This is a Service Level Agreement (“SLA”) between Tier3 Hosting and Consulting (“Tier3”) and the (“client” or “customer”) to document:
a. The technology services Tier3 provides to the client
b. The general levels of response, availability, and maintenance associated with these services
c. The responsibilities of Tier3 as a provider of these services and of clients receiving services
This SLA shall remain valid until revised or terminated.
This SLA only applies to services provided to the client by Tier3 Hosting and Consulting.
Hours of Coverage
Tier3 Support is available during normal business hours of Monday thru Friday, from 9AM to 5PM MST/MDT, excluding holidays. After hours for emergencies or outages only, support can be contacted via Email and Pager, by leaving a voicemail to the toll free number. Normal response time will be less than 2 hours during normal business hours, and 4 hours during after hours. Time to resolution will depend on the severity of the issue, and is given best effort. To request service or report a problem, an email must be sent to email@example.com, detailing the following information:
a. Detailed problem description, include IP address, hostnames, email address, services affected, etc.
b. Approx Date and Time of the problem.
c. Steps taken to isolate or resolve the problem
d. Procedure to recreate the problem
e. Contact information to follow up for more information
If after hours, you must follow up the email with a voicemail to the toll free number.
Most emails and voicemails are responded to during the current day and no later than the next business day, excluding holidays. Please allow for one business day for non-emergency emails and voicemails.
The Tier3 internet connectivity is highly redundant, with High Availability Routers and Multiple Internet Service Providers. SLA for the data center specific network commitments are based upon goals in three key areas.
a. Data Center Availability: Network connections from the Tier3 Consulting’s data center to the Internet will be available to customers free of unplanned Network Outages 100% of the time.
b. Data Center Packet Loss: The average monthly Packet Loss over network connections from the Tier3 Consulting’s data center to the Internet will not exceed 1%.
c. Data Center Latency: The average monthly Latency over network connections from the Tier3 Consulting’s data center to the Internet will not exceed 85 milliseconds round-trip.
Dedicated or Managed Firewall
Firewall security for the Tier3 and Client network is provided by multiple tiers. The first tier is the “perimeter” firewall, which is provided and supported by Tier3, and protects all Tier3 provided services for all customers. It is highly recommended, that all customers utilize host based firewalls to further restrict traffic, and to help isolate a host from other potentially compromised hosts inside the perimeter or internal firewalls. Host based firewall management is the responsibility of the client, unless otherwise stated.
The network design is such that any one Host server can fail and there will still be enough computer power to maintain the workloads by the other servers. Disk, Memory and Fan spares are maintained in inventory, and will be replaced within 3 days of any failure. In the event of a full system failure, the server will be replaced as quickly as possible, however, there is no guarantee of replacement servers being in inventory and may be required to be ordered.
Virtual Machine Image Restoration
Virtual Machine (VM) backups and/or replication are not included in the service agreement. In the event a VM needs to be restored, the following actions will be taken by Tier3 and the Client:
a. Tier3 will Create VM container on the Host server
b. Tier3 will re-install the base OS
c. The Client will install required applications and restore application data from backups.
Tier3 provides two MX hosts for inbound email, with antispam and antivirus scanning. Antispam tactics and antivirus change consistently. Tier3 will provide a best effort to block as much spam as possible, while eliminating as much “false-positives” as possible. There are no guarantees on antispam effectiveness. The Client is responsibility for configuring their mail server to use two MX hosts for outbound mail relay.
a. At least one MX hosts will be available with no more than 30 minutes outage, except during normal maintenance windows.
Network and Systems Monitoring
Tier3 will provide two levels of network monitoring. Externally: monitoring of key network components are monitored for availability. Internally all network and servers are monitored for system availability and service functionality.
a. System Availability monitoring will be performed 24×7
b. At least 5 “soft” failures must occur before a “hard” failure is determined.
c. Email and SMS notifications are sent to assigned system administrators and Tier3 support for critical hard failures. Warnings will be available only via the web console.
d. System availability reports will be available via the network monitoring web console.
In the event an intrusion into a system has been detected, the following actions will be taken:
a. The compromised system will be taken offline
b. The system owner will be notified by email and phone
c. An attempt will be made to identify the source of the attack, and block the source at the perimeter firewall, as well as what was compromised.
d. The system will be brought back online in a non-routable, isolated network where is can be analyzed.
e. For Tier3 Supported systems, an incident report for the system owner will be created with the following information:
i. Contact information for person(s) discovering problem, system owners, system administrators, and other responsible parties.
ii. Targeted systems and/or network IP addresses
iii. Operating System versions and updates Installed
iv. Evidence of the intrusion, such as log entries and anything that is known about the intrusion, method of attacks used, source IP address of attacker and network contact information for this address.
v. Define the type of attack. Is it a denial of service attack? Root compromise? Has the attack destroyed data? Compromised systems? Is the attack ongoing?
vi. Detail repair of the system
vii. Corrective actions to close the security hole.
f. For Customer Supported systems, the customer is responsible for providing the above information before the system will be returned to normal service.
g. Unsuccessful hacking attempts are continuous and will not be reported.
h. Spam Email is not reported
Normal maintenance will occur on Thursday nights, between 9PM-4AM MST/MDT. Major system or network changes that will require additional time, will be schedule as needed, and will be sent via a Tier3 maintained distribution group at least one week prior to any major changes. OS updates, patches and necessary reboots are not considered major changes. Tier3 will maintain an “as-built” document, which details the following information, if appropriate:
a. System Description
b. Network Diagram
c. VM or Server Configuration Items
d. Physical Server Details
e. Firewall Rules
g. System and Network Monitoring Rules
h. Contact Information
Customer Compliance and Responsibilities
The client is responsibility for designating a primary “system administrator” responsibly for maintaining compliance. Failure to maintain compliance will void this SLA. Customer responsibilities and/or requirements in support of the Agreement include:
a. Maintain OS patches to within last 30 days, wherever possible.
a. Ensure all email servers are not configured as open mail relays.
b. Ensure strong passwords are in use and changed frequently.
c. Ensure user accounts are properly maintained, as employees leave the company.
d. Utilize least privileged access approach or Role based access to limit exposure.
e. Utilize encryption where appropriate to protect sensitive data.
f. Take reasonable security and OS hardening measures.
g. Utilize host based firewalls to only allow approved traffic
h. Secure website to prevent external injections.
i. Maintain change and configuration documentation.
j. Communicate any changes to Tier3 Support via E-mail that may affect system availability.
k. Provide availability of customer representative(s) when resolving a service related incident or request.
l. Communicate availability requirements not covered by this SLA to Tier3 for consideration.
m. Maintain account in good standing, with no past due balance.
In the event any of the above is found to be out of compliance, Tier3 will isolate the affected server from the network, until such time the problem can be determined and fixed. If a client system is found to be out of compliance or has been compromised in any way, and Tier3 has to investigate, troubleshoot or fix the problem, our “Remote Hands” costs will be charged at $125/hour during normal hours and $175/hour after hours (as defined above in “Hours of Coverage”).
The following are explicitly excluded from the SLA:
a. Any problem, outage, or corruption or failure cause by customer or a 3rd party in support of the customers systems.
b. Operating System or Application maintenance, configuration, updates or patches that may affect system availability, outside of the control of the client or Tier3.
In the event Customer experiences an outage to a Tier3 Consulting managed service for more than thirty (30) consecutive minutes and is unable to transmit and receive information from Tier3 Consulting’s Internet Data Centers and Customer notifies Tier3 Consulting immediately via email and phone, of such event and Tier3 Consulting determines that such interruption was caused by Tier3 Consulting’s inability to provide said services for reasons within Tier3 Consulting’s control and not as a result of any actions or inactions of Customer equipment or any third parties (including failure of third party equipment), and such inability is not a result of standard scheduled maintenance of Tier3 Consulting’s equipment or services, Tier3 Consulting will, upon Customers request, credit Customer’s account the affected service charges for one day’s worth of service for the interruption in service. Customer credit may not exceed one month’s service fees in any single calendar month and only one credit per day unless the subsequent interruptions are unrelated.