE

IPSEC TUNNELS

TOTAL ROUTES

Compact 3Gbps 512 20,000

Large 9.7Gbps 1,600 50,000

Quad Large 9.7Gbps 4,096 250,000

X-Large 9.7Gbps 6,000 250,000



The core features supported by this device include:

• NAT • DHCP • Site to Site VPN • SSL VPN • Layer 4/7 Load Balancing • High Availability (Single site) • Dynamic Routing • Unmanaged

The Essential Virtual Firewall can be managed through the vCloud Director Web interface or API for all configuration changes.


The High Availability feature offered with the Essential (or unmanaged) firewall consists of two appliances deployed within the same platform, an affinity rule is created to ensure the appliance remains on separate hosts within the cluster.

The two appliances will be configured as a cluster. In the event that the primary host is unavailable for 15 seconds, the NSX Edge service will failover to the second appliance.

Virtual Firewall Advanced

The ‘Virtual Firewall Advanced’ appliance is available in a range of sizes. Each supports differing capacities of load, these sizes are as follows:

APPLIANCE SIZE FW PERFORMANCE

IPSEC TUNNELS

TOTAL ROUTES

Small 200Mbps 250 5,000

Medium 2Gbps 1,000 5,000

Large 4Gbps 2,000 20,000

X-Large 8Gbps 4,000 64,000

The core features supported by this device include:

• NAT • DHCP • Site to Site VPN • SSL VPN • Threat Intelligence • URL Filtering • Remote Access VPN • High Availability (Single site) • Syslog • App-ID • Dynamic Routing



• Managed

7.2.2.1 Threat Intelligence

The Threat Intelligence subscription adds integrated protection against network-borne threats (including exploits, malware, command and control traffic, and a variety of hacking tools) through IPS functionality and stream-based blocking of millions of known malware samples.

The Threat Intelligence subscription is a key component of a closed-loop prevention approach, receiving protection updates from a global threat intelligence platform in as little as every 15 minutes.

This service is deployed and provided for the Customer to monitor security alerts and events as standard. Utilising an optional service available within our Security portfolio, Six Degrees can provide security, event monitoring and analysis capabilities.

7.2.2.2 URL Filtering

URL Filtering provides you with granular, user-based controls over Web activity through URL categories and customizable white and black-lists, as well as protection from Web-borne threats through malicious categories like “malware” and “phishing.”

The URL Filtering subscription utilizes an Internet-based URL database that automatically categorizes unknown URLs, providing you with the latest URL groupings based on current Web page content. The definitions are updated automatically every 30 minutes, which means you’re always protected against malicious, high-risk and unwanted websites.

7.2.2.3 Remote Access VPN

Remote Access VPN extends the protection of a firewall to endpoints both inside and outside a corporate network, delivering consistent security to users in all locations.

Mobile devices can use Remote Access VPN apps for iOS and Android to connect to the corporate firewall. You can apply the state of the endpoint device as part of the context for security policy using the Host Information Profile (HIP). Remote Access security subscriptions can also be deployed internally to protect local and wireless networks users.

This service would be deployed in conjunction with a Six Degrees Professional Services engagement to design and implement the requirement protection policies.


The ‘Virtual Firewall Advanced’ supports an active/passive high availability configuration. This configuration consists of two appliances deployed as a cluster within a single cloud platform. Once deployed the devices will be configured with High Availability, there are a number of pre-requisites for High Availability, including:

• An additional /30 link net subnet • One interface from each appliance is used for cluster communications



Virtual Firewall Premium

The ‘Virtual Firewall Premium’ contains the full functionality of the ‘Virtual Firewall Advanced’ with the addition of a second layer of protection from an alternative vendor virtual firewall.

The second firewall will be sized in-line with the sizing guidelines for the ‘Virtual Firewall Advanced’ and is intended to provide perimeter-based stateful firewalling.

Six Degrees’ Cloud Firewall Service Operation

Firewall Deployment and Configuration

7.3.1.1 NSX Virtual Firewall

For NSX Virtual Firewalls, Six Degrees will provision the firewall appliance with a default configuration consisting of the following:

• WAN Interface configured with the 1st useable public IP address • DMZ Interface configured with the 1st useable DMZ subnet IP address • LAN interface configured with the 1st useable LAN subnet IP address • All incoming traffic blocked • Traffic allowed to the management interface from the LAN subnet

Virtual Firewall Advanced & Premium

For the Virtual Firewall Advanced & Premium, Six Degrees will deploy the firewalls based on the agreed initial deployment configuration defined during the post-sale engagement.

This configuration would typically include, but is not limited to, the following:

• WAN Interface configured with a public IP address • DMZ Interface configured with the 1st useable DMZ subnet IP address • LAN interface configured with the 1st useable LAN subnet IP address • Traffic allowed to the management interface from the LAN subnet • NAT rules configured as agreed in the initial deployment configuration • Firewall policies configured as agreed in the initial deployment configuration

Once the initial deployment configuration has been completed, the Customer will sign off the initial deployment. Any future configuration changes will follow the standard change management or Request for Change (RFC) process as defined in the Operations Manual.

Firewall Management

7.3.3.1 Essential Virtual Firewall

In the ‘Essential Virtual Firewall’, NSX Virtual Firewall appliances are fully managed by the Customer. Changes to the configuration can be made through the vCloud Director interface or API.



In the event the device becomes unavailable following a configuration change, the Customer can raise a service ticket to request that the issue is investigated by our Support Team. Please refer to the Operations Manual for more information.

7.3.3.2 Virtual Firewall Advanced & Premium

The Virtual Firewall Advanced & Premium are fully managed devices; therefore, the Customer does not have access to manage or configure these devices.

Upon request, the Customer can be granted Read Only access to the web interface of the firewall in order to view the current configuration or any logging information.

Configuration changes to the firewall should be raised as Service Requests following the standard operational procedures – please refer to the Operations Manual. Configuration changes are limited to five (5) changes per month following signoff of the initial configuration. All firewall configuration changes will follow the Six Degrees change management process and must be submitted by an authorised contact.

The following list of bullet point items defines which items are considered to be one change:

• Adding, deleting, or modifying up to three (3) individual Network Address Translations (NAT) (incoming, outgoing and loop-back) including object creation

• Adding, deleting, or modifying up to two access control list changes (such as permit or deny changes) Including the creation of up to six policy objects creation (Hosts, Groups, Networks, Ranges and Service objects)

• Adding, deleting, or modifying up to two individual network routes within the firewall • Adding, deleted or modifying URL’s for URL filtering

Standard changes may be comprised of one or more of the above bullet points. Any change request that is not specifically listed above would only be completed Six Degrees on a time and material basis.

Firewall Monitoring

7.3.4.1 Essential Virtual Firewall

In the ‘Essential Virtual Firewall’, NSX Edge Firewall appliances are not monitored for device availability by Six Degrees. In the event the device becomes unavailable, the Customer can raise a service ticket to request that the issue is investigated by our Support Team.

7.3.4.2 Virtual Firewall Advanced & Premium

The Virtual Firewall Advanced & Premium firewalls are monitored for the following triggers:

• Device Availability – No response to ping request for five (5) minutes

• Virtual CPU – Above 95% usage for four (4) hours

• Virtual RAM – Above 95% usage for four (4) hours

• Network Interface Card – Above 95% usage for four (4) hours


All alerts generated by the monitoring system will be raised as Priority 2 (P2) level incidents. Please refer to the Operations Manual for the Prioritisation of Incidents.



Software and Patch Management

Six Degrees provides ongoing maintenance and management of the appliance. Patching of the firewall appliances will be carried out in line with our platform patching policy that is available in your http://my.6dg.co.uk portal.

All patching is carried out according to the following process:

• Scan of the device to identify missing Critical and Security patches

• All patches are identified patches that are tested within our lab environment prior to production deployment

• A Request for Change (RFC) is raised internally - to approve patch installation during a pre-agreed maintenance window

• Patches are installed during the maintenance window


Edition/Capacity Upgrades

Where a customer wishes to upgrade to a higher capacity firewall appliance, this request should be raised with the customer’s Account Manager as a new order. Six Degrees will then work with the customer to schedule the firewall appliance upgrade at an appropriate time.

Managed WAN/MPLS Termination

The virtual firewalls listed in the document are intended as gateway appliances for cloud infrastructure. For connectivity to a Managed WAN/MPLS network, customers must purchase a Virtual Point to Point (a.k.a. Layer 2 VPN) port. Please refer to the Virtual Point to Point Service Description for more information.

For solutions requiring centralised Internet breakout, the Customer must purchase a firewall from the Six Degrees “Connectivity” portfolio. Please refer to the Next Generation Firewall (NGFW) Service Description for more information.

Logging

Six Degrees will maintain the following logs for our Cloud Firewalls:

ITEM PLATFORM RETENTION

All Logs Enterprise Cloud Thirty (30) Days

All Logs Public Sector Cloud Three (3) Years

All Logs Public Cloud Thirty (30) Days

http://my.6dg.co.uk/



Cloud Firewall Service Implementation


Virtual Firewall Essential

SERVICE IMPLEMENTATION – VIRTUAL FIREWALL ESSENTIAL (E.G. UNMANAGED FIREWALL) US YOU

Customer to confirm WAN, DMZ and LAN IP address ranges I RA

Six Degrees to deploy the appliance within the Customer virtual network RA I

Six Degrees to configure the appliance in line with the defined default configuration RA I

Six Degrees to confirm sending the Customer access details for the configured appliance and confirm the Customer is able to connect

RA CI

Six Degrees to update the CMDB and hand the service over to BAU RA I

Virtual Firewall Advanced or Premium

SERVICE IMPLEMENTATION – VIRTUAL FIREWALL ADVANCED & PREMIUM US YOU

Customer to confirm sign off initial deployment configuration I RA

Six Degrees to deploy the virtual firewall solution within the Customer virtual network RA I

Six Degrees to configure the appliance in line with the defined initial deployment configuration RA I

Six Degrees to confirm the configuration matches the requirements and obtain signoff from the Customer

RA CI

Six Degrees to update the CMDB and hand the service over to BAU RA I

Ready for Service Please note: the ‘Ready for Service’ Date is defined as a maximum of two (2) weeks from the point at which the customer is notified that the firewall is “Ready for Service”.



OFFICE 365 MANAGEMENT SERVICE OVERVIEW

Microsoft Office 365 is a Software as a Service (SaaS) Platform that enables companies to host their email, collaboration tools and file storage in a cloud environment. The suite’s cloud-based applications provide a modern workplace environment to increase productivity and enhance collaboration. It encompasses a wide range of services including hosted mailboxes, desktop business applications (Word, Excel, Powerpoint), integrated solutions for enterprise collaboration (shared calendars, instant messaging, video conferencing) and secure file sharing.

Six Degrees Managed Office 365 Service has an affordable subscription, offering a variety of plans to meet the bespoke needs of each customer. The service offered by Six Degrees encapsulates the:

• scoping, • delivery/migration, • management and • support

of your Office 365 deployment, without any upfront infrastructure investment.

Managing Office 365 can often require advanced knowledge, expertise and dedicated IT resources. By utilising the skillset and experience held by Six Degrees, you can modernise your workplace easily and seamlessly.

As a Microsoft Gold partner with hundreds of deployments across numerous sectors, Six Degrees can provide the full breadth of service: to provision, configure, support and bill your Office 365 subscription.

From our initial consultancy and advisory work to understand your estate, business needs and objectives, through to our day-to-day management, administration and support services, Six Degrees allows you to focus resources to get the most out of your Office 365 subscription ensuring a smooth support environment tiered to your specific requirements.

Six Degrees’ gives you complete control for your transition to the cloud, allowing you to tailor the service to your needs and strategic objectives.

Office 365 Management Service Features This section describes the features of Microsoft Office 365’s applications and services in the various plans that Microsoft offers. The service is provided and hosted by Microsoft, whereas this document outlines the managed service associated with Microsoft Office 365 that Six Degrees provides (Office 365 Management Service). For details around Office 365 functionality, features or Service Level Agreements please refer to Microsoft’s online Service Description:

https://technet.microsoft.com/en-us/library/office-365-service-descriptions.aspx

NAME DESCRIPTION

Office Applications: • Access • Excel • OneNote • Outlook • PowerPoint • Publisher • Word

• Microsoft Access is a database management solution for Windows operating systems.

• Microsoft Excel is a spreadsheet program that features calculation, graphic tools, pivot tables, and macro programming language support for Windows and Mac operating systems.

• Microsoft OneNote is a free-form note-taking program for Windows operating systems.

• Microsoft Outlook is an email program for Windows and Mac operating systems.

https://technet.microsoft.com/en-us/library/office-365-service-descriptions.aspx



NAME DESCRIPTION • Microsoft PowerPoint is a presentation program for Windows and Mac

operating systems.

• Microsoft Publisher is a desktop publishing program for Windows operating systems.

• Microsoft Word is a full-featured word processing program for Windows and Mac operating systems.

Exchange

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. Exchange Server is licensed both in the forms of on-premises software and software as a service. In the on-premises form, customers purchase client access licenses (CALs). In the software as a service form (Exchange Online), Microsoft receives a monthly service fee instead. Exchange online is hosted in the cloud and allows users to access email, calendars, contacts and tasks from anywhere and on most mobile devices including tablets and desktop devices.

OneDrive

OneDrive is a file hosting service operated by Microsoft as part of its suite of Office Online services. It allows users to store files as well as having them synched which makes working on the same document an easy activity without having to worry about multiple versions and access issues. Files can be synched to a PC and accessed from a web browser or a mobile device, as well as shared publicly or with specific people.

SharePoint

SharePoint is a web-based, collaborative platform that integrates with Microsoft Office. Launched in 2001, SharePoint is primarily sold as a document management and storage system, but the product is highly configurable and usage varies substantially between organisations.

Skype for Business

Skype for Business is an instant messaging and presence client used with Skype for Business Server or with Skype for Business Online (available with Microsoft Office 365). Skype for Business, a unified communications platform, integrates business communication channels such as Instant messaging, voice over IP (VoIP), Voicemail, file transfer, web conferencing, video conferencing and email. Note: Microsoft has shifted from Skype for Business (SfB) in favour of Microsoft Teams - Six Degrees will continue to provide support for SfB installations in line with Microsoft’s support for the remainder of the SfB product lifecycle.

Microsoft Teams

Microsoft Teams is a platform that combines workplace chat, meetings, notes, and attachments. The service integrates with the company's Office 365 subscription office productivity suite, including Microsoft Office and Skype, and features extensions that can integrate with non-Microsoft products. Teams allow communities, groups, or teams to join through a specific URL or invitation sent by a team administrator or owner. Within a team, members can set up channels. Channels are topics of conversation that allow team members to communicate without the use of email or group SMS (texting). Teams allows for Calling, Instant messaging, Voice over IP (VoIP), Video conferencing inside the client software.

Yammer

Yammer is the enterprise social network that helps you and your team collaborate openly and stay on top of it all. With Yammer, you can connect to the right people in your organisation, share and search for information across teams and organise around projects and ideas so you can do more.

Power BI Power BI is a business analytics service provided by Microsoft. It provides interactive visualizations with self-service business intelligence (BI) capabilities, where



NAME DESCRIPTION end-users can create reports and dashboards by themselves, without having to depend on information technology staff or database administrators.

Office 365 also has a range of additional applications: Project, Visio, Dynamics.

Feature availability

EXCHANGE

ONLINE PLAN 1

EXCHANGE ONLINE PLAN 2

OFFICE 365

BUSINESS PREMIUM

OFFICE 365

PROPLUS

OFFICE 365 ENTERPRISE

E1


E3


E5

Email with 50GB Mailbox HD Video Conferencing Fully Installed Office PC/Mac Office apps on tablets and phones

Unlimited email storage Advanced email with archiving

Hosted voicemail support

PSTN Conferencing Cloud based call management

Power BI Pro analytics Advanced Threat Protection

Customer Lockbox

SharePoint OneDrive



EXCHANGE

ONLINE PLAN 1

EXCHANGE ONLINE PLAN 2

OFFICE 365

BUSINESS PREMIUM

OFFICE 365

PROPLUS


E1


E3


E5

Skype for Business Office Applications Microsoft Teams

Yammer Power BI Azure Information Protection

Bundle features are valid as of 27/09/2018, some functionality may require additional product-specific add-ons and/or usage changes.

Office 365 Management Service

Six Degrees Office 365 Management Service includes the creation of your tenant provision the subscription with the number of licences purchased. In the case of a pre-existing tenant, Six Degrees will set up the reseller relationship and will create the initial admin accounts. Six Degrees will provision the subscription with the number of licences purchased.

8.1.2.1 Partner of Record/Delegated Administration Partner

Six Degrees are empowered by Microsoft to act as a Partner of record and/or Delegated Administration Partner for our customers. When appointed, Six Degrees becomes responsible for all core, standard day-to-day management of your Office 365 deployment: Six Degrees becomes the single point of contact for all of your Office 365 needs. Six Degrees will also provide/become the single point of billing for your Office 365 tenancy.

8.1.2.2 Support

As part of the Office 365 Management Service, Six Degrees will provide basic support for your IT team. This support does not extend to end-user support. All Office 365 related support tickets raised by your IT team will be investigated in normal business hours (refer to the Operations Manual as mentioned in Section 1.1). Where resolution cannot be found for complex issues, Six Degrees will escalate to Microsoft.

8.1.2.3 Core Management

As part of the Office 365 Management Service, Six Degrees will offer management to:



• provide a single point of billing for Office 365 services,

• create the tenancy with Microsoft

• add/remove/amend subscriptions as per the Customer’s request(s).

Office 365 Management Service Options (add-ons)

Six Degrees gives you complete control with the Office 365 Management Service options. These options are separate components which can be combined to provide you with the level of service best suited to your requirements.

8.1.3.1 Readiness

READINESS

Description

Six Degrees’ Readiness Assessment provides a clinical assessment of your existing estate and its suitability in order to transition to the cloud.

• Highlights the gaps and issues that would prove to be problematic during any migration to Microsoft’s Office 365 Cloud.

• Six Degrees’ trained professional services consultants will deploy industry best practice tools to assess and will then interpret the results.

Details Further details can be found in the Office 365 Readiness & Migration service description.

8.1.3.2 Migration

OPTIONS MIGRATION & INTEGRATION SERVICES

Description Deploying a fully functioning Office 365 deployment can be complex. Six Degrees’ migration services relieves your organisation of the intricacies of migrating email mailboxes across to a cloud-based infrastructure. Six Degrees will work alongside you to plan and migrate your users.

Details Further details can be found in the Office 365 Readiness & Migration service description.

8.1.3.3 Support & Management

OPTIONS OFFICE 365 SUPPORT

Description

Microsoft do not provide 1st line support and, with every business-critical application, there is a need to have a skilled support structure in place to resolve technical issues as quickly and efficiently as possible. Six Degrees’ Support offering gives you peace of mind knowing that ITIL- trained support engineers are available 24x7 and are designated to ensure a smooth and efficient resolution of issues. Where issues cannot be resolved, Six Degrees’ close partnership with Microsoft gives you access to accelerated triaging and escalation to Microsoft.



OPTIONS OFFICE 365 SUPPORT

Details Further details can be found in the Office 365 Support and Management service description.

Product Items

Microsoft licences offer a large range of features and functionality, not all functions and features are supported to be delivered as part of the delivery. Please refer to the table below for functionality that will require a separate engagement to activate / deploy.

CORE BESPOKE Mailbox (Exchange online) SharePoint online

Office Suite (Word, Excel, PowerPoint, Outlook, OneNote,

Publisher, Access)

Teams

(including PSTN breakout)

Yammer

Power BI Pro

OneDrive for Business

• Business Subscriptions have a 300 user limit and are ineligible for the Qualified Multi-Tenant Hoster

(QMTH) program. o Six Degrees will not be able to deploy these Office suite licences on an RDS (Remote Desktop

Server) farm that we host.

• Enterprise Subscriptions have unlimited users and are Eligible for the Qualified Multi-Tenant Hoster (QMTH) program.

o Six Degrees are able to deploy these Office suite licences on an RDS (Remote Desktop Server) farm that we host.

Office 365 Management Service Implementation

Ready for Service

The ‘Ready for Service’ Date will be the date when we mutually agree to start Office 365.

Office 365 Management Service Operations

Our Support Team

We provide a 24 hours per day, 7 days per week, year-round support service delivered by UK-based, in-house support engineers. If you need our support, you must raise an Incident or a Service Request via telephone, email or the portal. The time-stamping in our Service Request system defines when we consider an Incident or Service Request to have started and finished; this definition is what is used in relation to Service Levels.



Office 365 Management Service Billing

Office 365 Management Service will be billed as a monthly subscription as described in the MSA (Master Services Agreement), using the definition of the Ready for Service Date in Section 10.2.1 Ready for Service of this Service Description.

Subscriptions and Cancellations

Six Degrees’ Office 365 Management Service includes:

• the creation of your tenant, • provisioning the subscription and • the number of licences per user that you order.

Six Degrees can adjust the set-up of the reseller relationship if there is a pre-existing tenant. You can have multiple subscriptions in a single tenant. Six Degrees can provide advice on the most appropriate Office 365 subscription type for your requirements. Subscription pricing is fixed for twelve (12) months and reviewed in-line with the market rate annually. Cancellations of service requires the Customer to give Six Degrees thirty (30) days’ notice. Six Degrees would need a cancellation letter sent to our customer cancellation team, in line with our payment and billing guide.

Moving to Six Degrees for Existing Office 365 customers In order to switch from a third party provider or direct from Microsoft to Six Degrees and benefit from our Managed Service offering (the Office 365 Management Service), the following steps must be performed:

• Six Degrees performs the “Request a Reseller Relationship” from within the Microsoft Partner Centre. • The customer accepts the Six Degrees invite via an email link or within their Office Admin Centre (OAC).

o Customers may only accept the relationship if they are an Office 365 global admin and are not an existing syndication or CSP customer.

• Six Degrees will then add the new Office 365 subscription(s) to the customer account from within the Microsoft Partner Centre once the transfer is complete.

• Existing user accounts are re-associated with the new Office 365 subscription(s). • The Customer should then request that the previous subscriptions be closed and terminated via a phone

call to Microsoft support or within the Office Admin Centre on the subscriptions tab. • During the transfer, the Customer will not see an interruption in service. Direct subscription customers

may receive emails stating that their subscription(s) have expired and that data will be lost. These emails can be ignored because the user accounts are now tied to active subscriptions associated with Six Degrees. But please contact us if you have any concerns.

Office 365 Management Service Levels The service level is determined by Microsoft who guarantee a 99.9% service availability for Office 365. Office 365 is hosted and maintained by Microsoft, details of the service availability and service credits can be downloaded directly from Microsoft.

http://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=37




MICROSOFT AZURE SERVICES

Six Degrees Microsoft Azure service supports a subset of the Microsoft Azure portfolio, for full details of the products please see the information available at this web page: https://azure.microsoft.com/en-gb/services/

The following sections detail the individual portfolio components currently supported by Six Degrees.

Compute

Within the Compute portfolio, Six Degrees provides services based around the following components:

• Virtual Machines • Virtual Machine Scale Sets • Azure Container Service (AKS) • Container Instances

Network

Within the Network portfolio Six Degrees provides services based around the following components:

• Virtual Network • Load Balancer • Application Gateway • VPN Gateway • Azure DNS • Traffic Manager • ExpressRoute • Azure DDoS Protection

Storage

Within the Storage portfolio Six Degrees provides services based around the following components:

• Blob Storage • Archive Storage • Queue Storage • File Storage • Disk Storage • Backup • Site Recovery

https://azure.microsoft.com/en-gb/services/



Microsoft Azure Operations

Azure Portal Access

Six Degrees will provision subscriptions for Microsoft Azure customers as new tenants within our Cloud Solution Provider portal. Customers will be provided with full access to their individual tenant portal enabling a customer to view all deployed resources and modify or updated as required.

For resources that Six Degrees manages the customer must follow the agreed Request For Change process if any changes are required. Changes made outside of this process may disrupt the managed service that Six Degrees is providing.

Any resources a customer deploys within their tenant portal will be billed as usage in arrears.

Azure Service Implementation

The Six Degrees Service Implementation Team will handle the delivery of Microsoft Azure Services.

If you have selected the deployment of standard network, compute and storage services, we will provision a tenant portal and deploy the requested services in line with the agreed specification. Once complete, Six Degrees will provide the customer with Microsoft Azure portal login details to access the deployed services.

If our professional services team has been engaged, and, once the standard products have been deployed, the professional services team will engage with the customer to complete the remaining consultancy in line with the Statement of Work approved during the sales process. Once complete, the customer will be provided with Microsoft Azure portal login details.

Six Degrees Migration and Professional Services

The Six Degrees Professional Services team provides a range of services to assists business with their migration to public cloud services. These include cloud readiness assessments, Microsoft Azure architecture and design guidance as well as complete end-to-end migration services.

As well as a number of packaged solutions, Six Degrees can build custom solutions for customers to match your business requirements.

Six Degrees Server OS Management Service

If a customer has purchased Six Degrees Server OS Management services, these must be allocated to named services. For services where a resource pool has been purchased, the customer must supply the named instances that they wish to allocate the server management services to in order to activate the service.

Once allocated, a Server OS Management Service can be reallocated to a new virtual server once a quarter or when the currently allocated server is decommissioned.

For full details of the services and functionality available, please see the Six Degrees Server OS Management Service service description.



Managed Antivirus

Six Degrees optional Managed Antivirus can be purchased with any virtual server. A prerequisite for taking the Managed Antivirus service is that the virtual server must already be covered by Six Degrees Server OS Management Service.

If purchased, Six Degrees will provision a dedicated web portal for the customer to access and manage the deployment of the Antivirus software.

It is the customer’s responsibility to ensure the software has been deployed to all virtual servers, Six Degrees monitors any active servers within the Managed Antivirus platform. In the event an infection is identified, a P2 incident will be raised within ServiceNow and the issue will be investigated.

For full details of the services and functionality available, please contact the Six Degrees Support Team or your Account Manager.

Data Migration and Implementation Six Degrees has a wide range of migration, implementation and other professional services available beyond a standard Public Sector Cloud build. These services integrate closely with our Public Cloud platform to provide a seamless customer experience from the provision of virtual machines to the migration of data or services into the Public Cloud.



AMAZON WEB SERVICES

Overview

Amazon Web Services (AWS) provide a range of compute, storage and related services that allow you to dynamically provision infrastructure in the cloud. The services are designed to make access to scalable services easy to consume for development and production services.

Six Degrees Public Sector Cloud provides a mechanism for customers to procure Amazon Web Services. Procuring AWS services through Six Degrees, in combination with other services, allows customers to create a managed and workable solution with the flexibility to mix security levels and information assurance requirements.

The Service provides the following functions:

A mechanism for procuring any of the Amazon Web Services (AWS) services listed on the AWS website at: https://aws.amazon.com/products/

If Six Degrees’ server support or server management services are purchased, access to a Service Desk for reporting incidents and Service Requests.

Support

If supported or managed by Six Degrees, cloud services are underpinned by our ITIL aligned, 24x7 service desk and support services.

Data Centre Locations

Amazon Web Services is located in data centres worldwide and the customer can select where their data is held, although we recommend only using AWS’ EU-based data centres.

Severity Definitions

Amazon provides support based on the definitions and the support plan purchased by the customer at the following location: https://aws.amazon.com/premiumsupport/features/.

Service Constraints

Minimum Infrastructure Requirement

There is no minimum infrastructure requirement when using AWS. It is recommended for each customer that Six Degrees procure Business Level Support as part of the AWS Cloud Compute service. This is currently priced at £100 or 10% of the customers’ AWS spend per month.

https://aws.amazon.com/products/

https://aws.amazon.com/premiumsupport/features/



Maintenance and Planned Outage

All AWS maintenance and planned outages are published online at: https://aws.amazon.com/maintenance-help/. It is the responsibility of the customer to review this information and check when planned outages are scheduled. Six Degrees are not liable should the customer fail to check and lose data as a result.

Customer Responsibilities

Customers must conform to the Six Degrees acceptable use policy and the AWS Customer Agreement at: http://aws.amazon.com/agreement/.

Onboarding and Offboarding Processes

Onboarding

For customers using AWS they must comply with AWS Customer Agreement at http://aws.amazon.com/agreement/.

Offboarding

Using AWS, the Customer has the ability to upload and download all data and delete the data from their AWS instance. Alternatively Six Degrees can do this for the customer, if requested.

Commercial Relationship

Ordering

Services can be ordered by contacting Six Degrees with your requirements. A call-off contract will need to be executed under the G-Cloud 11 Framework with a corresponding Purchase Order (PO). Following the initial order, additional services can be ordered in a number of ways by authorised representatives of the Customer:

By submitting an order form,

By completing a ticket,

By provisioning a service through the AWS portal.

Use by Other Suppliers

Our services are available for purchase by third parties who intend to supply services to government.

https://aws.amazon.com/maintenance-help/

http://aws.amazon.com/agreement/

http://aws.amazon.com/agreement/



Invoicing

We invoice monthly in arrears on a thirty (30) day credit invoice. Invoices are based on output from our capacity management system and bill on an hourly basis for the services used in a calendar month.

Termination by Customers

Termination by Customers is conducted in-line with the G-Cloud Framework Agreement.

Service Credits

For AWS, Service Credits are based on standard AWS terms and conditions: https://aws.amazon.com/agreement/.

Termination by Six Degrees

Termination by Six Degrees is on the same basis as termination by Customers unless specifically agreed in a call-off agreement.

Minimum Contract Period

The minimum contract period of the service is one hour.

Pricing

AWS Cloud Compute pricing is based on AWS list prices. Any AWS price changes during the lifetime of the applicable G-Cloud framework will be passed on to the Customer. Customers should always check the AWS website for up to date pricing.

Current AWS pricing is available at: http://aws.amazon.com/products/

The AWS Simple Monthly Calculator is available at: http://calculator.s3.amazonaws.com/index.html

It is recommended for each customer that Six Degrees procure Business Level Support as part of the AWS Cloud Compute service. This service will be priced at £100 or 10% of the customers’ AWS spend per month.

Monthly Managed Service

Six Degrees also provide an AWS Cloud Compute Managed Service, starting at £500 per month. This bespoke service is designed with the specific needs of each customer in mind. Options range from basic support and help using AWS to delivering a full hybrid service to support workloads across multiple IaaS environments, e.g. using AWS for test and dev and Six Degrees for PSN OFFICIAL workloads. Full pricing for this service is available on request.

https://aws.amazon.com/agreement/

http://aws.amazon.com/products/

http://calculator.s3.amazonaws.com/index.html



SIX DEGREES SLA - INTRODUCTION

Six Degrees offers a broad portfolio of Cloud Services to its clients. The following Sections: 11.1 thru 11.9 outline the Service Level Agreement and Service Credits associated with these services.

Service Levels – Cloud Infrastructure

Compute & Storage Platform

SLA SERVICE PERIOD AVAILABILITY

TARGET AVAILABILITY SERVICE CREDIT

SLA – 1A Enterprise Cloud – Virtual Private Cloud

Calendar Month

99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0% Less than 96.0%

5% 10% 15% 20% 25%

SLA - 1B

Enterprise Cloud – Dedicated Private Cloud

Calendar Month

99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0% Less than 96.0%

5% 10% 15% 20% 25%

SLA – 1C

Enterprise Cloud – Dedicated Physical Server

Calendar Month

99.9%

99.89% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0% Less than 96.0%

5% 10% 15% 20% 25%

SLA – 1D Public Sector Cloud – Virtual Private Cloud

Calendar Month

99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0% Less than 96.0%

5% 10% 15% 20% 25%



Advanced & Premium Virtual Firewall

Advanced & Premium Virtual Load Balancer

Service Level Definitions: Cloud Infrastructure

SERVICE AVAILABILITY DEFINITION

Compute Platform Availability Positive TCP port open response on port 902

Storage Platform Availability Storage connected and available from the server and operating within acceptable performance parameters as defined in both the Enterprise and Public Sector Cloud Service Descriptions

Virtual Firewall Availability Positive TCP port response on the management interface port 443 Virtual Load Balancer Availability Positive TCP port response on the management interface port 443



SLA – 2A Virtual Firewall

(Single) Calendar

Month 99.9%

99.89% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%

SLA – 2B Virtual Firewall

(HA) Calendar

Month 99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%



SLA – 3A Virtual Load

Balancer (Single)

Calendar Month

99.9%

99.89% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%

SLA – 3B

Virtual Load Balancer (High

Availability (HA))

Calendar Month

99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%



Service Levels – Business Continuity

Backup as a Service (BaaS)

The following Service Level KPI’s are in place for the Six Degrees BaaS Platform.

Disaster Recovery as a Service (DRaaS)

The following Service Level KPI’s are in place for the Six Degrees DRaaS Platform.

Veeam Cloud Connect Backup

The following Service Level KPI’s are in place for the Six Degrees Veeam Cloud Connect Backup Platform.



SLA – 4A BaaS Calendar

Month 99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%



SLA – 5A DRaaS

Availability Calendar

Month 99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%


TARGET AVAILABILITY

SERVICE CREDIT

SLA – 6A Veeam Cloud

Connect Backup

Calendar Month

99.99%

99.98% - 99.5% 99.49% - 99.0% 98.99 – 98.0% 97.99 – 96.0%

Less than 96.0%

5% 10% 15% 20% 25%



Service Level Definitions: Business Continuity

SERVICE AVAILABILITY DEFINITION

BaaS Platform Availability Positive TCP port open response on port 4401 DRaaS Platform Availability Positive TCP port open response on port 902 Veeam Cloud Connect Availability Positive TCP port response on the management interface port 443



Service Levels – Cloud Applications

Office 365 Please refer to Microsoft Online Services Service Level Agreement document available here:


Service Levels - Public Cloud

Microsoft Azure

The SLAs for individual Azure services, including service credits and monthly uptime calculation, can be accessed here:

https://azure.microsoft.com/en-gb/support/legal/sla/

• The Azure infrastructure service performance, including uptime and service monitoring, is the responsibility of Microsoft.

• Microsoft is responsible for Azure infrastructure service credits as set out in the Microsoft Customer Agreement.

o The service credits details can be accessed via the link above. o Please note that the Azure service credit claims are not automatically processed by Microsoft

following a downtime. They must be submitted within 2 months of when an issue occurs in order for Microsoft to review. Therefore, Customers must formally request that Six Degrees submit a claim on their behalf should any Microsoft Azure services managed by Six Degrees are impacted by Azure downtime.

o Service Credits shall not be paid if the Customer’s account is in arrears. • Six Degrees typically applies Azure best practices when proposing and architecting services on Azure.

However, in certain cases either by the Customer’s request or as initially inherited from Customer’s incumbent, this architecture may not be possible.

• Customer’s Azure architecture design will have an impact on the SLA offered by Microsoft. Microsoft periodically updates the Azure platform to improve the reliability, performance, and security of the host infrastructure for virtual machines and/or components related to it.

• These updates range from patching software components in the hosting environment, upgrading networking components, to hardware decommissioning.

• Most of these updates have no impact to the hosted virtual machines and/or its related components. However, there are cases where updates do have an impact and Microsoft chooses the least impactful method for updates.

• At times, certain Microsoft updates could have impacts up or between the resource chain; therefore: o Six Degrees also highly recommends implementing backup and disaster recovery solutions to ensure

a Customer’s business is built for resiliency. o Please note that certain Six Degrees management services are optional and unless a Customer has

procured it, Six Degrees cannot be held responsible for managing, maintaining and troubleshooting those functions.

o Please refer to the link below for further information: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/maintenance-and-updates


https://azure.microsoft.com/en-gb/support/legal/sla/



When procuring Public Cloud – Microsoft Azure services from Six Degrees, by default the Customer is agreeing to and accepting the mandatory Microsoft Customer Agreement before Six Degrees can provision Microsoft Azure services on behalf of the Customer.

Unless otherwise specified, the Customer should expect Section 7 (KPIs) and Section 9 (SLA Exclusions) in this document to apply to Public Cloud – Azure to ensure operational excellence and maintain consistency of Six Degrees’ processes - irrespective of the target platform, i.e. Six Degrees Enterprise Cloud or Microsoft Azure Public Cloud.

For Public Cloud, there are certain rules of engagement that Six Degrees and our Customers need to adhere to since the infrastructure and/or components are not the responsibility of Six Degrees.

• Six Degrees may not be able to fulfil our service management process SLA, (e.g. resolution time, maintenance notification or performance issues) where Microsoft needs to be involved in troubleshooting a failure on their infrastructure or anything that causes a disruption on their underlying services.

• Six Degrees holds a Premier Support Agreement with Microsoft, providing the best levels of support and escalation from Microsoft when dealing with critical issues.

Note: Microsoft related statements and links are correct at the time of writing and are subject to change by Microsoft.



Service Level Agreement Uptime Values

The following table defines the uptime values vs. the downtime associated with the service levels listed in this document1.

Service Continuity Management

In the event of a failure, Six Degrees provides the following targets to ensure service continuity.

SLA SERVICE METRIC TARGET

1 Enterprise & Public

Sector Cloud – Virtual Private Cloud

Host failure All virtual machines

online with 15 minutes

2 Enterprise Cloud – Dedicated Physical

Server Standalone host failure

Service restored within 8 hours

3 Enterprise Cloud – Dedicated Physical

Server

Host failure as part of an active-active configuration

Service restored within 1 hour

4 DRaaS RPO (Recovery Point Objective) average per

calendar month <= 5 Minutes

5 DRaaS RTO (Recovery Time Objective) from point of

invocation <= 4 Hours2

1 Except for Public Cloud, e.g. Microsoft Azure. 2 Subject to a successful DR test completing within four (4) hours.

SLA MAX DOWNTIME PER MONTH

99.99% 4min 23sec 99.9% 43min 49.7sec 99.5% 3hr 39min 8.7sec 99% 7hr 18min 17.5sec 98% 14hr 36min 34.9sec



Service Level Agreement Exclusions

The following circumstances for the period, and to the extent that they apply, shall not count towards any service level as a failure to perform the services:

a) A force majeure event as defined in the contracted Services Agreement (MSA/MRA). b) A suspension of the service in accordance with the Services Agreement (MSA/MRA) c) Scheduled or Emergency maintenance as required. d) Faults that are a result of the Customer or End User not complying with Six Degrees’ Security Policy. e) Faults proven to be caused by a virus introduced negligently or otherwise by the Customer or End User

onto its service. f) Faults or omissions of the Internet or private connectivity. If connectivity is provided by Six Degrees, such

a remedy is covered in the Data Service Level Agreement. g) Faults or omissions in equipment, wiring, cabling software or other services including faults on the

customer network or customer’s own equipment which are not maintained by Six Degrees. h) Failure to comply with capacity management recommendations issued by Six Degrees. i) During any trial or proof of concept period. j) Customer is not using the Services in accordance with the Documentation (including the best practice

implementation policies therein) as well as reasonable usage allowances. k) Unreasonable delay by the Partner of Customer during an incident where their assistance is required as

part of the resolution in accordance with the service levels. l) If the service can be connected to via any applicable means, then the service is not deemed unavailable. m) Loss of resilience is not considered loss of service. n) Loss of access to control panels or support portals are not deemed as service unavailability. o) Services procured from 3rd parties and not procured through Six Degrees. p) Services that are not “Ready for Service” due to customer delay during implementation q) Limitations imposed by 3rd parties and Public Cloud vendors, e.g. Microsoft Azure or Amazon AWS.



Service Credits

Service Credits will be issued in line with the Six Degrees Master Service Agreement, as such the following terms apply:

• Service credits are calculated based on a percentage of the Recurring Fees payable for the service as indicated in the per product Service Level Agreement.

• The maximum Service Credit allowable in any given calendar month is limited to the amount of Recurring Fees payable in that calendar month directly associated with the service.

• A Service Credit shall not be credited to the Customer’s account unless the Customer requests it from the Supplier’s accounts department within thirty (30) days of the date on which Six Degrees failed to meet the relevant Service Level for a reason solely due to the fault of Six Degrees. A claim for any such Service Credit must be made via email and sent to [email protected]

• The calculation of the Service Credit shall be based on Recurring Fees and shall not include any other Fees paid or payable by the Customer to Six Degrees.

• Service Credits shall not be paid if the Customer’s account is in arrears.

mailto:[email protected]