+44 (0) 20 3603 7830 hello@equalexperts.com www.equalexperts.com 30 Brock Street London, NW1 3FG Cloud-based Infrastructure and Application Support Service Definition Overview We provide 24/7 support to cost-effectively manage cloud-based infrastructure and applications, using DevOps professionals uniquely positioned to provide operations services for the full tech stack. Standardising on reliable, predictable platforms takes the technical discussions off the table and lets companies focus on their real issues: spending time and mental energy solving business-changing problems. We help companies shift their IT investments from maintenance to innovation transforming IT Operations from a cost center to a competitive advantage. We enable software development teams to work faster and ship more often while making IT Operations resilient, reducing operating costs and making them scale more effectively. Example Use Cases We provide support services to public sector organisations requiring 24/7 support for their secure cloud-based infrastructure and applications. At the Home Office we provided 24/7 support for the new Visa application service delivered to public Beta in June 2014. At HMRC we provide a mix of Level 2 and Level 3 support for the new Multi-channel Digital Tax Platform delivered to production in Beta and Live. Product Features 24/7 Level 2 Support: We provide 24/7 remote support including responding to all support issues, performing root cause analysis of problems and resolving all support issues in line with agreed SLAs. This may include raising tickets for other 3rd party support providers if required. Infrastructure support issue resolution will be provided in full. Application support issue resolution after hours is limited to agreed procedures, such as roll-back to earlier versions of the application. These procedures will be agreed with clients on a case-by-case basis. Our attached pricing is based on this being a 24/7 service. We can offer bespoke pricing for shorter coverage hours and have standard pricing plans for a 10/5 support offering. 1
Business Hours Level 3 Support: Level 3 application support issue fixes are provided either by client or 3rd party delivery teams, with support issues added to the story backlog for prioritisation by the product owner. Alternatively Equal Experts can assign consultants to provide Level 3 application support fixes during business hours, working either remotely or onsite. After Hours Level 3 Support is available by further agreement. This would normally only be available if there is a fully automated release process in place and a client representative available to authorise out of hours production release. Features: Monitoring and Alerting Escalation Incident Management and Remediation Performance Trend Analysis Virtualisation Environment Segmentation and Maintenance Security and Compliance Availability and Resilience Upgrades Configuration Management Information Assurance We provide information assurance to the same level as the underlying infrastructure and applications we are supporting. We are willing to obtain security clearance for all our people working on a specific client engagement, in the event that this is required. This is applied for by the client organisation and will impose a lead-time on our ability to commence providing support services e.g. it can take 8-12 weeks to obtain Security Check (SC) clearance and this may need to be in place before our people can have access to production infrastructure. Back-up/Restore Back-up/Restore processes are assumed to have been designed and implemented as part of systems and applications development. Our support offering includes carrying out any agreed back-up and restore procedures as part of this process where these are not automated. We can put these processes in place if they re missing or not automated but that would be a project outside the managed service. Disaster Recovery Disaster Recovery processes are assumed to have been designed and implemented as part of systems and applications development. Our support offering includes carrying out any agreed disaster recovery procedures as part of this process where these are not automated. We can put these processes in place if they re missing or not automated but that would be a project outside the managed service. 2
Onboarding We typically engage with a time-bound two to four week onboarding process, to transfer knowledge of existing systems and applications and the environments infrastructure, and to integrate existing systems into our monitoring and alerting infrastructure with little or no change to the systems already in place (depending on the ability to stream logs outside the datacenter or not). More complex systems and infrastructure may require a longer onboarding and handover period. We leverage proven tools and processes: Depending on where the servers are located: public IaaS provider: we coordinate with the provider, e.g. Skyscape, to get full remote access private IaaS: we setup a secure VPN between our office and client premises We work with existing IT Operations and/or Delivery staff to document the systems and prepare for the hand-over We configure existing services and monitoring to be aggregated into either: our preferred IT Operations real-time dashboard PagerDuty if sending logs out is possible or, existing on-premise aggregation and dashboarding tools when sending logs out is not possible due to security restrictions we are able to make alternative arrangements should a suitable on-premise solution not be available already For an agreed handover period, depending on the complexity of the system but typically between 24 and 72 hours, both the existing team and tools and ours will be active in parallel to make sure handover goes smoothly After 24/72 hours without any hand-over glitches we take over active duty From then on we are not only reactive but also proactive in managing the infrastructure and working with clients on improving it according to their present and future needs. All our services are delivered by consultants based in the UK. Offboarding We have a two month notice period for cancellation of our services, during which we will work with clients to plan for an effective handover and transition to clients internal or 3rd party support provider. Offboarding will typically follow a reverse process to onboarding. We will provide documentation on the infrastructure and systems being supported, and electronic copies of or access to all system status reports and support logs for the preceding three month period at a minimum. We will agree a handover period, depending on the complexity of the system but typically between 24 and 72 hours, during which our team will be active in parallel with the new support team to make sure handover goes smoothly. 3
Pricing 24/7 Level 2 Support: Our pricing is based on a monthly fixed fee with an additional variable monthly fee per server or VM unit and becomes cheaper (per unit) as you add more servers/vms. For our purposes a server/vm is any major, distinct, individual architectural component but not supporting services that are mainly configured and managed by the 3rd party IaaS provider. For example, where cloud provider is an organisation like Skyscape, units are considered to be Virtual Hosts and Vshield Edge instances inside a Virtual Data Center. We would look after all services (such as operating systems, mail servers, MongoDB instances and Java Virtual Machines) installed within Virtual Hosts but not charge separately for them. Not only the unit cost decreases as your needs increase but thanks to the variable pricing the cost will always be in line with your current needs whether they are higher or lower than the previous month. Business Hours Level 3 Support: Pricing for business hours application support issue fixes is based on a Time and Materials basis with a daily rate of 800/day, plus reasonable expenses and VAT. Business Hours Level 3 support is optional. See pricing template EE_CloudSupport_PricingTemplate for detailed pricing. Service Management The support process, including issue logging, interactions with Level 1 Helpdesk and Level 3 Application teams, and escalation processes, are tailored to individual client requirements and agreed as part of the onboarding process. Service Constraints We only provide support services to applications developed using modern programming languages and frameworks such as Java, Scala, Ruby,.Net and delivery practices such as test-driven development and continuous integration. 24/7 Level 2 support services are only provided remotely and will require compliant devices in line with client organisation policies. However, we can arrange any face to face meetings to happen onsite. Business Hours Level 3 support can be provided either onsite or remotely. We are willing to obtain security clearance for all our people working on a specific client engagement. This is applied for by the client organisation and will impose a lead-time on our ability to commence providing support services e.g. it can take 8-12 weeks to obtain Security Check (SC) clearance and this may need to be in place before our people can have access to production infrastructure. 4
Service Levels Severity Level P1 P2 P3 P4 Criteria CRITICAL IMPACT - A reproducible problem which has or will have, within 24 hours, a severe impact or impair the performance of substantially all major functions of client's business. SEVERE IMPACT - A reproducible problem which prevents or seriously impairs the performance of a major function of client's business. MINOR IMPACT - A problem which disables or impairs the performance of a minor function. NO IMPACT - A general usage question or report of a minor issue that doesn't impact the client's business. Response Time 2 hours 4 hours 1 business day 2 business days We provide 24/7 remote support including responding to all support issues, performing root cause analysis of problems and resolving all support issues in line with agreed SLAs. This may include raising tickets for 3rd party support providers if required. Infrastructure support issue resolution will be provided in full. Application support issue resolution out of hours is limited to agreed procedures, such as roll-back to earlier versions of the application. These procedures will be agreed with clients on a case-by-case basis. Acceptable out of hours resolution of level P1 and P2 application support issues will be agreed with clients as part of the onboarding process. Financial Recompense Financial recompense is not provided as standard, however we are willing to negotiate a credit-based recompense structure if required for SLAs not being achieved consistently. Training Not applicable. Ordering and Invoicing To discuss your support requirements in detail and place an order please contact solutions@equalexperts.com. Monthly fixed fees are invoiced monthly in advance. Variable fees are invoiced monthly in arrears. Payment terms are fifteen (15) days net of receipt of invoice. Termination There is a 60 day notice period for termination without cause. 5
Data Restoration/Service Migration All client systems and data reside on 3rd party cloud infrastructure procured independently by clients and with clients owning the commercial relationship with the infrastructure provider. As such clients retain access and ownership of systems and data when moving between support providers. Equal Experts will commit to returning or destroying all client generated data held on our own devices in compliance with our internal Information Security Policy or client s required policies. Client Responsibilities Clients to provide dedicated workspace if required, and access to client systems, applications, software, networks, documentation and people as required and agreed during the onboarding process. Technical Requirements We do not support Windows-based servers at the moment. Trial Service None. Service Provisioning Not applicable. Utilisation Monitoring/Reporting We provide both real-time online visibility to our clients and regular written reports on the status of the systems and infrastructure under support. The frequency, format, content and access to reports will be agreed with clients as part of the onboarding process. Provision of real-time data would depend on our ability to use the tools we need. We d need to evaluate and agree this in light of security controls and policies affecting the data being transmitted. 6