[cs_content][cs_element_section _id=”1″ ][cs_element_layout_row _id=”2″ ][cs_element_layout_column _id=”3″ ][cs_element_headline _id=”4″ ][cs_content_seo]CSP Managed Cloud Schedule\n\n[/cs_content_seo][cs_element_text _id=”5″ ][cs_content_seo]Authored: 1st June 2022

Scope

This Managed Cloud Schedule constitutes a part of the CSP Terms and/or the CSP Standalone Agreement (as appropriate) and contain specific terms relating to the Services and Fees for Managed Cloud services; all other terms are as specified in the CSP Terms.
If any inconsistencies should arise between this Managed Cloud Schedule and the Agreement, this Managed Cloud Schedule shall prevail unless expressly otherwise stated.

Description

Managed Cloud is Ultima’s comprehensive service for managing Azure cloud solutions. Delivered from our Reading Technical Support Centre, Managed Cloud combines cutting edge automation, service management practices and business intelligence platforms, alongside our team of highly qualified Azure Support specialists, ensuring your Azure environment performance is optimised whilst reducing TCO.
An additional empty cloud solution provider subscription named “UMS Subscription” will be added under the Customers Azure tenancy which will be used to host the critical resources of Managed Cloud. Only Ultima and Ultima associated employees will have access to this new, empty subscription. Any attempt by the Customer to gain access to the UMS Subscription will be considered a material breach of this Managed Cloud Schedule Terms, and consequently of the Agreement. Ultima shall thus be able to terminate the Services under this Managed Cloud Schedule and or the Agreement without penalty and in accordance with the Agreement.
For avoidance of doubt and unless otherwise stated in the Agreement, in the performance of the Services under this Managed Cloud Schedule, Ultima shall not be liable for any loss of data as outlined under the Agreement.
The Managed Cloud service is provided in one of two service levels: Advanced and Ultimate.

Service Levels:

Advanced provides comprehensive support for the Customer’s Azure environment, plus a set of Realtime management dashboards, and automated systems discovery and proactive monitoring capabilities for selected IaaS, PaaS and SaaS offering Azure. The service also includes options for proactive operating system security patching and a set of automated configuration changes. Furthermore, Advanced includes a set of Service level commitments on service response and resolution times, to supplement the availability service level commitments provided by Microsoft. This tier of service is fully and automatically integrated into ITSM toolset provided by ServiceNow. Customers will gain access to a bespoke portal with an Azure-based service catalogue to request new resources.
Ultimate builds further on Advanced by introducing a set of additional ITIL aligned service management activities such as formal Major Incident and Problem Management. Ultimate tier builds further on advanced with a wider array of supported Azure services (see support list further on in this Managed Cloud Schedule) as well as more detailed granular monitoring capabilities. Ultimate also includes enhanced reporting, proactive service guidance, flexibility to introduce custom monitoring, designed to maximise Azure environment performance, and far more granular security and cost optimisation.

Service Fees

The Fees payable by the Customer to Ultima in respect of the Services and uplift percentages under this Managed Cloud Schedule shall be the Fees as set out in the initial Set Up Form or, for additional purchases, as set out in the Change Request Form (or in writing from CSP@ultima.com).
The Fees shall be based on the percentage of the Customer’s Azure Management Portal subscription consumption cost that Managed Cloud is assigned against. Such Fees for avoidance of doubt shall include licensing costs related to Azure subscription-based resources and any resource that falls within the subscription assigned to Managed Cloud.
All Fees including uplift percentages under this Managed Cloud Schedule are subject to annual review.
All other terms relating to Fees and payment shall be as provided in the Agreement.

Termination

Notwithstanding the termination rights of both Parties under the Agreement Ultima shall, subject to providing the Customer with ten (10) Business Days prior written notice, have the right to terminate the Services under this Managed Cloud Schedule by convenience should, during the delivery of the Service, Ultima resolve from its commercial and technical judgement, that the Services will prove not to be commercially viable.
Pursuant to the Agreement, Ultima shall only charge termination compensation (such compensation to be stated in the relevant Statement of Work) (“Termination Compensation”) if it is required to do so by Azure subscription or one of its other third-party partners. As at the date of this Agreement no Termination Compensation is payable. Ultima will inform the Customer if this position changes.
All other terms and conditions relating to termination shall be as stipulated in the Agreement.

Deliverables of the Services

The deliverables of each Service tier are included in the below table:

Category

Advanced

Ultimate

Component Description

Service Setup & Onboarding Services 

Migration/Setup on CSP Platform & AC

The Ultima CSP team will provide the Customer with all onboarding forms, guides and support services to assist in their migration to the Ultima CSP platform.The Ultima transition team will manage the Customer onboarding process, to ensure all Service components are enabled for the Customer. This will include setting up support Services access, approval mechanisms for subscription and configuration changes, and full proactive Azure environment management via the Ultima Managed Cloud Service.N.B This Service does not currently include support for Customers who are using alternate Microsoft licensing programs such as an Enterprise Agreement, nor does it include and support the Customer in switching from an EA to CSP.

Creation of Azure tenant, new environment configuration and migrations from on-premises or other cloud

T&M*

T&M*

Ultima will provide the Customer with consultancy services, on a billable basis, to scope and implement new Azure environments and migrations from other cloud platforms, such as AWS, or from on prem solutions

Environment discovery and health check report

Ultima will perform an initial audit of the Customer’s Azure environment and provide a documented health check output, with associated best practise recommendations.

Critical Security configuration remediation (Max 2 hours)

Ultima will provide up to two (2) hours to technical remediation, as agreed with the Customer, in accordance with the security best practice output from the Azure health check.Ultima will also provide details of any further remediation required and a quote to complete this work. N.B Where the Customer declines the recommended security remediation, Ultima will be unable to provide support for any issues relating to this configuration. Furthermore, Ultima will not accept any liability for security breaches as a result of unremedied security issues

Cloud Discovery configuration and CMDB creation

Ultima will install Azure environment monitoring and discovery toolsets and maintain a live CMDB of the Customer environment.Ultima will also configure its cost optimisation tracking toolset to monitor consumption levels and provide trending data for cost optimisation recommendations.

Subscription Services

Billing and subscription support

Ultima will provide support billing and subscription related queries via the Ultima CSP support team (Mon-Fri 09:00-17:30)

Unlimited subscription additions and removals

Ultima will allow the Customer to make unlimited additions and removals from their subscriptions via the Ultima Services Portal

Azure Service Catalogue – Self Service Portal

Ultima will provide a service catalogue in the Ultima portal, allowing approved Customer contacts to add and remove services from their subscription.

Report – Consumption Report – Monthly

Ultima will provide a monthly consumption and associated invoice

Service Management Services

24×7 multi-channel ticketing portal

Ultima will provide access to our ITSM portal, allowing the Customer to log and track Service Requests, Changes and Incidents for Azure services.

24/7 break fix Incident Management (see supported products set)

Ultima will provide 24/7 support for technologies detailed in the supported products section of this Agreement.N.B. Support for any Services not included within the supported products section are not included in this Service.

Guaranteed response and resolution times

Ultima will provide guaranteed service levels on how quickly it will respond to and resolve Incidents and Service Requests (based on achieving the agreed performance targets for 95% of tickets logged during each calendar month)
See service levels section for full details.N.B Where an issue requires escalation to the Microsoft, or is awaiting further information from the client, this time will be excluded from resolution calculations, due to Ultima have no control over how quickly their parties will respond.

Problem Analysis, Investigation and remediation

  

Ultima’s Problem managers will proactivity analyse incident trends to identify issue patterns. Where a problem is identified, Ultima will raise a formal Problem record and follow its standard Problem Management approach to address the issue.

CMDB Management

  

Ultima will maintain a CMDB of all the Customers CI’s in Azure and their associated properties and dependencies

Root Cause Analysis reports for P1 issues (within five (5) Business Days of resolution)

  

Ultima will provide an Incident report for all P1 & Major incidents, within five (5) Business Days of resolution, including an executive summary, timeline of events, details of actions taken to resolve the issue, lessons learned and recommendations to prevent a future occurrence.

Change Analysis and Implementation

Ultima will provide a set of predefined automated changes, via the Ultima portal, which will be implemented FOC. All other manual changes can be implemented at a cost of Great British Pound One Hundred (GBP100) per change. This cost is subject to review periodically and can be adjusted if deemed appropriate.

Vendor Escalation (Microsoft)

Incidents which cannot be resolved without Vendor support, will be logged with Microsoft via the Customer’s CSP portal, and tracked to resolution. 

Report – Capacity Planning and Optimisation

Standard

Enhanced

Ultima will provide a quarterly azure advisor (and advanced optimisation reporting for Ultimate Customers) report detailing environment tuning and cost management recommendations

24×7 Integrated Azure Platform Monitoring

Ultima will configure Azure monitor to alert on a predefined set of alerting metrics, which will be used to trigger remediation actions and the logging of support tickets

Windows AV real-time protection

Ultima will warn if no anti-malware solution is present on Azure VMs and provide Azure anti-malware solution if requested. During on-boarding VMs will be connected to a Log Analytics workspace which has the anti-malware solution installed to gather logs and alert on threats detected. This is an optional service.

Update management of AV software

Ultima will set Azure antimalware automatically update and logs sent to Log Analytics. Update failures will be automatically logged and investigated under incident management. This is an optional service.

IaaS Backup as a Service – 1 per Day

During on-boarding Ultima will configure VMs for Azure Backup and a default retention policy is created if no backup solution is presented.

IaaS Backup as a Service – Customised

  

Ultimate tier Customers can specify a customised retention policy which will be configured by Ultima after on-boarding.

Backup restoration – 1 per month, per instance

Ultima will perform a test restore of one VM, once per month by Customer request

Quarterly Platform Documentation update report

Ultima will provide a quarterly updated architectural documentation report, detailing current Azure environment configuration

Dashboard – Monitoring Health

Ultima will provide access to a preconfigured Azure dashboard detailing backup storage consumption, backup job status and backup completion state, completions and failures

Dashboard – General Azure Infrastructure

Ultima will provide access to a preconfigured Azure dashboard detailing CPU utilisation, disk space used, available memory, Azure service health, load balancers and storage health

Dashboard – Backup

Ultima will provide access to a preconfigured Azure Dashboard detailing backup infrastructure

Customisation

  

Ultimate tier customers may request an additional 5 Azure standard monitoring rules are added into the service as well two (2) additional customised dashboards pending feasibility outcome with Ultima.

Security and Compliance Services

Dashboard – Cloud Security Overview

Ultima will provide access to a preconfigured Azure dashboard detailing real-time security information for on-boarded VMs including malicious traffic detection, outbound connection calls, VM network traffic statistics and top destinations.

Dashboard – Patch & AV Compliance

Ultima will provide a customised real-time Azure dashboard with patch compliance information (based upon Log Analytics update management solution).

Patching – Full for Windows Server Production and Non-Production

If no patching services are in use, Ultima will add on-boarded VMs to an automated patching cycle service by default and apply Windows server updates excluding service packs and update rollups. No remediation of failed patches are included and the Customer may only request rollback from backup. Advanced tier Customers will have an automated patching window every quarter, Ultima tier Customers will have this provided every month.
Note that this service is not compatible if an existing patching service is already applied and Ultima will not take on responsibility of an alternative patching service for Azure VMs.

Patching – Critical / Security Patches for Windows Server Production and Non-Production

(bespoke)

If no patching service is in use, Ultima will add on-boarded VMs to an automated patching cycle service by default and apply Windows server updates defined as security and critical. No remediation of failed patches is included and the Customer may only request rollback from backup. Advanced tier Customers will have an automated patching window every quarter, Ultimate tier Customers will have this provided every month.
Note that this service is not compatible if an existing patching service is already applied and Ultima will not take on responsibility of an alternative patching service for Azure VMs.

Patching – Full for Linux Server Production and Non-Production

  

 

(bespoke)

Ultima will add on-boarded VMs to an automated patching cycle by default and apply all available Linux server updates. No remediation of failed patches are included and the Customer may only request rollback from backup. Advanced tier Customers will have an automated patching window every quarter, Ultima tier Customers will have this provided every month.
Note that this service is not compatible if an existing patching service is already applied and Ultima will not take on responsibility of an alternative patching service for Azure VMs.

Patching – Critical/Security for Linux Server Production and Non-Production

  

(bespoke)

Ultima will add on-boarded VMs to an automated patching cycle by default and security/critical Linux server updates. No remediation of failed patches are included and the Customer may only request rollback from backup. Advanced tier Customers will have an automated patching window every quarter, Ultimate tier Customers will have this provided every month.
 Note that this Service is not compatible if an existing patching service is already applied and Ultima will not take on responsibility of an alternative patching service for Azure VMs.

Track changes between quarterly config reports

  

Track changes will show any configuration changes between environment configuration documentation for Ultimate tier only (not available for advanced)

CheckPoint CloudGuard Network Virtual Appliance Support

  

Ultimate tier Customers that already have a CheckPoint CloudGuard as their Network Virtual Appliance or are implementing one via Ultima Professional Services division will receive support for this resource. This excludes cost of licences, Azure compute and implementation costs.

* T&M are activities which are not included in the Managed Cloud service but can be purchased separately via the Ultima account team.

Supported Monitoring, Technologies and Activities

The below tables define the resources and events that are monitored as part of Managed Cloud. This is divided by Advanced tier and Ultimate tier. Ultima reserves the right to amend and update this section 6.2 without prior notice to the Customer if it deems materially necessary in order to ensure the Services are adequately reflected. 

Name

Advanced

Ultimate

Percentage CPU -> 95% over 15 minutes average (1 min)

Disk write IO -> dynamic medium over minute average (1 min)

Memory Percentage -> 95% over 15 minutes average (1 min)

Free Disk space under 10%

HTTP 404 -> greater than 1 over 10 minutes average (1 min)

Average Response time for web app

IO write operations per second for web app

CPU Percentage of service plan

Memory Percentage of service plan

Threat detected

Update failure

90% Data IO SQL DB

90% DTU PaaS SQL DB (depending on SQL SKU)

90% CPU PaaS SQL DB (depending on SQL SKU)

SQL DB Failed Connections

SQL DB Blocked by Firewall Connection

Delete VM

Power off VM

Deallocate VM

Delete resource group

Delete route table

Delete virtual networks

Delete network interface

Delete load balancers

Delete web app

Restart web app

Stop web app

Restart Web Apps (serverfarms)

Delete App Service Plan (serverfarms)

Delete Connection (connections)

Delete Vault

Whenever administrative activity log “all” administrative operations” has “failed” level for Recovery Service Vaults

Delete Scale Set

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for VMs

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for App Services

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for App Services Plans

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for Recovery Service Vaults

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for Load Balancers

  

 Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for Virtual Networks

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for Storage Accounts

  

Administrative Activity Log “All Administrative operations” has “critical“ or “error” level, with “any” status and event is initiated by “any“ for Virtual Machines Scale Sets

  

 

The following table defines the support technologies and activities that are supported by the Advanced and Ultimate tiers on Managed Cloud.

Note that any limitation or out of scope activity defined below can be forwarded and/or engaged with our professional services division but may incur additional Fees outside of the managed service.
 

Technology

Activity

Advanced

Ultimate

Limitation and Out of scope activities

Azure Portal

Troubleshoot Azure issues via Azure health

 

 

Troubleshoot Azure portal, CLI and/or Azure Powershell issues

 

 

Assist with Azure portal usage

 

Azure VMs

Create new Linux or Windows VMs via portal, pre-existing ARM template or CLI

Marketplace images that require application-specific configuration and setup is out of scope. Custom images are out of scope. VM settings need customer definition

 

Removal of Azure VMs and dependencies (disks, NIC, public IP, NSG and resource group where appropriate)

 

 

Start, stop, restart Azure VMs

 

 

Add/Removal of Azure Hybrid User Benefit

 

 

Add/Removal of Azure Reserved Instance

A, G and B series do not support this. Reserve instance requirement needs customer definition

 

Configure and enable boot diagnostics

 

 

Resize Azure VM

 

 

Reset admin password

 

 

Reset RDP configuration

 

 

Redeploy Azure VM to new host

 

 

Troubleshoot connectivity issues

 

 

Move Azure VM to different resource groups

  

   

 

Change disk type from standard HDD to premium SSD

  

 

 

Troubleshoot ARM template-based deployments

  

 

App Service Plans

Creation of app service plans

 

 

Scale up (bi-directional) manually

Scaling can be more than 1 step if required

 

Scale out (bi-directional) manually

Scaling can be more than 1 step if required

 

Troubleshoot performance issues

 

 

Removal of app service plans

 

 

Add or remove VNet integration

  

 

Availability sets

Creation of availability sets

 

 

Deletion of Azure VM(s) from existing availability sets

Possible downtime is out of scope. Extraction of Azure VM is out of scope.

 

Removal of availability sets

 

 

Extract Azure VM from existing availability set

  

 

Managed Disks

Creation of new managed disks including mounting and cache settings

Managed disk size will need to be determined by the Customer

 

Removal of managed disks

 

 

Convert unmanaged disks to managed disks

 

 

Change managed disk mount point to another VM

 

 

Increase disk size

Will require the host OS to be reconfigured which is out of scope and is the Customers responsibility.

 

Take disk snapshots

  

 

 

Convert snapshots into new Azure VM

  

Standard or premium tier required

Web Apps

Creation of web app

 

 

Removal of web app

 

 

Troubleshoot general performance issues

 

 

Perform backup and restores of web app content (standard app service plan or higher only)

 

 

Add/remove application settings and/or connection strings

We provide no support for application functionality within the web app, just the infrastructure resources

 

Modify stack and/or platform settings

We provide no support for application functionality within the web app, just the infrastructure resources

 

Add/remove deployment slots

  

 

 

Clone web app to another web app

  

 

 

Manage TLS/SSL settings

  

 

 

Enable/modify access restrictions

  

Standard or premium tier required

 

Enable VNet integration

  

 

VNets

Create new virtual networks

 

 

Removal of virtual networks

 

 

Create new subnets

Address space must be available to perform this

 

Removal of subnets

Connected devices must be removed before deletion request

 

Add new address spaces

 

 

Modify subnet ranges

Address space must be available to perform this

 

Modify address space range

 

 

Add or modify DNS inheritance

 

 

Add or remove VNet peering

 

 

Modify VNet peering settings

This is within the same region only

 

Troubleshoot VM connectivity issues

 

 

Add or remove global VNet peering

  

 

 

Modify global VNet peering settings

  

 

VM networking

Add NIC to VM

 

 

Remove NIC from VM

 

 

Add/modify NIC configuration

Dual homing is out of scope, one (1) IP per VM only.

 

Troubleshoot NIC connectivity issues

 

Load Balancers

Creation of Azure internal/external load balancer

Basic load balancer SKU is out of scope

 

Removal of Azure internal/external lad balancer

 

 

Create/modify load balancer frontend

Maximum of 10 frontend connections

 

Create/modify health probe(s)

Maximum of 10 health probes

 

Create/modify backend pools

Maximum of 10 backend pools

 

Create/modify load balancing rules

Maximum of 10 load balancing rules

 

Troubleshoot health

 

 

Troubleshoot failover issues

 

 

Troubleshoot load balancing issues

 

Virtual network Gateways (VPN)

Create new Virtual network Gateways (VPN)

Policy-based is out of scope. BGP AS option is out of scope. Active/active setup is out of scope.

 

Removal of Virtual network Gateways (VPN)

 

 

Modify SKU

 

 

Add/modify/remove connection

 

 

Create/remove point-to-site VPN

 

 

Troubleshoot VPN connectivity issues from Azure side (site-to-site and point-to-site)

Customer VPN connectivity on customers side is out of scope and customers responsibility

Network Security Groups (NSGs)

Create/remove NSG

 

 

Add/remove inbound rules within NSG

 

 

Add/remove outbound rules within NSG

 

 

Associate/disassociate NSG with VM NIC and/or subnet

 

 

Troubleshoot connectivity issues relating to NSG rules

 

Route Tables

Create/remove route tables

 

 

Add/remove routes

 

 

Associate/Disassociate route table with subnets

 

 

Troubleshoot connectivity issues relating to route tables rules

 

Traffic Manager

Create new traffic manager profile as performance, weighted, geographic, priority

Multivalue and subnet is out of scope

 

Removal of traffic manager profile

 

 

Modify existing traffic manager routing method

 

 

Modify endpoint monitor settings

 

 

Add new external or azure endpoint. Type App Service, App Service slot and Azure public IP supported

 

 

Modify existing endpoints

 

 

Disable or remove endpoints

 

 

Troubleshooting routing or endpoint connectivity issues

 

Network watcher

Enable or disable network watcher for a particular region

 

ExpressRoute

Create new express route circuit

New connections will need the support of the circuit provider. Managing 3rd parties is out of scope and must be performed by the Customer

 

Remove express route circuit

 

 

Create/modify peerings

 

 

Troubleshoot ExpressRoute connectivity issues on the Azure side of the connection

 

IP resources

Create new public IPs

 

 

Remove public IPs

 

 

Modify public IP address

 

 

Assign/unassign public IPs

 

Storage Accounts

Creation of v2 storage accounts

 

 

Removal of v2 storage accounts

 

 

Management of blob and file services including container creation and deletion as well as file share creation, deletion and quota changes.

Tiering is out of scope on blob

 

Download or upload of data to blob container or file share

 

 

Assistance with file sharing mapping/unmapping

 

 

Access key request and regeneration

 

 

Configuration changes and management per storage account excluding Azure AD authentication with Azure files and Data Lake setting

 

 

Creation, management and deletion of shared access signatures

 

 

Enable service endpoints to VNet

  

 

 

Enable automated lifecycle management for automated tiering of blob data

  

 

 

Modify automated tiering configuration for lifecycle management

  

 

 

Enable firewall and/or service endpoints to VNets

  

 

Azure File Sync

Create Storage Account

Server Endpoint creation excludes creating folders /shares in the Windows OS. 

 

Create New File Share

 

 

Create Storage Sync Service

 

 

Create Sync Group 

 

 

Create Cloud Endpoints

 

 

Create Server Endpoints

 

 

Monitor Server endpoint health in the portal = Error

 

 

Monitor Files are failing to sync to a server or cloud endpoint

 

 

Monitor Registered server is failing to communicate with the Storage Sync Service

 

 

Monitor Cloud tiering recall size has exceeded 500GiB in a Day

 

PaaS SQL database

Create new PaaS SQL databases

 

 

Removal of PaaS SQL databases

 

 

Change configuration of DTU level

V-core is out of scope

 

Enable/disable geo-replication

 

 

Enable/disable TDE

 

 

Provide connection strings and SA account details

 

 

Point-in-time restoration

 

PaaS SQL Server

Create new PaaS SQL Server resource

 

 

Removal new PaaS SQL Server resource

 

 

Enable/modify Azure AD admin

 

 

Add/Remove client IP access

 

 

Enable Long-term retention/recovery

  

 

 

Modify long-term retention configuration

  

 

 

Create failover groups

  

 

 

Enable service endpoint to VNet(s)

  

Integration service environments and Integration accounts are out of scope. Transformation services are out of scope. Code-based logic apps are out of scope.

Azure AD

Create new Azure AD accounts (if AD Connect not in use)

Accounts required to be made on-premises in Active Directory is out of scope if AD Connect is in use

 

Remove Azure AD accounts (if AD Connect not in use)

 

 

Update user information

 

 

Manage Azure AD specific user permissions

 

 

Invite users from other tenancies (Azure B2B)

 

 

Create Azure AD groups and assign/unassign users

 

 

Apply users and groups under subscriptions, resource groups and/or resources using RBAC rules

 

 

Troubleshoot Azure AD connect issues

 

 

Modify Azure AD Connect OU filtering

 

 

Add or remove custom domain names and verification

 

 

Create app registration

 

Key Vault

Create Key Vault

Standalone HSM version is out of scope

 

Removal of Key Vault

 

 

Add/Remove passwords or secrets as requested

 

 

Alter RBAC permissions to the vault and its resources

 

Azure Backup

Backup Azure VMs (VM level)

Management of Azure backup vault, retention and vault creation is out of scope

 

Restore Azure VMs (VM level)

 

 

Restore Azure VM disks only

 

 

Monitor backup failures

 

 

Troubleshoot Backup failures

 

 

Management of Azure vault

  

 

 

Troubleshoot vault errors outside of backup failures

  

 

 

Create/modify retention policies

  

 

 

Backup SQL databases from Azure SQL VM

  

 

 

Backup storage account data

  

 

 

Restore SQL data from vault

  

 

 

Restore storage account data from vault

  

 

 

Define and manage an isolated VNet

  

 

 

Perform one (1) test VM-level restore. Verify VM boots and RDP access is available

  

 

 

Troubleshoot advanced backup failures

  

 

Azure automation

Creation of Azure automation accounts

 

 

Removal of Azure automation accounts

 

 

Management/modification of update management feature

 

Antimalware

Add Microsoft Antimalware extension to Azure VMs, default configuration

 

 

Removal of Microsoft Antimalware extension of Azure VMs

 

 

Troubleshoot Microsoft Antimalware extension errors

 

 

Monitor and detect threats from Microsoft Antimalware extensions

 

Patch Management

Apply VMs to default groups per onboarding questionnaire and onboard Azure VMs into patching solution

 

 

Perform patching process for specified Azure VMs in a provided patch window(s) for production, non-production patch VMs Patch service is optional and is not compatible with any other patching service or previous configurations.

Quarterly

Monthly

Custom patch window is available on request. Ultima is not responsible if an existing patch configuration or service is in use, and the Azure patching service will not be compatible/usable in this scenario.

 

Rollback VM if unresponsive due to patching

VMs must be already backed up during onboarding discovery to be eligible for patch management. Application issues post reboot are out of scope

 

Provide one (1) Emergency patch window

 

 

Monitor patch failures

 

 

Provide two (2) Emergency patch windows

  

 

Azure Dashboards

Provide readable and standardised dashboards for customers

 

Azure Monitor

Provide monitoring of default built-in metrics and log activities based on automated resource scan. Provide action groups for email and ITSM. Provide automated incident ticket generation on monitoring thresholds to be investigated per required SLA. Azure Monitor is pre-configured to monitor the following resource types:

 

 

 

Azure VMs

 

 

Azure Disks

 

 

Update Management

 

 

AntiMalware Threats

 

 

PaaS SQL Databases

 

 

PaaS Web Apps

 

 

Recovery Vaults

 

 

Azure VPNs

 

 

VNets

 

 

Network Interfaces

 

 

Load Balancers

 

 

Route Tables

 

 

Azure Activity Log

 

 

Scale Sets

  

 

 

Granular Error or Critical states on all resources defined in this list

  

 

 

Increase retention to six (6), nine (9) or twelve (12) months

  

 

Compliance

Provide access to Azure advisor recommendations and Azure Security Centre.

 

Compliance (Azure Policy)

Create/assign built-in policies

  

 

 

Troubleshoot compliance issues

  

Modification to built-in policy settings only. Custom policies are out of scope.

 

Modify policies

  

 

 

Troubleshoot policy issues

  

 

Compliance (Azure Sentinel)

Review automated cases that are generated

  

 

Resource Providers

Enable resource providers as requested on subscription

 

 

Disable resource provider as requested on subscription

 

Quotas

Increase core quota for subscription

 

 

Increase VM-type quota for subscription

 

VM scale sets

Create new VM Scale Set

  

 

 

Removal of VM Scale Set

  

 

 

Troubleshoot scale set availability issues

  

 

 

Manual scale increase or decrease on request

  

Be aware changes to availability set may result in downtime

Application Gateway

Add or remove Application Gateway for frontend or internal

  

 

 

Troubleshoot connectivity problems

  

 

 

Add or remove backend pools

  

 

 

Troubleshoot routing rules

  

 

 

Add/Remove WAF rules

  

 

Azure Frontdoor

Add or remove Frontdoor service

  

App Service only

 

Add or remove backend pools

  

 

 

Add or remove routing rules

  

 

 

Troubleshoot routing rules

  

Prevention and detection modes both supported

WAF service

Add or remove WAF

  

 

 

Disable/enable rules in default rule set

  

Maximum of 10 custom rules

 

Add/remove custom rules

  

 

 

Assign/unassign WAF to Front Door (frontend)

  

 

Azure Firewall Service

Create/remove Azure Firewall

  

 

 

Manage public IP of Azure Firewall

  

 

 

Create/remove Azure Firewall Subnet on associated VNet

  

 

 

Create/remove rules within Azure Firewall

  

 

 

Create/remove DNAT rules

  

 

 

Troubleshoot connectivity issues

  

 

Logic Apps

Create/remove logic apps

  

Custom actions and triggers are out of scope.

 

Troubleshoot built-in triggers and actions

  

 

 

Troubleshoot API connections

  

 

 

Regenerate access keys

  

 

 

Create/manage access control

  

 

 

Troubleshoot access control issues

  

 

 

Restore previous version from point-in-time

  

 

Data Factory

Create/remove data factory instance

  

 

 

Troubleshoot data factory instance availability issues

  

Custom pipeline troubleshooting is out of scope, template-based pipelines only.

 

Troubleshoot pipelines or copy data routines

  

 

Azure Site Recovery

Management of Azure vault

  

 

 

Troubleshoot ASR errors or failures

  

 

 

Management of configuration server on-premises (if valid)

  

 

 

Management of ASR updates

  

 

 

Troubleshoot update failures

  

 

 

Troubleshoot configuration server errors or connectivity issues (if valid)

  

 

 

Add/remove network mapping in Azure

  

 

 

Add/modify replication policies

  

 

 

Add/remove Hyper-V sites/hosts

  

 

 

Troubleshoot Hyper-V sites/hosts connectivity issues

  

 

 

Regenerate key and reapply if required

  

 

 

Define and manage an isolated VNet

  

 

 

Perform one (1) test failover restore. Verify VM boots and RDP access is available

  

Five (5) default policies on creation, customer can add three (3) more on request. Initiatives are out of scope.

 

Service Management and Governance

Response and resolution KPIs

As part of this service Ultima provides the following Service Level commitments:

 

Service Measurement

Response Target

Resolution Target

Metrics (KPI)

Priority 1 Tickets

15 Minutes

4 hours

95% achieved ticket resolution per month

Priority 2 Tickets

4 hours

8 hours

95% achieved ticket resolution per month

Priority 3 Tickets

1 Day

2 Days

95% achieved ticket resolution per month

Priority 4 Tickets

2 Days

4 Days

95% achieved ticket resolution per month

 

Service Contacts

Approved Customer Contacts

The table below defines the order of contact made from the Technical Support Centre when alerting the Customer to an issue or event identified as part of the solution. The table further describes Customer individuals who are authorised to approve Change Requests on the environment.
Ultima will create accounts for our web-based portal, for each of the escalation points listed. This will allow users to view and create Incidents, as well as Change Requests.
The first point of escalation listed will be the primary point of contact for all updates from the Technical Support Centre regarding Incidents and Change Requests. It is recommended the first escalation point is a shared mailbox or distribution list to ensure an individual is not contacted when absent.

 

1st Escalation Point

Name

 

Office Tel

 

Position

 

Mobile

 

Email

 

Contact Hours

 

Change Requestor

Yes/No

Change Approver

Yes/No

Notes

 

 

2nd Escalation Point

Name

 

Office Tel

 

Position

 

Mobile

 

Email

 

Contact Hours

 

Change Requestor

Yes/No

Change Approver

Yes/No

Notes

 

 

3rd Escalation Point

Name

 

Office Tel

 

Position

 

Mobile

 

Email

 

Contact Hours

 

Change Requestor

Yes/No

Change Approver

Yes/No

Notes

 

 
In addition to your Service Escalation Contacts, please also provide details of additional authorised contacts permitted to log Incidents and approve Change Requests under your Managed Service.
 

Name

Contact Information

Additional Incident Contact

Additional Change Requestor

Additional Change Approver

 

 

Yes/No

Yes/No

Yes/No

 

 

 

 

 

 

Ultima Contacts

All contact for technical assistance must go through the Technical Support Centre in the first instance. In the event escalation is required the Customer must follow the escalation points below.

 

Technical Support Centre

Name

TSC

Office Number

0118 9027326

email

support@ ultima.com

Portal

https://support.ultima.com

 

Escalation Point

Name

 Ultima Service Management Team

Office Number

0118 902 7343 (8am-6pm Mon-Fri)

email

tscescalation@Ultima.com (8am-6pm Mon-Fri)

 

Service Management Processes

Incident Management

Ultima defines incidents as any event which is not part of standard service operation, or any event that is causing or has caused an interruption to normal Service.

As part of the incident management process, Ultima will:

record the incident in our ITSM tool and provide a unique reference number of the ticket;
prioritise the Incident in accordance with the following Impact and Urgency matrix;

 

Priority

High

Medium

Low

 

 

Impact

Urgency

High

P1

P2

P3

 

High

Organisation-Wide, Multiple Segments

Event Underway,Core Service

Medium

P2

P3

P4

 

Medium

Multiple Users, Moderate Impact

Event Flexible, Supporting Service

Low

P3

P4

P4

 

Low

Single User, Minimal Impact

Non-Urgent, Not Affecting Service

 

promptly investigate the incident and escalate to 3rd line consultants, where required, for investigation of more complex issues;
escalate tickets to Microsoft, via the customers Azure portal, where an issue requires vendor investigation due to a suspected platform issue;
provide regular updates for the full duration of the support case; and
retain overall responsibly for the support case at all times until resolution.

Major Incident Management

Ultima defines major incidents as those which result in a complete failure of the customer environment or failure of components which stop the company’s ability to trade or would result in major reputational impact.
As part of the Major Incident management process, Ultima will:

follow the process set out in the Incident management process;
assign a Major incident manager to coordinate Ultima, Customer and third-party resources;
provide and chair a major incident call bridge;
provide hourly Major incident updates to agreed customer contacts; and
provide a post incident report within five (5) Business Days of resolution of the incident.

Problem Management

Ultima defines a “Problem” as the cause or potential cause of one of more incidents.

As part of the Problem management process, Ultima will:

record all problems in the Ultima ITSM tool and link all associated Incidents;
promptly investigate the Problem and coordinate Ultima resources to test and validate the suspected root cause;
where the root cause relates to an Ultima supported Azure component, coordinate resources to apply a problem fix;
where it does not, provide the investigation output to the customer to review and implement accordingly; and
provide a problem closure report within five (5) Business Days of problem closure.

Change Management

Ultima defines changes as the activities which modify, remove or add any supported services or service components to the customer Azure environment.
As part of the Change Order process, Ultima will:

record all requests for Change Orders in the Ultima ITSM platform;
provide a list of FOC supported changes via the Ultima Support portal;
ensure that all changes have received the relevant Customer approval before implementation;
complete all change activities in accordance with those set out in the Change Order; and
document the output of the change in the Change Order.

 \n\n✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✔✔✔✔✔✔✔✔✔✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✖✔✔✔✔✔✔✔✖✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✔✔✖✔✖✔✖✔✖✔✖✔✔✔✔✔✔✔✔✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔✖✔[/cs_content_seo][/cs_element_layout_column][/cs_element_layout_row][/cs_element_section][/cs_content]