Guidance and advice services

Service Delivery Manager

The Service Delivery Manager (or SDM) is the Customer’s main point of contact for the proper functioning of the Managed Applications Service This service must be subscribed for each Project that includes at least one Premium Support Level Managed Tenant. This service is not available for Projects that include only Standard Support Level Managed Tenants.

The Service Delivery Manager provides the following services:

  • Taking part in implementing upgrades / improvement to Customer Service during the run phase,
  • Monitoring due functioning of Customer Service during the run phase,
  • Advising Customer on possible upgrades to Services subscribed to,
  • Servicing in escalation mode, either at the Customer’s request, or at that of the Provider teams, or proactively,
  • Implementing and steering the quality assurance process,
  • In charge of capacity management on the Customer environment (Disk, CPU, RAM). Informing the Customer about upgrades to be taken into account to allow optimal functioning of the environment.

Contract Business Manager

The Contract Business Manager (CBM) is the main contractual contact for the Customer’s IT department for Managed Applications Service.

 

This service must be subscribed for each Project that includes at least one Premium Support Level Managed Tenant. This service is not available for Projects that include only Standard Support Level Managed Tenants.

 

The Contract Business Manager provides the following services:

  • He ensures that the Provider’ contractual and commercial commitments to the Customer are respected
  • It implements, monitors and updates the Customer’s document repository
  • He leads governance: Steering Committee and Strategic Committee
  • He is the Customer’s privileged contact for all matters relating to contractual developments in the life of the solution

Lead Technician

The Lead Technician is the Customer’s main technical contact during the run phase of the Service. This service is recommended for complex projects.

The Lead Technician provides the following services:

    Organization of technical committees to improve the performance of the solution;      Investigation of malfunctions and proposal of solutions;         Study and implementation of changes.

Architectural design

The architecture design service consists in providing an high level design for the Customer’s project at the end of a study based on the Customer’s specifications. This service is recommended for complex projects.

DevOps expertise

The DevOps expertise service provides advice and technical assistance for the Customer’s implementation of a continuous integration / delivery approach on its Managed Tenant.

A report containing the recommendations will be sent to the Customer at the end of each intervention.

Managed OS

With this service, the Customer is provided with complete operating system management, including tasks connected with the VM (Virtual Machine). It is available only to the Customer’s Managed Tenants.

Description

The description of the services provided under the Managed OS Service is:

Customers may request specific retention policies and customized backup frequencies. Specific requests are submitted to the Provider for validation and quotation.

“Snapshot” backup and restore service

This service is included in the Managed OS service offered to Managed Applications customers.

The backup and restore service is provided to customers who already subscribe to the Managed OS services.

This Snapshot Backup Service allows the Service Provider to back up and restore at full disk level (system and data), the content of the Client servers deployed on their Managed Tenants.

The type of “Snapshot” Backup depends on the underlying IaaS on which the Managed Service subscribed by the Customer is deployed. When the Managed Backup and Restore Service is based on a backup system integrated into the IaaS, the cost of the service is borne by the Customer as part of the IaaS service it has subscribed to.

The backup policy is predefined in the “Snapshot” backup system of the managed OS service as follows A daily backup with 6 days retention and a weekly backup with 4 weeks retention.

The Customer can, via a change request, request a disk restoration since the last “Snapshot” backup.

The pricing of the “Snapshot” backup service for the iaaS part depends on the volume of data protected and the associated storage space.

Limitations

The following activities remain the Customer’s responsibility:

  • Verifying the proper operation of the infrastructure and of the OS’
  • Making the decision to restore operating system
  • Do not deploy OS updates
  • Do not deploy an application not validated by the Provider
  • Do not disable the antivirus
  • Not joining an AD domain
  • The Customer cannot refuse the basic “Snapshot” backup service proposed in the offer, as it ensures the Provider’s SLA,
  • In case of a change in the “Snapshot” backup policy at the request of the Customer, the Customer is responsible for the associated recovery capacity,
  • The Customer is responsible for any decision to restore a file or a group of files,
  • The “Snapshot” backup does not include specific backups (Active Directory, Messaging, …). Other solutions of the Provider are proposed in the catalog.

The Customer shall not have root or administrator rights on the OS, and shall not be allowed to integrate a VM from the Managed Tenant into a Domain Controller not managed by the Provider.

Managed database

The Provider technically operates the Customer database(s) as well as optimisation and upgrading activities.

 

For managed DBaaS (DataBase as a Service), database software licenses are provided :

  • as part of the IaaS service subscribed by the Customer.
  • by the Provider, holder of the Licenses. In other cases, the licenses of the database software are subscribed
  • or by the Customer, depending on the Software publishers’ terms.

 

For managed DBaaS, the cost of the DBaaS service is borne by the customer as part of the IaaS service it has subscribed to.

Description

The managed database consists of the following services:

Specifications

The service applies to the following databases:

 Availability according to IaaS: Flexible Engine (FE), Microsoft Azure (Azure), Amazon Web Service (AWS), Google Cloud Platform (GCP)

Limitations

The following activities remain the Customer’s responsibility:

  • Verifying the proper operation of the database
  • Making decision to restore database
  • Performing business tasks dependent on the Customer application

Managed middleware

The middleware are installed and set up by the Provider.

 

The operating system is always fully-managed by the Provider. It is mandatory that the Customer subscribe to the Managed OS service.

Limitations

The following activities remain the Customer’s responsibility:

  • Verifying the proper operation of the middleware
  • Performing business tasks dependent on the Customer application  No client code review

Managed CFT

The “Managed CFT” service allows the Customer to exchange files via the protocols supported by CFT with one or up to 5 partners. This service is only available to Customers who have subscribed to the Managed OS service.

 

The offer includes:

  • Integration of the CFT application with Windows or Linux servers.
  • Deployment and validation of the licenses provided by the customer.
  • Management and supervision of the deployed applications.
  • The implementation of the necessary configuration to send/receive files.
  • Management of patches and service packs installation for deployed CFT applications and their deployment frequency.
  • Management of file transfer anomalies between the managed CFT application and the Axway Vision gateway.
  • Deploy customer-provided certificates required for secure exchanges.

Prerequisites

This offer involves a mandatory analysis phase for:

  • Validate the Customer environment, and the integration of the CFT application
  • Validate the configurations provided by the Customer, in agreement with the partners (remote partners and Axway Vision gateway)
  • Validate the implementation of the service and the proper functioning of the configuration deployed on the client side.

Limitations

  • The Customer provides the license for the use of the CFT application in accordance with the subscription of its editor contract.
  • The Customer is responsible for opening the flows.
  • The remote third party(ies), partner(s) of the Customer, which are not managed by the Provider remain solely responsible for the proper reception of the files sent by the Customer.
  • The GTR (Guaranteed Recovery Time) will be suspended in case of waiting for the return of the editor’s support or the non-managed partner.

Managed container with CaaSCAD

The Managed Container service with CaaSCAD is an tthat allows you to delegate the container management of your applications.

 

The service consists of all or some of the following elements:

  • The deployment of on-demand containers on managed Kubernetes clusters based on images, Dockerfiles and manifests provided by the Customer.
  • 24 x 7 monitoring of the containers deployed in the Kubernetes clusters.
  • Notification and intervention on incidents in the event of container malfunctions on the basis of procedures agreed with the Customer and formalized during the pre-sales phase.

 

On quotation, the Provider can provide container images (OS, and Middleware).

Description

Change requests (*) from the Client include:

  • Redeployment of container versions on KKubernetes clusters from files stored in CaaSCAD tools
  • The creation or modification of deployment chain routines in CaaSCAD tooling
  • Verification of the proper functioning of the containers
  • The modification of the export points of metrics and container logs  The creation and modification of alerts in CaaSCAD dashboards.
  • Adding or modifying exporters on containers, especially for application metrics.
  • Creation and modification of reporting dashboards on metrics and logs in CaaSCAD tools.
  • The structuring of the Git tools and the deployment chain (CD) for integration with the processes and the integration chain (CI) already used by the Customer.

(*) For an exhaustive list of changes, please refer to the exchange catalogue available in the Cloud Store portal.

Service requirements

  • The Managed Kubernetes service with CaaSCAD ordered from the Provider
  • Kubernetes clusters created, functional and managed by the Provider
  • The provision by the Customer of Docker images, Dockerfiles, manifests, exporters sending metrics and logs and the deposit by the Customer in the CaaSCAD repository and registry.
  • The validation by the Customer of the procedures to be applied on incident among the proposed procedures.

Limitations

The following activities remain the responsibility of the Customer:

  • Updating container deployment files in CaaSCAD git
  • Updating container images in the CaaSCAD repository
  • Container application supervision
  • Application performance commitments
  • The commitments of good functioning between the containers and the Virtual Machine (VM)  Stateful containers

Managed Kubernetes with CaasCad

The Kubernetes service managed with CaasCad is an the Provider service that allows the Customer to delegate the supervision and operation of the Kubernetes clusters used by its applications and to use the CaasCad tooling as a service for the operation of Kubernetes clusters, containers and containerized applications in DevOps mode.

 

The service consists of all or part of the following elements:

  • The deployment of on-demand Kubernetes clusters on a Container as a Service infrastructure provided by the IaaS provider from configurations provided by the Customer.
  • The 24 x 7 supervision and the maintenance in operational conditions of the deployed Kubernetes clusters.
  • Notification and intervention on incidents to restore or rebuild from the repository in case of malfunctions of Kubernetes clusters.
  • Restoring Kubernetes clusters from a repository saved in CaasCad
  • The CaasCad as a Service tool for the operation of Kubernetes clusters, containers and containerized applications.
  • Change management on Kubernetes clusters and CaasCad tools.

Service Requirements

        The CaasCad service for the operation of Kubernetes clusters, containers and containerized applications.

Service specificities

There is no distinction of price whether the managed kubernetes cluster with CaasCad is in production or not

Limitations

The following activities remain the responsibility of the Customer:

  • Provision of the specification of the characteristics of the managed Kubernetes cluster and its location
  • Container and application management. To benefit from this service, the customer must subscribe to an extension at the Managed Container and Managed Application level.

CaasCad Service

The CaasCad service provides a DevOps-oriented operations tool for co-management by the Provider and the Customer on multiple clouds. The Caascad service is offered in two versions:

Dedicated Caascad called “Caascad” which includes all the tools listed below and whose instances are dedicated by Customer

Caascad Shared which is a limited version (see section Limitations of the Caascad Shared service) and shared between several Customers

 

This tooling includes:

  • a managed user directory and centralized authentication service
  • a set of as-a-service managed tools to build, test and deploy applications in the managed Kubernetes

cluster(s) o management of binary object repositories o GIT decentralized version management o Automation of builds/testing/deployment

  • as-a-service managed tools for collecting, storing, and visualizing logs and metrics of infrastructures and applications
  • an as-a-service application alerting managed tool configurable by the customer
  • a portal summarizing the status of the system and facilitating navigation to the tools

This solution deploys and uses the services of the IaaS infrastructure of compatible service providers.

 

The following diagram represents :

  • The Customer’s containerized applications
  • CaasCad services provided by the Provider
  • The underlying Iaas services of the cloud provider

 

 

Responsibility matrix between Customer & the Provider

 

All the tools are open source tools deployed, integrated and maintained in operational conditions in an industrial way by the CaasCad Service. The following diagram describes the deployment model of the Service:

 

The different environments

 

Accès to the Service

Prerequisites

CaasCad services, Kubernetes Managed with CaasCad, Managed Container with CaasCad require mandatory governance with a Managed Services Manager.

 

The CaasCad Service is based on a supported IaaS and its services, which the Customer must subscribe to in advance with the third party cloud provider or the Provider. Cloud provider services are not part of the Service. In this context, the Customer and the Provider have Administrator rights on this Customer Environment.

 

IaaS supported :

  • Flexible Engine from the Provider, Paris Region
  • Cloud Container Engine (CCE) functionality is a prerequisite for the CaasCad service.
  • The following Flexible Engine functionalities are also used (not exhaustive): ECS, EVS, CCE, VPC, NAT GTW, OSS, AK/SK.

The CaasCad Service requires a Kubernetes cluster in the managed client:

  • An ECS s3.large.2 (2 vCPU/ 4GB RAM) with a data volume of 150G
  • A t2.small ECS (1 vCPU/ 2GB RAM) with a public IP address
  • A NAT gateway with an IP address

These elements that the Provider may determine changes over time to accommodate new features where changing performance requirements are not included in CaasCad pricing.

 

The CaasCad Service deploys probes in the Customer’s Kubernetes clusters for administration and monitoring purposes, these probes consume a fraction of the computing power of the clusters.

 

The network and security interconnection architecture must be defined prior to the deployment of the Service, during the pre-sales phase or during a consulting mission; these services must be operational as a prerequisite to the deployment of the CaasCad Service. They are not part of the CaasCad service.

 

The CaasCad service requires among others

  • an Internet connection for the Administration Environment, used for updating the open-source software used in CaasCad.
  • a connection from each Client Environment to the CaasCad Administration Environment, used for cluster administration.
  • User access to CaasCad service URLs.

For incident investigation purposes, Customer authorizes the Provider to access the logs and metrics stored in CaasCad.

 

Customer must provide prior to installation and deployment:

  • the list of “login” and “email” users authorized to access the Service
  • the list of “login” and “email” users authorized to access Support (Incidents / Changes)  the desired configuration of the managed Kubernetes cluster             Log and metrics configuration retention periods.

Geographic location

CaasCad is deployed on the Provider’ Flexible Engine infrastructure in the Paris Region with two Availability Zones located in St Denis and Pantin. The evolution of the CaasCad service is planned in an agile roadmap and includes compatibility with other cloud service providers.

 

URLs and CaasCad Portal

The various functionalities of the CaasCad Service are accessible through web service URLs that will be provided following the On-boarding phase.

One of them is the URL of the CaasCad portal providing a home page and navigation to other tools in SSO mode. This Portal is hosted on the Customer Administration Environment. The URLs and IP are public.

Support Services for CaasCad service

On-boarding

An On-boarding package of 3 consecutive days is provided at the initialization of the Service, which includes the creation of the Customer Administration Environment, the registration in the Identity Provider of the users authorized to the Service, the creation of the Kubernetes cluster and the provision of the access urls to the Service, the declaration of the named users in the Support ticketing system as well as the support of the Customer by an expert on the configuration and the use of the Service.

The service is renewed for the deployment of each Customer Administration Environment.

An additional service can be ordered by the Customer.

Cloud Expert Services

The Provider’ Cloud Expert Services offer a catalog of DevOps expertise services to complement the CaasCad service.

User Directory and centralized authentication

The Service provides an Identity Provider (IdP) in order to authorize or limit user access to the Service. The set of Customer users authorized to use the Service is defined within the Identity Provider (IdP). The IdP allows the management of users, groups and associated roles.

 

Users can change passwords through self-service. All access to the Service tools is authenticated by the Identity Provider. The user has a Single Sign-On connection to access CaasCad tools.

 

The directory and the authentication service are hosted on the Customer Administration Environment.

 

During On-boarding, as standard, all users are placed by the Provider in the same group with the same maximum rights allocated to all Service tools based on the list of users and associated emails provided by the Customer.

Kubernetes cluster inventory service

The Service provides an inventory and visualization tool of the status of Kubernetes clusters to allow the Customer to know the details of the container deployments in the clusters. This service is based on the Rancher utility available in read-only mode for the user. The Rancher component carries the authorization of the users on the Kubernetes clusters, the authentication is managed by the IDP.

Limitations

The following activities remain the responsibility of the Customer:

  • Provision of the specification of the characteristics of the managed Kubernetes clusters and their location by exchange of mail or constituted file.
  • Management of its application code
  • Container Deployment Management integrating application updates

Code Repository, Build Chain and Application Container Storage

The Service provides a code repository (git) to allow Customer to manage its code by itself. The Customer is free to organize his code as he wishes. This service is dedicated to the Customer and uses resources from the Customer Administration Environment.

The Provider team is the administrator of this service and also uses it for operations on the Customer Environment(s). Dedicated repositories are made available for the generation and maintenance of Grafana dashboards and Prometheus alerts (see Collection, storage, visualization of logs and metrics).

 

The Service provides a Continuous Integration (CI) tool to allow the Customer to create its containerized applications (build, test and packaging). Work is organized in a pipeline to automate tasks. The CI tool enables the Customer to perform the usual tasks of Build (compilation, script execution), testing (unitary, functional, integration, loading) and packaging (Docker). The Customer is free to configure the pipelines he wants.

The IC is installed in the Customer Administration Environment. The IC agent is installed in the Customer Environment and the jobs managed by the IC are performed in the Customer Environment.

 

The Service provides a Docker Registry to allow the Customer to store all of its application images. This service is dedicated to the Customer and uses resources from the Customer Administration Environment.

 

The Provider team has administrator rights on all of these tools. Access is authenticated and centralized through the Identity Provider (IdP) service, in SSO.

 

By default, following On-boarding, all users have the maximum rights available (excluding the administrator).

Limitations

The following activities remain the responsibility of the Customer:

  • Updating of the application code and storage in the code repository
  • Control of the Build chain
  • Deployment of applications on Kubernetes clusters

Application secrets manager

The Service provides a secret manager (Vault by Hashicorp) that allows the Customer to manage its own application secrets.

 

The integration of Vault into the Caascad service provides a generic secret organization model to cover a maximum of use cases:

  • access by all applications on all clusters
  • access by applications of a particular namespace on all clusters
  • access by all applications on a particular cluster
  • access by applications of a particular namespace on a particular cluster

Deployment of the Vault Injector component is required for applications that do not natively integrate with the Vault Secret Manager. The Vault Injector component is deployed by the Service Provider’s team at the Customer’s request in the environments of their choice.

 

The Service Provider’s team has administrator rights to the secret manager. The access is done in an authenticated and centralized way through the Identity Provider (IdP) service, in SSO.

Limitations

The following activities remain the responsibility of the Customer:

  • Updating application secrets
  • Adding annotations in the application manifests to allow the recovery of secrets

Collecting, storing, viewing logs and metrics

The Service provides for each managed Kubernetes cluster, a metrics collection service (based on Prometheus) and logs (based on Promtail). These collection services are installed, configured and managed by the Provider.

Upon installation, these services are configured to collect:

  • All metrics provided by Kubernetes components (node-exporter, cAdvisor)
  • Logs of all applications running in the Kubernetes cluster and logging at standard and/or error output
  • Logs of all components running on the Kubernetes cluster nodes

The Provider provides the Customer with a way to define additional endpoints for collecting application metrics. They are defined in the Code Repository and must be deployed by the Customer in the Kubernetes cluster to be taken into account.

The Collection Services retrieve, process and store the metrics and logs from each managed Kubernetes cluster centrally in the Customer Administration Environment.

For log processing and storage, the collection service uses the Loki tool that consumes the IaaS S3 service as a longterm storage back-end.

For metrics, the collection service uses the Thanos tool, which also consumes the S3 service of the IaaS as a longterm storage back-end.

The retention periods for logs and metrics are defined during On-boarding. Thereafter, the Customer can request a change to modify them. (Cf Change Management)

The Service provides a managed tool for viewing metrics and logs (Grafana). The visualization tool is configured by default with a set of dashboards and allows the Customer to configure its own dashboards.

Limitations

The following activities remain the responsibility of the Customer:

  • Specification of endpoints for collection of application metrics
  • Configuration of metric and log collectors through the code repository
  • Configuration of the Grafana dashboards specific to the customer applications through the code repository

Collecting, storing and viewing VM metrics

For each Customer environment, the Service Provider provides the Customer with a way to define endpoints for collecting application metrics from virtual machines. The informations on the VMs application exporters are defined by the Customer in the Code Repository and are deployed through the Provider’s automatic CI/CD pipelines.

 

The metrics collection services from the virtual machines retrieve, process and store the metrics in a centralized manner in the Customer Administration Environment.

 

The retention periods for VM metrics are the same as those for managed cluster metrics.

Limitations

The following activities remain under the responsibility of the Customer:         Installation of OS/application exporters on virtual machines

  • Specification of the endpoints to collect OS/application metrics
  • Opening network flows between the managed clusters and the monitored virtual machines            Configuration of the dashboards of the applications installed on these VMs

Alerting

This Alerting service allows the Customer to:

  • Manage its own set of alerting rules based on the collected application metrics
  • View alerts set up by the Provider by default
  • View the status of alerts in real time via the managed tool Karma

Limitations

The following activities remain the responsibility of the Customer:

  • Configuration of application alerts and the Karma tool through the code repository
  • Saving the alert configuration in the code repository

Backup and Restore

The GIT code repository is backed up daily. These backups are kept for 7 days, then a weekly backup is kept for an additional month in the Customer Administration Environment.

The configuration elements of all the Service tools (dashboards, alerts, etc.) must be stored by the Customer in the code repository in order to be backed up and preserved during updates and incidents.

The backups of the code repository are exclusively provided for the restoration of the Service by the Provider in the event of an Incident. The Service restoration mechanism consists of restoring the GIT repository from the backup and redeploying the tools and their configuration from the restored repository.

Logs and metrics are stored in the standard Object Storage of the Customer Administration Environment. They are not replicated or backed up additionally.

Limitations

Configurations made by the Customer on all the tools and collectors of the Service other than through the code repository are not saved. They are therefore lost when the Service is restarted following an incident or update.

Specifics of CaasCad Service Updates

The Provider does not provide software development services or feature patches on open source software deployed for the Service. The Provider uses the evolutions updated by the opensource community. The so-called “minor” updates and security patches will be automatically deployed without Customer notification.

 

The major updates will be notified to the Customer with a notice period of 2 weeks before going into production. The Provider will inform the Customer of the end of support for obsolete versions.

 

The application of the major updates will be the subject of a service invoiced to the Customer.

 

The Provider ensures the traceability of all interventions in production thanks to an operating tool used by the Customer Support Center. This data is kept by the Provider for the duration of the Agreement and is deemed authentic between the Provider and the Customer.

CaasCad Service Limitations

The Managed Application Reporting Service does not apply to CaasCad.

 

The Managed Application Antivirus Service does not apply to the CaasCad service that does not manage servers.

 

The CaasCad Service does not include IaaS and Customer Environment services that Customer must purchase separately from the IaaS provider at its then current rates.

Limitations of the Caascad Shared service

The following features do not apply to Caascad Shared

  • Code repository, build chain and container storage
  • Log and metrics collection, storage and visualization
  • VMs metrics collection, storage and visualization
  • Alerting
  • Backup and restore (GIT)
  • Secret management
  • Self-service user management in the centralized directory

To get the full Caascad service, the customer must migrate from the “shared” offer to the “dedicated” offer. This migration is possible at any time at Customer request.

Managed application

The “Managed Application” management level makes it possible to provide the Customer with the following services:

  • Application server installation
  • Application operation and administration
  • Reporting and application statistics
  • Application supervision  Application back-up

The Provider can take on responsibility for all customer application management tasks, as an additional service, giving rise to a separate estimate.

Managed business application

The Provider will provide the following services:

 

  • Production environment maintenance,
  • =Application management in other environments (interaction between different environments, such as development, integration, etc.)
  • Application management with dependencies connected to other environments (interaction between different environments such as development, integration, etc.

The Provider defines a complexity coefficient depending on the criteria below. These criteria are taken into account to produce the quotation.

  • Number of users,
  • Application maturity,
  • Party in charge of release management  Number of interfaces with other applications,            Number of servers.

By drawing upon the application functioning thresholds set with the Customer, the administrators may diagnose a problem and advise the Customer on corrective action.

 

The functioning thresholds are determined with the Customer from the very deployment of the customer application management service. However, the components subject to proactive monitoring are enhanced throughout the customer application’s life cycle, as it is by tracking them day-by-day that the administrators become familiar with the Customer’s applications and their behaviours.

Managed SAP

SAP managed services aim at either setting up a new SAP application or migrating an existing SAP application for the Customer and operating the corresponding Environments.

The service phases

For each SAP application, the Customer must subscribe “SAP run” activities and either “SAP setup” or “SAP migration”.

SAP Hana Trial

The Service offers two SAP Hana Trial test scenarios to allow the Customer to test the use cases before going into production or in parallel with the production workload. The options are “Prototyping” and “Sandbox”:

  • Prototyping allows you to test a new application
  • Sandbox is intended to test the evolutions of an existing SAP application.

Assistance is provided during working days and French business hours (9am-6pm).

                           SAP Prototyping

In this scenario, the Provider creates a new environment, based on the Customer’s needs.

The Service includes the implementation of an application platform for the Customer according to his needs. The customer’s needs must be described beforehand during configuration.

The Service includes the following deliverables:

  • Access to a technical platform containing all the applications and specificities agreed at the Client’s request (The Prototype)
  • All documents necessary for the client’s use of the Service (e. g. user guide)

                           SAP sandbox

In this scenario, the Provider replicates an existing Environment provided by the Customer into a dedicated Sandbox Environment.

 

The service includes configuring a SAP sandbox environment based on SAP HANA® for the customer. All documentation allowing the installation and settings of the application must be provided by the Customer.

The Service includes the following deliverables:

  • Access to a technical platform containing all applications and data provided by the Client (the Testing Environment)
  • All documents necessary for the client’s use of the Service (e. g. user guide) 8.2.3 Specifications

 

The following tables list the applications provided as part of the “SAP Managed” services

Limitations

The following activities remain the responsibility of the Client:

  • Verification of the proper functioning of the SAP application
  • Make the decision to restore the database or environments
  • Perform sales tasks based on the customer application

Project management services or professional services, unless otherwise specified in the technical and financial proposal, are not included in the service.

Non-production environments

The Customer may subscribe to Non-Production Service Units in addition to its Production Service Units, under the conditions specified in the Fee Schedule. The Customer’s non-production environments will be installed by default in the same Tenant as the one of its production.

A service of management of nonproduction environments can be included, on quotation, in the service of the Managed Service Manager. It may cover, according to the Technical and Financial Proposal, all or part of the following services:

  • Centralize deliveries and validate deliverables
  • Industrialize the installations in such a way as to facilitate and secure production start-ups
  • Test the installations and application in an environment equivalent to production
  • Provide advice and assistance to the Customer on deliverables related to new versions, processes, and possibly on some technical choices

Description

The following table lists the services provided as part of the “Managed Application” services. Table 12: Description of “Managed Application

Phase   Activities
Business

Application

Implementation

Install and configure website

Install and configure Client application

Compliance with safety recommendations

Business

Application

Operation

Administer and maintain the configuration

Backup and recovery services Event management

Limitations

The following activities remain the responsibility of the Client:

  • provisionning of a documentation for installation and configuration of the application
  • verification of the proper functioning of the application
  • provisionning of procedures for the management and operation of the application  decision to restore the application
  • business tasks depending on the Client’s application

Native Hyperscaler Services

Managed and Co-Managed Services Strategy

The Provider can support Customers in 3 different ways in their use of the Cloud.

 

  1. The Fully Managed model is a model in which the Service Provider is responsible for the deployment, monitoring and operation of the Customer’s application scope. The Customer is responsible for providing a fully tested functional environment.

 

  1. The “Co-Managed” model is a model in which the Customer and the Service Provider share the responsibilities of deployment, monitoring and operation of applications and workloads. In this model, the Customer takes responsibility for the development and testing of its application(s). The Customer may propose deployment procedures based on its own change processes. The Service Provider is responsible for 24×7 monitoring and maintenance including non-working hours and days and/or 8×5 for less critical workloads. The Provider and the Customer collaborate using a Git repository, a continuous integration and deployment chain (CI/CD) and shared tools for monitoring, logging, alerts, dashboards and communication. The Provider can offer in this model, via a specific contract, a Cloud Center of Excellence or Expertise.

 

  1. The “Full DevOps” model is a model in which the Customer’s development team is fully responsible for the development, deployment, monitoring and operation of the Workload. In this model, the Provider may offer professional services to the Customer, via a specific contract, in the form of a Cloud Center of Excellence or Expertise to help the Customer set up DevOps pipelines, tooling, landing zone and Build to Run activity. In this model, no managed services are offered.

The Service Provider’s service commitment applies to both Fully Managed and Co-Managed models. During the presales or consulting phase, the Client and the Service Provider will agree on the required managed services model and adapt the RACI accordingly if necessary.

Service Description

The Provider provides technical operation and monitoring of the Customer’s AWS, Azure or GCP Native Services, as well as optimization and upgrade activities through the implementation of a network interconnection between the Provider’s “service area” and the Provider’s Cloud Platform.

 

At the beginning of the Client project:

  • An audit is required to determine the inventory of resources to be managed, their Transition Class, the scope of work remaining to be completed to be ready for operation, the RACI and the limitations of the service to be managed.
  • The construction of a landing zone is required. Infrastructure deployment is modeled as Infrastructure as Code (IaC) for quality, repeatability and disaster recovery. Native Services, AWS, Azure or GCP are deployed using this IaC.

The definition of Transition Classes for resources to be transferred and then managed by the Provider are specified in the AWS, Azure or GCP Technical Annex.

 

The rates listed in the AWS, Azure or GCP Native Services pricing sheet are for the service delivered by the Provider only. Pricing for the IaaS resources of the relevant hyperscalers are not included in the Service Provider’s service, and appear on the Customer’s IaaS invoice.

 

The price of the services referred to in this paragraph and applicable to the Customer is calculated by taking into account the following elements

 

  • The number of Native Service Units managed or for which the managed service is subscribed after validation with the Customer through a HLD (High Level Design). The Service Provider’s service and price commitment is based on the native services indicated in the HLD as well as the underlying micro services, middleware, application, database.
  • The Transition Class applied, following the inventory of the resources to be managed, that the Provider will perform during the audit. For some services, the Provider’s responsibility may be limited to the maintenance of the IaC and the management of changes only, or may include the supervision.
  • SRE (Site Reliability Engineering), which corresponds to the maintenance of the infrastructure as code or to a proactive recommendation for improvement of the IaC by the Provider. An SRE share is included as standard in the Managed Service operated by the Service Provider, a provision is provided beyond that which will be invoiced as a controlled expense by the Customer.  The support chain used:
    • Standard” via our support chain located in Cairo for the L0/L1 service desk
    • Full France”, in which the Customer can have a Full France channel or a Full France channel with reinforced security, via our support channel located in France. The incidentology (number of monthly tickets L0/L1) will be defined with the Customer and the Service Provider according to its needs.
  • The number of days related to governance via : o the Managed Services Manager for the monitoring of monthly kpi/reporting, o      the Managed Contracts Manager for contractual follow-up and billing.
  • The number of managed tenant(s) that host(s) the Customer’s environment, administered and supervised by the Provider’s teams,
  • The number of token(s) per unit or per pack subscribed by the Customer for the “change management ” necessary to the starting of the Customer project or in life of solution.

Description

The following table lists the services provided as part of the “Native Hyperscaler Services”: Table 13: Description “Native Hyperscaler Services”

Phase   Activities
Native

Hyperscalers Services

Implementation Phase

Review and validation of the RACI of the Azure, AWS or GCP Customer’s application services by the Service Provider

Creation of the infrastructure as code: according to the transition class

  Review and adjustment of the reflex cards (MOP on incident) provided by the Customer’s company to the Service Provider (When applicable in transition where the Customer’s environment exists and in case of managed applications)
  Takeover and/or elaboration of the documentation for the use of the Provider’s teams
  Co-definition and/or revision of alarms and application thresholds
  Creation of accesses for the Provider’s administrators
  Configuration of the VPN operation (if necessary)
  Configuration and testing of alarms in the Provider’s centralized monitoring system
  Training Customers on the Cloud Store for access to change/incident requests.
Native

Hyperscalers  Services

Operation Phase

Supervision and operation o Reading and analysis of alarms

o       Maintenance of the IaC (excluding changes) according to the transition class

o       Correction of faulty configurations o    Joint review and update of security groups and access controls  o              Event management (changes & incidents) and interfacing with Azure,

AWS or GCP support if necessary and application operations o        Supervision of the service 24/7

Spécifications

The Provider provides operation/supervision and foreign exchange management of the Native Services mentioned in the attached list. All the Native Services not present in the list available via the following url will be treated as a customized offer by the Provider’s teams.

Managed Service on Azure

Table 14: « Azure Native Services » Service Specifications

The list of Azure Native Services is available at the link:

     https://cloud.orange-business.com/wp-content/uploads/2021/10/managed-applications-list-of-supportednative-services.pdf

Managed Service on AWS

Table 15: « AWS Native Services » Service Specifications

The list of AWS Native Services is available at the link:

     https://cloud.orange-business.com/wp-content/uploads/2021/10/managed-applications-list-of-supportednative-services.pdf

Managed Service on GCP

Table 16: « GCP Native Services » Service Specifications

The list of GCP Native Services is available at the link:

     https://cloud.orange-business.com/wp-content/uploads/2021/10/managed-applications-list-of-supportednative-services.pdf

Prerequisite

To benefit from the various “Native Hyperscaler Services” the prerequisites are as follows:

  • Customer must have defined an HLD compliant architecture. (Provider may optionally provide professional services for architecture definition).
  • Customer must have a subscription, resources, and support level to an Azure, AWS, or GCP account. Subscription and IaaS resources are not included here, the Provider may provide this subscription via a specific contract.
  • The Customer must create at least one VPC (Virtual Private Cloud) at its Cloud provider or give the means of delegation to the Provider.
  • The Customer must create as many accounts as necessary for the Provider’s administrators as defined during the audit phase,
  • The Customer must set up a network interconnection between the Azure, AWS or GCP platform and the Service Provider’s service area. The connection may be simplified when the Provider does not provide a managed operating system, middleware and application and native Azure, AWS or GCP tools are used (to be determined in the Pre-Sales phase).
  • Customer’s platform must be urbanized according to Azure, AWS or GCP landing zone best practices,
  • The Customer must have a precise inventory of the resources to be operated by the Service Provider:

micro services, middleware, applications, databases, …, so that the transition perimeter and the list of services to be managed can be established by the Service Provider teams.

  • The Provider will apply by default its standard RACI. A RACI between the Provider and the Customer can be established beforehand if there are Customer specificities to take into account.
  • The Customer and the Provider must agree on the tooling used for GIT, the CI / CD chain, the monitoring, logging and alerting solution.

Log As A Service (LaaS)

The Log As A Service managed with ECE (Elastic Cloud Enterprise) components is an Provider Service. It is a complete end-to-end log analysis solution that helps in deep search, analysis and visualization of logs generated by different machines.

 

The service consists of all or part of the following elements:

  • A secure administration platform, shared by all Clients, instantiated within the Log As A Service platform
  • The instantiation of the Clients in the secure shared Allocators,
  • Elastic license management provided by the Provider
  • The 24 x 7 supervision of the deployed Elastic clusters
  • Installation and maintenance in operational conditions of all or part of the components (Kafka, Logstash, APM, Machine Learning, Kibana) for the Customer
  • The implementation of the following services on estimate:
    • Customized data collection for :
      • The addition of new data sources in your Elastic cluster
      • The accompaniment in the update of the architecture (addition of node) if needed according to the volume of data added
      • The creation of custom dashboards for the creation of dashboards adapted to the use of the Customer
    • Deployment of machine learning for the customer
    • Coaching on the use of Elastic and the solution for the Customer’s teams on the use of the Elastic suite

Description

The following table lists the services provided as part of the “Log As A Service” service:

Table 17: Description «Log As A Service»

Phase   Activities
Log As A Service

Implementation

Phase

Installation of the ECE platform

Creation of Elastic Cluster

Adding Allocator(s) on the ECE platform

  Snapshot Configuration
  Restore Snapshot data
  Supply and Installation of licenses on the Customer environment
  Provision of an Elastic version on the ECE platform according to Elastic recommendations
  Installation of Logstash and KafKa options
  Installation/configuration of LDAP
  Deployment of Machine Learning nodes in the Customer cluster
Phase   Activities
Log As A Service   Operation Phase

Administration of the ECE platform (IaaS + Software) Update of Elastic Clusters versions
  Administration of installed services
  Minor or major upgrades
  Supervision and Operation o Alarm reporting and analysis o               Correction of faulty configurations

o       Security management (updates, access control) and platform compliance  o        Event management (changes & incidents) o        Log management

o       Supervision of the service 24/7

Limitations

To benefit from the various “Log As A Service” services, the Customer must perform the following actions:

  • Adding logs to the cluster, creating indexes, managing Kibana spaces, managing users and roles, querying logs, reading access logs, creating a lifecycle policy, creating “beats” pipelines, creating a dashboard on Kibana,
  • Installation and configuration of a software/agent on the application servers to transfer the logs to the ECE cluster using for example filebeats and https protocol  Installation of Beats for data injection.

Managed Big Data

Managed Big Data is a service that allows customers to generate value from their business data (such as predictive maintenance, fraud detection or customer knowledge).

 

This service is composed of different solutions that are all managed by the Provider (Infrastructure and Big Data Components). These solutions work with the same philosophy: Collect data in batch or streaming mode, Store data, process the data and visualize data.

 

The service consists of all or part of the following elements:

  • A secured administration portal provided with the Big Data platform,
  • A dedicated tenant to ingest, store, process and visualize the Customer data,
  • A 24 x 7 monitoring and alerting solution,
  • /Installation, configuration and RUN (maintenance in operational conditions) of the Big Data solutions components by the Provider,
  • The implementation by the Provider of the following services on quote:
    • Data and security Assessment and Architecture proposal,
    • Migration from an existing Big Data solution to the Provider environment, o Development of business use cases with the internal partners of the Provider,

The following Big Data software solutions are proposed and managed by the Provider. Each solution can be selected depending on customer needs (see next chapters for more details):

  • Big Data with Cloudera CDP / CDF
  • Big Data native services with Flexible Engine
  • Big Data native services with Google GCP
  • Big Data native services with Microsoft Azure  Big Data native services with Amazon AWS.

 

For the Big Data Services proposed in self-service by the public Cloud Provider (Flexible Engine, GCP, Azure and AWS), the Provider manage for the Customer the infrastructure and the Big Data components.

 

Access to the Service

Prerequisite

  • The Managed Big Data Service is based on a supported IaaS and its services, which the Customer must subscribe to in advance with the third-party cloud provider or the Provider. IaaS services are not part of the Service.
  • The Customer shall subscribe necessary network access to the IaaS Service.
  • Big Data native services from Public Cloud provider (FE, GCP, Azure and AWS) can only run on each IaaS
  • The Tenant subscribed by the Customer is a Managed Tenant, administered by the Provider.
  • For Big Data with Cloudera, Cloudera CDP/CDF software licenses must be purchased by the Customer from the Provider.

The following phases are optional to the service: Data and security Assessment and Migration.

The following phases are mandatory to the service: Installation, configuration, operation, supervision, monitoring, backup and change management.

Specifications

The service consists of the following solutions and components

Cloudera CDP / CDF managed by the Provider

The Cloudera CDP/CDF solution includes the components listed below.

 

Big Data native services with Flexible Engine managed by the Provider

Flexible Engine Native Services proposes a set of Big Data components as listed below.

Big Data native services with Google GCP by the Provider

Google GCP Native Services proposes a set of Big Data components as listed below.

Big Data native services with Amazon AWS managed by the Provider

AWS Native Services proposes a set of Big Data components as listed below.

Big Data native services with Microsoft Azure managed by the Provider

Azure Native Services proposes a set of Big Data components as listed below.

Limitations

The following activities remain the Customer’s responsibility:

  • Sizing of the environment in coherence with the components requested by the Customer,
  • Performing business tasks related to the Customer applications and use cases,
  • Verifying the proper functioning of his business applications and use cases, on top of the Big Data softwares
  • Produce and maintain a documentation for installation and configuration of his applications and use cases.
  • Making decision to restore big data Nodes and databases,
  • Project management, unless otherwise stated in the Technical and Financial Proposal

The execution/implementation of Major releases specific to a 3rd party component is not included, available through additional professional services only and a specific project.

Managed Computer Vision

Description

Managed Computer Vision is a service employing artificial intelligence for video analysis and allowing customers to gather insights and trigger alerts which are shown through a dedicated customer dashboard.

The service includes the following blocks:

  • A Computer Vision software,
  • A Cloud hosting solution managed by the Service Provider,
  • An implementation service and a managed service for keeping the Computer Vision software solution up and running.

The implementation and managed services include the following items:

  • Development of Managed Computer Vision use cases and their configuration to make them operational: o Dataset and tools deployment (labelling, training etc.), o Artificial Intelligence system design (internal framework, training, data processing etc.), o Design and implementation of key parameters and their visualization on a dashboard, o Application installation and configuration based on technology vendor best practices.
  • System management, administration and 24 x 7 support for production and non-production environments,
  • Monitoring and maintenance of the deployed system,
  • Application maintenance as a third-party provider over the data lifecycle  Incident, change and security events management.

The Service Provider can take care of full application stack management as an option on quote.

The Service Provider integrates ISVs (Independent Software Vendors) and experts into the Managed Computer Vision system according to customer needs.

Data privacy and security

Managed Computer Vision relies on camera footage at the customer premises and employs Artificial Intelligence methods for processing data.

The customer has the ultimate personal data processing responsibilities including the declaration of such technology to national entities responsible for personal data protection such as CNIL (Commission Nationale de l’Informatique et des Libertés) in France or equivalent institutions where the system is deployed.

The Service Provider proposes, within the Managed Computer Vision offer framework, end-to-end support on impact analyses on data protection for the CNIL institution. Potential equivalent activities in other countries can be offered upon a feasibility study carried out by the Service Provider.

Description

Here are additional details on the implementation and move to run phase for Managed Computer Vision.

Infrastructure implementation phase:

  • Infrastructure and associated services deployment (middleware, network, DNS, NTP, backup, storage, antivirus, and monitoring),
  • Infrastructure testing and validation.

Transition to run phase:

  • Application design and data processing framework,
  • KPIs collection, user dashboard creation,
  • Development and integration of APIs,
  • Application configuration,
  • Data quality and data lifecycle testing,
  • Monitoring system deployment and hardening,
  • Move to maintenance stage,
  • Activation of L1, L2 and L3 support teams.

Limitations

  • The customer manages cameras infrastructure including initial implementation and maintenance,
  • The customer provides the necessary workforce to monitor the Managed Computer Vision dashboard and act on alerts,
  • Processed data is not backed up nor stored to be used as proof for legal actions. The main purpose of the service is to deliver a live KPI analysis and alerting solution.

Managed backup and recovery service

This Service allows the Customer to back up and restore at the file level the content of servers deployed in physical environments or in the Cloud.

The Customer can also benefit from the Office 365 Managed Backup. It allows to backup data from Office 365 applications: Exchange Online, SharePoint Online, OneDrive for Business and Team. It also provides full management of granular recovery of Office 365 data by application and backup policy.

This Service is based on a BaaS backup solution (integrated into the Provider’s infrastructure). The cost of the BaaS Service is borne by the Customer as part of the underlying IaaS offer.

Caractéristics

The Backup and Recovery Service can be provided to Customers who already subscribe to the Managed OS, Managed Database, Managed Middleware, Managed Container, Managed Application services. This Service can also be provided to Customers who have on-premise or cloud-based data backup/recovery needs.

The following frequency and retention policies are predefined in the Provider’s backup system.

The first backup in file mode or for Office 365 performed by the Service Provider is a full backup, the following backups are incremental according to the backup policy chosen by the Customer.

Customers may request specific retention policies and customized backup frequencies. Specific requests are submitted to the Service Provider for approval and will be quoted to the Customer.

Limitations

The following activities remain the responsibility of the Customer:

  • Full acceptance tests which will be recorded in an acceptance report.
  • Decision to restore a file or a group of files

Infrastructure services included

Antivirus service

This solution is composed of antivirus software installed on each server (Endpoint Protection) and an administration panel (Enterprise Console) positioned in the IaaS platform’s service zone.

 

The panel manages upgrade distribution as well as deployment strategies and agent settings.

Managing patches and “service packs”

The Provider provides the Customer with patches and “service packs” for 3 management levels:

  • Managed OS
  • Managed database:
  • Managed middleware

The upgrades are tested and validated by the Provider before being authorised for platform use.

The Customer validates or rejects the use of patches thereafter.

In the event of any problems stemming from the deployment of the Service Pack, the Provider may not be held liable. The Customer may request that the last image of the virtual machine be restored.

Supervision Service

The Provider undertakes to test the Customer solution infrastructure and application components to ensure smooth operation 24/7 and 365 days a year, at each management level (OS, database, middleware and Application) for which it is responsible. Any dysfunction alert confirmed by the supervision teams will give rise to an incident report with the Help Desk.

DNS Services

The Provider will provide two DNS services to respond to the following needs:

  • Internet address resolution
  • Customer Public DNS entry management

NTP Services

The Provider makes an NTP server available as the default time server