EX-10.2 7 dex102.htm DATACENTER AGREEMENT - MAINROAD INFORMATION TECHNOLOGY (ENGLISH TRANSLATION) Service Agreement Between:
EXHIBIT 10.2
Between:
Total Xxx-Serviço de Telecomunicações Móveis e Afins, Unipessoal, Lda, a commercial company with headquarters at Xxxxxxx Xxxxxxx Xxxxx, xx. 0X -0x, Xxxxxx, 0000-000 Lisbon, single registration number in the Lisbon Commercial Registration and legal person, no. 507244435, share capital of five thousand euros, in the present act represented by Xxxxx Xxxxx and Xxxxxxx Xxxxxxxx in the capacity of managers with powers for the present act, hereinafter referred to as “Customer”
And
Mainroad-lnformation Technology Services, SA limited liability company, based in Lugar do Espido, Via Norte, Maia, share capital of fifty thousand euros, single registration number in the Maia Commercial Registration and legal person no. 506 518 108, in the present act represented by two of its directors or attorneys with powers for the present act, hereinafter referred to as “Mainroad”
when together, referred to as “Parties”
enter into the present agreement freely and in good faith, to provide services, which will be governed by the following terms:
Whereas:
A) Mainroad dedicates itself, inter alia, to providing support and consultation services in the area of information technology;
B) Customer desires that Mainroad provides certain services (better identified in Clause 2 of the present Agreement); related to hosting, management services and support of IT platform;
C) Mainroad is willing to provide these services under the terms and conditions agreed upon therein
First Clause
(Definitions)
For purposes of present Agreement, the following expressions used in either singular or plural will have the following meaning:
Associate: any entity that directly or through one or more intermediaries, controls, is controlled by, or is subject to the same control like that person, for that purpose “control” means own, directly or indirectly, a share that represents more than 50% of the capital or voting rights of the entity concerned;
Agreement: means the present Agreement and all its Annexes;
Equipment: hardware, accessories, networking components and software identified in the Annexes;
Force Majeure: any unforeseeable or unavoidable event, beyond the control or the will of the Party and which prevents totally or partially, permanently or temporarily, compliance with its obligations and may be in the form of force majeure circumstances, namely, state of war, declared or not, rebellion or riot, natural disasters such as fires, floods, earthquakes, as well as prolonged communication cuts and strike;
Confidential Information: all information, documents or content in whole or in part thereof, transmitted between the Parties in writing, orally or in any other form of communication, it may include, namely ideas, concepts,
business plans, methodological and project approaches, inventions, discoveries, products and software, processes, prototypes, information about databases, customers, brands and any other confidential information, financial, technical or strategic;
Service Levels: performance indicators agreed upon by the Parties included in Annex A to present Agreement (SLA-Service Level Agreements – SLA’s);
Services: services contracted by the Customer to Mainroad, pursuant to clause 2 of the Agreement.
Second Clause
(Object)
By present Agreement the Customer contracts from Mainroad the services listed in Annex A (Proposal) and the latter accepts to provide those services in accordance with the terms set forth herein.
Third Clause
(Obligations of Mainroad)
1. When providing the services, Mainroad undertakes to meet the Service Levels, and, in general, act professionally and diligently, taking into account the particular nature of the respective task, the information provided by the Customer and the constraints and limits imposed by the Customer or by third parties or arising out of any force majeure circumstances.
2. In providing the services, Mainroad will assign qualified personnel and adequate resources in the amount that is reasonably necessary and will perform its tasks properly and pursuant to Service Levels, in accordance with the agreement.
3. Mainroad will use the equipment, supplied by the Customer diligently, and only in the interest of the Customer. Mainroad will not be responsible for any loss or damage to the Equipment generated by causes not attributable to MainRoad, or whose resolution does not fall within the scope of present Agreement.
4. Should Mainroad need information from the Customer, Mainroad has the right, but not the obligation, to perform its tasks based on available information. This possibility includes the ability to make future projections based on the activity history of the Customer.
5. Without prejudice to clause 16, no. 1 and the obligation to keep a backup of all information, in accordance with the terms set forth in Annex A, and in case of loss of information attributable to Mainroad, it undertakes to make all technically possible and economically reasonable efforts to recover that information.
6. 10 (ten) days after entering into the present Agreement, Mainroad will appoint one of its employees to serve as privileged liaison with the Customer: all requests, complaints, notifications and communications in general of the Customer must be directed to this liaison.
Fourth Clause
(Customer Obligations)
I. The Customer undertakes to acquire, maintain and provide in normal operating conditions and free of charge, all the equipment, applications and infrastructure, including the space required to perform the services, as well as to ensure that all equipment have the characteristics, qualities and skills necessary to provide the services listed in Annex A.
2. The Customer further undertakes to, within the time period established by Mainroad to that effect: (i) make available clear, accurate and complete information about all the facts, which may objectively condition the provision of agreed upon services (ii) approve and / or seek approval of the recommendation or suggestions, and (iii) carry out other acts that are reasonably requested by the Mainroad. The Customer shall report, with proper notice, possible changes in the installed basis that may have impact on the performance of Services under present Agreement. The Customer must demonstrate that the information was provided in time, it was clear, accurate and complete.
3. The Customer undertakes to renew its equipment, assigned to the present Agreement as soon as there is founded communication from Mainroad, regarding the equipment’s technical insufficiency or incapacity to ensure the agreed upon Service Levels.
4. Whenever Mainroad must perform tasks on premises of the Customer, the latter will supply the employees of Mainroad, free of charge, with equipment, space and adequate workplace as well as electricity, telecommunications facilities, administrative and any other assistance needed by MainRoad to perform the Services. Customer will grant to Mainroad employees access to records, equipment and spaces of the Customer, in accordance with what is reasonably requested by such employees.
5. Up until 10 (ten) days following entering into the present Agreement, Customer shall appoint one of its employees to serve as privileged liaison with Mainroad, and all requests, complaints, notifications and communications in general must be directed to this liaison, in compliance with the rules and the procedures of “reporting”, as set forth by the Parties.
6. The liaison appointed by the Customer shall have the necessary powers to represent the Customer in all matters stemming from the present Agreement, including any issue related to conflict management, invoices or payments, and also, the necessary powers to hire and order any additional, complementary or related work or services, provided under the present agreement, which will be binding for the Customer with regards to Mainroad, unless the parties have expressly agreed in writing the appointment of any other party for that purpose.
7. Mainroad will not be responsible for any damages or losses arising from failure to comply with the obligations provided for in this Clause.
Fifth Clause
(Cost of services)
1. Customer will pay Mainroad the remuneration due for each service, pursuant to the terms set forth in Annex A.
The remuneration will be reviewed at the beginning of each year of the agreement, according to the average consumer price index for the immediately preceding year, published by the National Institute of Statistics.
2. Save express agreement to the contrary, the remuneration of Mainroad does not include the price of equipment, licenses, software and / or applications or IT solutions, travel or other services to be acquired or borne by the Customer, which will be its responsibility.
Sixth Clause
(Form of payment)
1. Unless otherwise agreed to the contrary, all amounts due by the Customer shall be paid to Mainroad within 30 (thirty) days following issuance of the corresponding invoice.
2. Customer’s failure to pay any of the owed amounts on the due date, the amount in question will accrue interest at the minimum legal rate, from the due date of the unpaid invoice.
Seventh Clause
(Place of performance of the service and employees of Mainroad)
1. The performance of services under present Agreement will be undertaken on the premises of MainRoad or other premises indicated by Mainroad.
2. Employees assigned by Mainroad to perform the contracted services depend solely and exclusively, both from the hierarchical, functional and economical viewpoint, on Mainroad, and they will receive orders, instructions and directives from MainRoad regarding the performance of the Services.
3. Mainroad undertakes to create and maintain throughout the effective period of the present Agreement, civil liability insurance covering the risks arising from its activities and the execution of present Agreement. When requested Mainroad undertakes to demonstrate to the Customer the validity of the insurance contract, including availability of proof regarding the payment of the premiums.
4. The employees of each of the Parties shall observe the legal and regulatory requirements regarding the safety of facilities and people, as well as the entry and movement of people within the premises.
Eight Clause
(Term and Renewal)
1. The present Agreement enters into force from 1 January 2009, when the performance of services commenced, and ends on December 31, 2011, and will be automatically renewed for periods of 3 (three) years, unless one of the Parties terminates the agreement, by sending written notice to the other party, 180 (one hundred and eighty) days prior to the expiry of the initial or any subsequent renewals.
2. In case of renewal, the Parties will agree, based on a proposal from Mainroad, on the amount of the remuneration for the services to be provided in the respective period.
Ninth Clause Nine
(Resolution)
1. Any of the Parties has the right to terminate the Agreement, any time, in the event of non- compliance or defective performance of the obligations set forth herein or required by law.
2. The compliant party shall notify the non-compliant party by registered mail with delivery receipt on its intention to terminate the Agreement, affording however, a period of not inferior to 30 (thirty) days for the other party end the non-compliance or the defective performance after which, and should the non-compliant party fail to remedy the breaches the compliant party may communicate its decision to terminate the agreement.
3. The period for the non-compliant party to remedy the non-compliance does not need to be observed, in the event of recurrent non-compliance with the same obligation and the upon the previous instances of non-compliance the compliant party has observed the notification requirements set forth in the preceding paragraph.
4. A delay superior to 45 (forty five) days in the payment of the price will give Mainroad the right to terminate present Agreement, after granting the Customer the period of additional thirty (30) days to undertake payment, without prejudice to the obligation to pay late fees at the minimum legal rate.
5. The Customer may also terminate the Agreement through registered mail with delivery receipt sent to the Mainroad, if the latter repeatedly falls below the service levels, in more than 15%, for reasons attributable
exclusively to Mainroad or by grave violation of its obligations, provided he Customer has sent prior written communication to Mainroad (with express reference to this clause), identifying the non-compliant situation and requesting to correct its conduct, and as long as Mainroad fails to remedy the breach within 30 (thirty) days from the date of receipt of the compliance notification.
6. Either party may terminate the Agreement immediately by registered with delivery receipt to the other party if, alternatively, any of the following circumstances occur:
a) in a general assembly or during a judicial proceeding, dissolution or liquidation of the other is approved or decided upon,
b) any administrative permits, licenses or authorization, required for the performance by the other Party of its activities are modified, not renewed, revoked, terminated, cancelled or declared void in whole or in part, if that situation is not remedied within 60 (sixty) consecutive days,
c) the other party is declared insolvency or its request to suspend payments has been admitted or an asset administrator has been designated, or if the party is under dissolution.
7. Mainroad may also immediately terminate the Agreement, through a simple written declaration to the Customer, should there be changes in the composition of the shareholder structure of the Customer, in terms that result in the existence of a controlling or group relationship pursuant to art. 4860 of the Commercial Companies Code, between this and a direct competitor of Mainroad in providing the services included in the present Agreement.
8. In the event of termination of present Agreement for reasons attributable to the customer this will be required to pay the amount corresponding to the full amount of monthly remuneration until the expiry of the Agreement.
9. The resolution of the Agreement, regardless of the reason, will not exempt the Customer from its obligation to pay part of the Service performed by Mainroad pursuant to the agreed upon terms.
Tenth Clause
(Confidentiality)
1. The Parties recognize that throughout the provision of the agreed upon services they may receive Confidential Information.
2. The receiving party agrees to keep strictly confidential and not disclose to third parties, licensees or clients any Confidential Information, in full or disclosed by the issuer to the receiving party, cannot license or make other use of the Confidential Information in any circumstances, save when expressly authorized and in writing in the context of the relationship between the parties.
3. This obligation does not apply to:
a) | information that was publicly available at the time of issuance by the issuer, |
or
b) | Confidential information that has become public following disclosure by the issuer due to publications or other circumstances without any breach by the receiving party of its confidentiality obligation |
or
c) | information that was already in possession of the receiver at the time of its issuance and has not been directly or indirectly obtained through the issuer, provided the receiving party immediately informs the issuer following its knowledge |
or
d) | the confidential information is lawfully obtained from third parties, that has not been directly or indirectly obtained from the issuer, |
or
e) | Information that was disclosed in observance of the law or other legislative instrument in force and applicable to the Parties and, as well as in compliance with biding court or administrative order, in which case the Party required to disclose the information immediately informs the other Party and, in any the case, will disclose only the information strictly necessary for compliance with the order or applicable legislation. |
4. This confidentiality obligation does not apply to the disclosure of Confidential Information by Mainroad to its associates.
5. If the receiving party resorts to any of the facts provided for in paragraph 3 of the present clause, it will bear the burden of prove regarding such facts.
6. The Confidential Information disclosed by the issuer will remain its property.
7. The disclosure of Confidential Information shall be restricted to those employees of each Party that, for the purposes of this project need to have access to the Confidential Information and only to the extent necessary for the execution of their tasks. The receiving party will inform those employees about their obligations under this clause and will ensure their strict compliance therewith.
8. Should the receiving party be authorized to transmit information to third parties, it shall impose on such third parties not only all the obligations stemming from this clause, but also the obligations regarding the return of all materials and components to the issuer or the receiving party within a reasonable period of time following termination of the relationship or immediately following termination of the authorization to disclose information to third parties, whichever occurs first.
9. Without the prior written consent of the issuer, the receiving party is not allowed to publish the Confidential Information, neither to transmit it to third parties or to license it or to give it another purpose, save when such have been expressly authorized in writing during the effective period of the relationship between the parties.
10. Following termination of activities in the framework of the relationship between the Parties, each will return to the other the received Confidential Information, without keeping copies, or destroy such information, when required to do so.
Eleventh Clause
(Data Protection)
Whenever the Services provided under this Agreement involve any operations under or in connection with files that belong to or are held by the Customer, this will observe all the prior prerequisites, principles and rules provided for in Law no. 67/98, 26 October, or any other applicable legislation regarding the protection of personal data, in order to ensure the regularity and legality of the files in question and their treatment by Mainroad.
Twelfth Clause
(Independence of Mainroad)
In compliance with the present Agreement, Mainroad will be and will act as an independent economic agent, and nothing in the present Agreement or in the relationship between the Parties shall constitute, or seek to constitute a partnership or joint venture between the Customer and Mainroad, or will permit claims on the creation of any legal relationship other than those directly set forth in the present Agreement.
Thirteenth Clause
(Assignment and subcontracting)
1. None of the Parties may assign to third parties their contractual position without the prior written consent of the other Party.
2. Mainroad may subcontract the execution of the Services agreed upon herein.
Fourteenth Clause
(Force Maior)
1. Neither party shall be liable to the other for breaches of its obligations if it is caused or results from Force Majeure.
2. The Party whose performance is affected by such cause or causes must immediately notify the other Party and provide reasonable evidence regarding the causes affecting compliance. Should, for any reason, it prove impossible overcome such causes within 6 (six) months from the date of their occurrence, the other Party will have the right to terminate the present Agreement and neither Party shall have any right to bring action against the other, except with regards to already due amounts or monies owed for performed services
Fifteenth Clause
(Industrial and Intellectual Property)
1. This Agreement shall not constitute transfer of any industrial or intellectual property rights property, except if expressly stated and in the respective form.
2. The Parties guarantee that they respect third-party industrial and intellectual property rights
3. Should the Customer be presented with a claim, or should it received judicial summons, as a result of violation of third-party industrial property rights by Mainroad, it accepts to immediately replace the Customer in the filed lawsuit, holding it harmless from any liability with regard to third-party claims.
4. Should Mainroad be presented with a claim, or should it received judicial summons, as a result of violation of third-party industrial property rights by Customer, it accepts to immediately replace MainRoad in the filed lawsuit, holding it harmless from any liability with regard to third-party claims.
Sixteenth Clause
(Liability)
1. The Parties shall not be liable for any indirect losses, opportunity costs or lost profits.
2. The compensation payable by any party in the event of non-compliance with or without resolution of the agreement shall not exceed the annual value of the agreement, or the value attributed to the successive renewals, in accordance with the non-compliance occurring after the initially agreed upon term.
Seventeenth Clause
(Removal of Equipment)
Without prejudice to the exercise of any other rights by Mainroad, the Parties agree that the following rules for the removal of any equipment hosted by the Customer on the premises of Mainroad must be observed (and will remain in force even upon termination of the agreement, regardless of the reason for termination):
a) the equipment must be removed by the Customer within a maximum period of 30 (thirty) days following: (i) communication by Mainroad to Customer, by any means that it is available for that purpose or (ii) termination of the agreement or (iii) it is no longer included in the services provided;
b) following the period provided for in the previous paragraph, the Customer shall have an additional period of 90 (ninety) days for the removal of the equipment, in exchange for a payment of a daily storage fee in a maximum of EUR 100,00 / day (hundred euros a day), which will be due until the date of full and effective removal, and
c) 120 (one hundred and twenty) days after the occurrence of any of the circumstances referred to in paragraph (a) above, if the equipment has not been removed or failure of the Customer to communicate and prove any force majeure circumstances that prevented its removal, the equipment will be considered abandoned in accordance with and for the purposes of Article 1318 of the Civil Code, and therefore, Mainroad will no longer be liable for any loss or damage in the equipment and / or any data contained therein, and may acquire them by occupation, without any further formality, and consequently use, sell or destroy them, or dispatch them for recycling, without prejudice for the obligation of the Customer to bear all costs and other damages, namely those related to destruction.
Eighteenth Clause
(Governing law)
1. The law applicable to this Agreement will be the Portuguese Law.
2. The Parties hereby accept to seek resolution of any question or dispute relating to the interpretation, performance or termination of the present Agreement in the competent court of the District of Oporto, without possibility to file a motion for change of venue.
Nineteenth Clause
(Documentation)
1. The present Agreement has two (2) attachments that constitute integral part thereof and together fully and expressly reflect the agreement between the parties.
2. The Annexes to the Agreement are the following documents that are part thereof:
Annex A – “Proposal”
Annex B – “Equipments”
3. All documents that are expressly attributed this nature by the parties, will constitute biding texts of the agreement.
4. In case of discrepancies between the documents of the agreement, the Parties shall observe the following rules of prevalence:
a) should there be any discrepancies between any Annex and the Agreement, the agreement shall prevail;
b) in case of discrepancies between the Annexes, the Annex with the most recent date shall prevail.
Twentieth Clause
(Various)
1. This Agreement constitutes the entire agreement agreed upon between the Parties with respect to the subject matter of the agreement and supersedes all prior agreements, understandings or commitments entered into previously. Any modification to this Agreement and Annexes must be in the form of a written document signed by the Parties.
2. Failure by either party to demand the execution, at any time or period of time, of any terms or conditions of the present Agreement will not constitute a waiver of those terms and conditions.
3. Should any part of any provision of the present Agreement or any other agreement, document or written instrument entered into under or in connection with the present Agreement be held invalid or unenforceable in any respect, such part will be ineffective only to the extent of such invalidity or unenforceability, without affecting, to any extent, the remainder of the provision or the remaining provisions of this Agreement.
4. All notifications and communications to be served under the present agreement must be in writing and personally delivered or sent by registered mail (with mandatory delivery receipt) or by fax to the addresses of the respective parties stated below or to any other address that any of the Parties may indicate to the other in writing, 8 (eight) days prior to the effective date. Such notifications and communications shall be deemed received at these addresses, upon reception, but in any case not later than:
(i) | if the notification is hand delivered, the time of delivery; |
(ii) | if the notification is sent by registered mail with delivery receipt, the day that the receipt is signed; |
(iii) | if the notice is sent by fax, the business day following the expedition. |
For the purposes of the present Clause the actual address of MainRoad is:
Mainroad-lnformation Technology Services, XX
Xxx Xxxxxxxx Xxxxxx xx -0 x
000 0000-000 Senhora da Hora
Fax: 000 000 000
For purposes of the present clause the current address of the Customer is:
Total Xxx-Mobile Serviços de Telecomunicações e Afins, Unipessoal, Lda
Att: Xxxxx Xxxxxxx
Av Xxxxxxx Xxxxx 2 G/H –3°
0000-000 Xxxxxx
Fax: 000000000
Xxxxxxx xx Xxxx, 00 May 2011, made in two originals, one for each of the Parties and both with equal legal force.
By Customer
By Mainroad,
The Annex to the Services Agreement
1 GENERAL CONSIDERATIONS | ||
1.1 General considerations | ||
1.1.1 Scope of the agreement | ||
1.2.1 Change management | ||
1.3.1 Customer Responsibilities | ||
2 SERVICES | ||
2.1 Service Structure | ||
2.2 Hosting Services | ||
2.3 Operation and Monitoring | ||
2.4 Backup Service | ||
2.5 Server Management | ||
2.6 Database Management | ||
2.7 Network Management | ||
2.8 Advanced Security Services | ||
2.1.1 Security Event Monitoring | ||
2.2.1 Management of Security Incidents | ||
2.3.1 Vulnerability Analysis | ||
2.4.1 Safety Reports | ||
3 REPORTS | ||
4 INDICATORS AND AGREEMENT ON QUALITY OF SERVICE | ||
4.1 Penalties | ||
Table SLA Summary table | ||
4.2.1 Assumptions | ||
4.3.1 Calculation Rules | ||
4.4.1 SLA details | ||
5 FINANCIAL SUMMARY | ||
Agreement – proposal for 2009 |
1 General considerations
1.1 General considerations
1. 1 .1 Scope of the agreement
The services of hosting, monitoring, backups, management and support of the TIMwe technological platform, currently hosted in the MainRoad Data Centre in Carnaxide comprise the scope of the present agreement.
Mainroad and TIMwe agreed to work together in creating a partnership based on trust and respect for the work of the other party.
1.2.1 Change Management
The conditions of the present Agreement may be amended only by prior written agreement between the parties, and any changes or updates shall be documented in an updated Annex which will be valid, save amendments entered into under the same terms- between the date on which it is signaled by the parties and the term of the Agreement.
1.3.1 Customer Responsibilities
The tasks described therein, to be performed by TIMwe, constitute the necessary assumptions for Mainroad to provide the service in accordance with the agreed upon service levels:
• | A person-in-charge from TIMwe whose primary tasks will include accompanying the Service and support in overcoming difficulties that may occur, as well as approval of decisions critical to the development thereof; |
• | Identification and availability for the Mainroad team of Timwe professionals necessary for putting the service into operation, namely technical professionals who may be deemed necessary for the adequate provision of service; |
• | Access to all information available and necessary for the provision of the Service. |
2 Services
In this chapter we will describe in detail the services to be provided to TIMwe. The described services are based on the equipment described in detail in Annex C to the agreement.
2.1 Service Structure
Mainroad organizes its service structure based on technologies that focus on each separate service, to ensure a higher level of specialization (in some cases complemented with certification).
(Drawing)
Level | 3 – Management and Support Services |
Level | 2 – Internet connection – Data center service |
Level | 1 – Hosting |
This agreement contemplates service level 1, 2 and 3.
The Service Manager encompasses all above levels, who serves interface, accountability and validation of all technical components of the service provided or to be performed. Therefore, the Service Manager has three main responsibilities:
• | Negotiate and agree the service levels with TIMwe: |
• | Deliver the service report featuring service indicators, description of the various components of continued services, the ongoing projects regarding the Customer and proposals regarding improvement of the managed technical platform; |
• | Serving as interface between TIMwe and Mainroad.. |
DRAWING
2.2 Hosting Services
The modern computer centers of Mainroad, where the servers in questions are placed guarantee a host of services, such:
• | Round-the-clock surveillance, |
• | Supply of stabilized via UPS |
• | Air-conditioned environment; |
• | Round-the-clock monitoring, 365 days a year of the environmental conditions; |
DRAWING
Therefore, the infrastructure will always be available and quickly accessible, enabling:
• | Access to critical business applications; |
• | Secure transactions in real time; |
• | Private access to the platform; |
• | Assurance of absolute confidentiality of customer information; |
• | Maximum security and protection of the different network levels: applications and data. |
2.3 Operation and Monitoring
In order to ensure the functioning of all the IT infrastructure of TIMwe, minimizing the risks of systems and applications downtime, it is essential to have processes and resources in place that ensure uninterrupted availability and performance checks, promptly undertaking the corrective measures whenever it detects a problem. Contrary to what happens in a simple call center, the Operation comes across as great proactive and its objective is to detect and correct the anomalies before the users know about their existence. Has System monitoring is undertaken by resorting to a host of MainRoad tools (CA Uincenter NSM and/or Nagios) For applicational monitoring Application Manager 7 tool of Adventnet, Timwe’s propriety will be used.
Service Components
The essential function of Operation is the remote monitoring of the infrastructure, in the present case with 24x7 coverage. All alarm components of the systems and applications are included, namely the following items:
• | Monitoring Systems: |
• | Monitoring the performance of backups: |
• | Registration and monitoring of incidents: |
• | First-line resolution of typified problems: |
• | Communication of the problems to the second- line or to a team of specialists whenever the gravity or complexity of the problem so requires: |
• | Crisis management, bringing together and coordinating intervention teams and drafting incident reports following its completion, |
Another task of the Operation team is to act in accordance with a set forth plan (called a production plan), in which routine tasks should be performed.
These tasks include:
• | Monitoring of backups: |
• | Registration and monitoring of incidents: |
• | Performing routine processes and systems and applications maintenance: |
• | Basic diagnostic procedures in accordance with pre-set operating / monitoring procedures: |
• | Communication of the problems to second- line support in observance with rules to be created: |
• | Keep parameterized backup policies in data backup systems: |
• | Participate in the verification of the performance of the IT infrastructure: |
• | Monitoring of technical interventions insofar as technical equipment in the data centre: |
• | Ensure all data center management tasks with continuous checks of the physical conditions of operationality and safety of the equipment as well as access control: |
• | Participate in the drafting of periodic service reports: |
Performance Conditions
For an efficient delivery of service it is necessary to ensure that all the basic procedures, and escalation processes are clearly defined by both parties.
It is necessary to indicate a person-in-charge in TimWe for each application and system who can be contacted in case of problems, or may be required for a decision-making process.
The operation and monitoring services will be provided round-the-clock.
2.4 Backups Service
The backups service seeks to offer to the customer a solution, which, through compliance with service indicators ensures the execution of systems backups and the correct functioning of backups. Thus, this service includes configuration and management of backup tools as well as all the associated technical infrastructure.
Service Components
The included service components are:
• | Backups management, ensuring the proper execution of data backups in accordance with the policies set forth with the client; |
• | Maintenance of backup policies, reconfiguration of the systems to incorporate the changes that may be deemed necessary in light of the developments; |
• | Upon request undertake information replacement from tape, in accordance with approval ad execution procedures agreed upon with TIMwe; |
• | Periodic testing of data recovery from backup – maximum 1 per semester. |
Performance Conditions
The backup infrastructure of Mainroad will be used, and for the efficient delivery of this service, a fiber optic interface or a dedicated network for connection to the platform backups will be necessary.
Assumptions
In accordance with the requirements of TIMwe, the backups policy to be implemented will consist of a daily backup with a retention of 30 days, complemented by a monthly backup with a retention of 18 months. The total volume of data for initial backup will be 30GB.
2.5 Server Management
The service seeks to offer to Timwe a solution, which, through compliance with a host of service indicators, ensures the availability and correct functioning of servers that support the systems of the client.
Service components
Server management is divided into the following sets of items:
Capacity Management
• | Analysis of memory resources (to ensure that the system works under normal conditions specified by the respective supplier); |
• | Capacity management of disk resources (through the analysis of alerts and carrying out the necessary actions, through periodic maintenance of the system); |
• | Analysis of average utilization and peak CPU (to determine the eventual need to balance loads or to check whether there is overutilization of the system); |
• | Recommendations on hardware upgrades (HW) / software (SW), maintenance, specific analysis of a given question; |
Configuration Management
• | Maintaining an inventory of system parameters; |
• | Update the software of the operating system {for example, corrections and improvements (fixes and patches); |
• | Planning and supervision of external interventions (when necessary and following agreement, and focusing mainly on upgrades and improvements in SW applications); |
• | Registration of interventions (which will permit verification of the nature of technical interventions and when they were undertaken); |
Security Management
• | Logical security – implement and maintain a security policy according to specific guidelines set forth by TIMwe, proposed by Global Security Coordination; |
• | Distribution and installation of security corrections (“security patches”) of the OS, analyzing the impact they may have on the system. |
Problem Management
• | Resolution and liaison with external suppliers regarding problems transmitted by call center or operation; |
• | Planning, ordering and supervision of interventions of external suppliers (HW, OS and SW application); |
• | Drafting of reports on device failures (statistics). |
Performance Conditions
TIMwe should ensure the existence of maintenance agreements with manufacturers of equipments, operating systems and base software, and afford formal authorization to Mainroad to directly contact these entities on its behalf.
The service is performed on a 24x7 basis, and the management of specific applications is the responsibility of TIMwe.
2.6 Database Management
The database management service comprises the performance of the principal tasks associated with installation, configuration, administration and support of databases, and seeks to maximize the availability of the database infrastructure and application performance that use the database infrastructure database.
Service Components
The database management service includes the following components:
• | Monitoring, through checks, the proper functioning of the database engine (services, logs, pro-active tasks); |
• | Capacity and performance management that includes the monitoring of disk and CPU utilization, pro- active tasks and recommendations |
• | Configuration and inventory management with registration of settings and interventions; |
• | Access and security management through definition and implementation of security policies related to database access, creation, modification and deletion of profiles and users, in accordance with the permissions to access the database; |
• | Modification management, which encompasses activities of intervention planning to minimize the impact on service availability; planning and supervision of external interventions, as well as application of modification: |
• | Installation of patches to fix bugs or security issues: |
• | Management of problems and repair process – problem solving, reports in the event of critical problems: activation of the supplier’s technical support, when necessary: |
• | Accompanying the development teams, contributing to query tuning and program optimization. |
Performance Conditions
The following conditions must be afforded to database management team:
• | Existence of a formal authorization for the access of employees to the consoles of the devices, both physical and remote: |
• | The database administration passwords are not in possession of persons that are not concerned with the database management service: |
• | The customer purchased the necessary licenses from the entity that supplies entity the database engine and has access to its technical support, and this communication channel is provided to the technicians of Mainroad: |
• | The security policies to be implemented will be formally accepted à priori: |
• | The technical documentation of third-party applications can be accessed, in order to forecast future impacts on the service. |
The service is provided on 24x7 basis and is restricted to the management of production databases. Under this agreement the presence of a Database Administrator on the premises of TimWe is provided for, on average three days a week.
2.7 Network Management
The Network Management Service seeks to ensure optimal functioning of the local communications network as a whole and contribute to maximizing the availability of global service.
Service Components
The Network Management includes the following activities:
Monitoring
• | Analysis of logs generated by firewalls. |
Modification Management
• | Inventory and maintenance of active network equipment configurations: |
• | Creation and management of VLANs: Activation and deactivation of ports: |
• | Implementation and management of control of firewall access rules: |
• | Implementation and management of QOS policies implemented in the firewall |
• | Periodic backups of the configurations of active equipment and firewalls. |
• | Installation of security patches and fixes of firewalls: |
• | Management of installation of patches and fixes: |
Capacity management
• | Analysis of the functioning and performance of infrastructure; |
• | Recommendations for upgrades and proposed configuration changes |
Problem Management
• | Analysis, diagnostics and troubleshooting; |
• | Routing and supervision of interventions of external suppliers (hardware and firmware support of active network equipment); |
• | Drafting of incident reports on critical questions. Performance Conditions |
The proposed service is limited to the support network of Timwe equipment hosted in the MainRoad data center, including firewalls, load balancers and switches.
2.8 Advanced Security Services
The proposed advanced security services are based on the installation and configuration of systems that aggregate events and identify vulnerabilities in Timwe systems, which together with the intrusion detection
system implemented in the MainRoad infrastructure send all the necessary information to the Security Operations Center SOC-Mainroad, where information is processed, correlated by a security event management engine and analyzes in real time by security analysts.
The management and monitoring of this platform is included in the scope of integrated security services of Mainroad, provided by SOC.
2.1.1 Security Event Monitoring
The security event monitoring is performed continuously on a 24x7 basis, for aggregation applications, correlation and intrusion detection. In this monitoring events are aggregated from various sources such as operating systems, webservers, applications and intrusion detection systems.
DRAWING (Monitoring – Detection – Response – Correction)
2.2.1 Security Incident Management
The incident management is carried out proactively, by MainRoad security analysts , following our escalation procedures and incidents management.
The incident management cycle is a process carried out in layers, which enables proper escalation of the incident, from initial detection to monitoring until correction by the on-site SOC team or by the systems management team.
DRAWING (Monitoring – Detection and analysis – Remote response / Onsite response – Correction)
2.3.1 Vulnerability Analysis
The vulnerability analysis is performed continuously through observance the flow of network traffic between Timwe systems and those who communicate with them. This process is carried out through with the help of Real Awarness Network (XXX) technology that permits that system and applications vulnerabilities are mapped without the need for any active action.
Following this determination, eventual vulnerabilities are communicated to timwe system administrators to undertaker an independent correction process.
2.4.1 Security Reports
The following information will be included in the service management report:
• | Vulnerability Report |
• | Intrusion Detection Report |
• | Incident Management Report |
3 Reports
The service will be constantly monitored and a monthly report will be made available to TIMwe, until the 8th day of the following month, indicating the following information:
• | Major achievements in the period |
• | Main actions planned for the next period |
• | Main concerns |
• | Performance indicators |
The report will be drafted in the default format of Mainroad.
4 Indicators and Agreement regarding Quality of Service
Mainroad provides services based on indicators reported on a monthly basis, and objectives will be set forth through the following SLA’s:
Service | Cover period | Response time | ||
Hosting services | 24X7 | 2 hrs | ||
Data center services | 24X7 | 2 hrs | ||
Management and Support Services | 24X7 | 2 hrs | ||
Advanced security services | 24X7 | 4 hrs – Business days 8-20 6 hrs – Other days |
KPI | Description | Objective | ||
KPI-1 | Compliance with the set forth response time:
- Critical incidents - Non-critical incidents | - Less than 2 hrs (in 99,0% of the incidents) - Less than 2 hrs ( in 95,0% of the incidents) | ||
KPI-2 | Average waiting period at service desk | Less than 45 sec | ||
KPI-3 | Service uptime (monthly average):
- Specially critical services - Critical services - Non-critical services | - 99,7% - 99,5% - 98,5% | ||
KPI-4 | Rate of successful backups (quarterly average) | 97,5% |
In the following table the method of calculation of the most significant indicators is described.
Indicator description | Description of KPI calculation methodology | |
- Response time is the time interval measured in hours, which measures the placement of an incident with the Service Desk incident and the assignment of a technician to its resolution
- The response time is always calculated within the agreed upon cover period. | - At least 95% of all incident records have to be answered in a period inferior to the time set forth in the agreement -2h.
- At least 99% of all incident records have to be answered in a period inferior to the time set forth in the agreement -2h. | |
Uptime represents the percentage of time during which the system was able to perform the functions for which it was designed.
• There is unavailability of the service when incidents occur that affect critical server functions. This excludes downtime for planned intervention, or other previously set conditions
- In case of unavailability of critical systems, SLA calculation does not include the previously described situations, as well as:
• Absence of the redundant elements in the architecture of critical systems, provided it is the responsibility of TIMwe. | • Uptime (Un) of the server is the time during which the server was available to users, divided by the maximum possible monthly time (24hx365d/12M).
Un =Tdisp/Ttotal
• The SLA is calculated by considering the monthly average of uptime of all non-critical servers: KPI-3NC = (Ul +...+ Un) / n superior or equals 98.5%
• For critical systems the calculation of the SLA is made taking into account the actual availability of the server on an individual basis: KPI-3c = Un superior to or equals 99.5%
• For especially critical systems SLA calculation is made taking into account the effective availability of the cluster that support this service:
KPI-3ec = Un superior to or equals 99.7% | |
Number of successful backups divided by the total number of requested backups indicated in percentage. Excluded from this indicator: the failed backups, for reasons attributable to the customer. | Quarterly average of the monthly SLA value (% monthly of the successful backups divided by the total number of requested backups), inferior to 97,5% |
4.1 Penalties
The reference for non-compliance penalties will be the number calculated on the basis of achievement values, measured monthly (except for KPI-4, measured quarterly) for each of the set forth KPIs.
The following table provides the reference values for the SLAs and their assigned values in the event of non-compliance.
4.1.1 SLA Summary Chart
SLA | SLA indicators | Weight in SLA | Weight in global SLA | Monthly reference amount | ||||||||||
SLA1 - Compliance with set forth response times (monthly average) | For critical incidents TR <= 2H in 99% of the cases | 60% | 15 | % | EUR 4.750,00 | |||||||||
For non-critical incidents TR <= 2h in 95% of the cases | 40% | |||||||||||||
SLA3 - Service Uptime | Uptime of specially critical services inferior or equal to 99,7%* | 50% | 70 | % | EUR 11.400,00 | |||||||||
Uptime of critical services inferior or equal to 99.5% | 40% | |||||||||||||
Uptime of non-critical service inferior or equal to 98,5% | 10% | |||||||||||||
SLA4 - Rate of completion of successful backups | 100% | 15 | % | EUR 2.850,000 | ||||||||||
Total | 100 | % | 19.000,00 |
(*) | For the purposes of especially critical services only the following will be considered: |
• | Oracle Production Infrastructure: Oberon (BD + servers) |
• | Network infrastructure related to Oberon: 2 Switches Cisco + 2 Firewalls |
• | Load balance (considered systems management only) |
• | Infrastructure of SAN fiber switches |
4.2.1 Assumptions
The following assumptions must be taken into account:
- | The amount of penalty will be calculated pursuant to the monthly value of the services described in the present proposal, |
- | For the purpose of SLA calculation values will be rounded up to one decimal place. |
- | SLAs will be monitored and reported from the commencement of the agreement, |
- | In the penalty analysis, which will be undertaken on a case-by-case basis, compensation criteria may be taken into account, if in previous periods service levels superior to the agreed upon levels were reached, |
- | Should there be simultaneous situations of unavailability of different servers, and this brings about a service breakdown, only the biggest downtime will be considered, until the service is restored, and not the sum of each of the downtimes. |
4.3.1. Calculation rules
- | SLAs are calculated monthly and will be assessed quarterly and at that time, penalties may eventually apply, should there be justification for such. |
- | The model we propose regarding the application of penalties for the assessed quarter is calculated for each individual SLA component and is established through the following criterion: |
• | A penalty / bonus percentage will correspond to each individual SLA component of the Summary Chart in the reference period, calculated pursuant to the rules set forth in Chapter 4.1.4. |
• | Each penalty/bonus percentage will be applied in the monthly reference amount corresponding to the summary chart. |
- | In case of continued compliance through excess of the set forth SLAs, Mainroad will submit possible proposals regarding development/adjustment of the agreement. |
4.4.1 Details of the SLA’s
4.1.4.1 Response times
Service desk | SLA | Weight in the metrics | Corresponding amount | |||||||||
% of critical incidents with response time inferior to 2hrs | 99 | % | 60 | % | EUR 2.850,00 | |||||||
% of non-critical incidents with response in less than 2hrs | 95 | % | 40 | % | EUR 1.900,00 | |||||||
Total | EUR 4.750,00 |
4 .1.4.1.1 Deviation from indicators of response time
Deviation of indicators in relation to SLA | Min | Max | Penalty | |||||||||
1 | % | 10 | % | 20 | % | |||||||
11 | % | 20 | % | 30 | % | |||||||
21 | % | 100 | % | 50 | % |
4.1.4.2 Uptime of provided services
Servers | SLA | Weight in the metrics | Corresponding amount | |||||||||
Uptime of specially critical services | 99,7 | % | 50 | % | EUR 5.700,00 | |||||||
Uptime of critical services | 99,5 | % | 40 | % | EUR 4.560,00 | |||||||
Uptime of non-critical services | 98,5 | % | 10 | % | EUR 1.140,00 | |||||||
Total | 100 | % | EUR 11.400,00 |
4.1.4.2.1 Servers: Uptime of especially critical servers
Uptime of specially critical services | Min | Max | Penalty | |||||||||
99 | % | 99,7 | % | 40 | % | |||||||
98,5 | % | 99 | % | 60 | % | |||||||
Less than 98,5 | % | 100 | % |
4.1.4.2.2 Servers: Uptime of critical servers
Uptime of critical services | Min | Max | Penalty | |||||||||
98,5 | % | 99,5 | % | 40 | % | |||||||
98 | % | 98,5 | % | 60 | % | |||||||
Less than 98 | % | 100 | % |
4.1.4.2.3 Servers: Uptime of non-critical servers
Uptime of non-critical services | Min | Max | Penalty | |||||||||
97,5 | % | 98,5 | % | 40 | % | |||||||
96 | % | 97,5 | % | 60 | % | |||||||
Less than 96 | % | 100 | % |
4.1.4.2.4 Assumptions – Server Uptime
• | For the calculation of these indicators the following service breakdowns resulting from the following are not included: |
• | Failure of hardware: |
Note: Mainroad communicates monthly the real uptime of all servers. For the purposes of SLA calculation, from this uptime the downtime caused by hardware malfunctions is deducted.
• | In the specific case of hardware failures, Timwe entered into an agreement with HP (equipment supplier) regarding a response time of 24x7x4hrs – it is also the response time possible to observe by Mainroad. |
• | Bug of manufacturer’s Software |
In case of service breakdowns resulting from faulty manufacturer’s software Mainroad undertakes to make every effort to determine the cause, and the consequent recovery of the service, in the minimum time possible, minimizing thus the service breakdown. From the moment of confirmation, that the service breakdown was a result of a defective software, documented or not, the period of unavailability will no longer be included in the calculation of penalty;
• | Misuse by Timwe or third parties under its responsibility; |
• | Planned stops; |
• | Problems with infrastructure of the direct responsibility of Timwe; |
• | The previous indicators does not include service breakdowns resulting from force majeure, including floods, fires, terrorist attacks and natural disasters. |
4.1.4.3 Successful backups
The indicator “completion rate of successful backups” is divided into the following items:
Backups | Weight in the metrics | Corresponding amount | ||||||
Rate of successful backups | 100 | % | EUR 2.850,00 |
Backups | Min | Max | Penalty | |||||||||
95 | % | 97,5 | % | 50 | % | |||||||
90 | % | 95 | % | 75 | % | |||||||
Less than 90 | % | 100 | % |
5 Financial Summary
Renegotiation-Assumptions
In order to enable TIMwe to forecast the evolution of costs with the potential growth of its technology platform, we wish to present the financing model that considers service levels, the growth of the park and the respective periodic control.
In light of the above, the model we propose is based on the following assumptions:
Service Levels:
• | Providing services with rigorous monitoring of the target service levels and the respective compliance levels. |
• | Once the service levels are agreed upon, there should be no change during one year of the agreement. |
Cost control:
• | The value of the services shown should not be changed within one year, taking into account that it considers a variation of 20% of the machine-projected numbers. Therefore, within these variation levels, the price of the agreement set forth therein will remain fixed for a year, within the above referred interval range. |
• | This price includes the effort to carry out improvement, upgrade, etc. projects on the managed platform. |
Renegotiation period:
• | This agreement will be subject to a review of managed park once a year. |
Agreement – proposal for 2009
The recent changes in the base system structure of TIMwe, with the utilization of virtualization technologies has permitted a change in the initially forecasted models of growth.
Therefore, we wish to establish a new baseline on which we will map our services:
Database equipments | # | Comments | ||||
Physical servers | 35 | |||||
Non-critical Critical VMWare |
| 22
6 7 |
| Productive applicational servers with non-critical functions, or which may be guaranteed by other redundant system. Clusters BD Production: Load Balancer, Servers with VMWare Exs (support) to the virtual procution servers. | ||
Virtual servers | 100 | |||||
Non-critical | 100 | Given the characteristics of these systems, we will consider these systems as non-critical | ||||
Databases | 4 | |||||
Critical instances | 4 | We consider the productive databases as critical | ||||
Active equipment | 4 | |||||
- Swithch’s - Firewall and fiber switch - VPNs |
| 2
2 |
| |||
70 |
The model we recommend to facilitate the procurement of new systems, data bases or active equipment includes:
• | Establish a variation range within the limits of which no changes are made to the agreed upon values. |
• | Review of agreed upon values, whenever the upper or the lower range is overrun. In this case a new baseline will be established, upon agreement, and a new variation range will be set forth for that new baseline. |
Starting baseline for the volume of backups:
Type | Frequency | Retention | Average volume per backup performed (GB) | Weekly average Volume | ||||||||
Oracle | Every day, 5x a day | 15 days | 150,00 | 1.050,00 | ||||||||
Oracle | Every day | 15 days | 1.200,00 | 8.400,00 | ||||||||
Filesystem | Wed-Mon | 15 days | 40,00 | 240,00 | ||||||||
Filesystem | Tues. | 30 days | 145,00 | 145,00 | ||||||||
Filesystem | Every day | 78 weeks | 235,00 | 1.645,00 | ||||||||
Oracle | Every day | 15 days | 2,00 | 14,00 | ||||||||
Oracle | Mond-Sat. | 15 days | 2,00 | 12,00 | ||||||||
Oracle | Sunday | 30 days | 33,00 | 33,00 | ||||||||
SQL | Every day | 15 days | 8,00 | 56,00 | ||||||||
MSESE | Every day | 15 days | 40,00 | 280,00 | ||||||||
SQL | Every day | 15 days | 63,00 | 441,00 | ||||||||
SQL | Every day | 15 days | 11,00 | 77,00 | ||||||||
MSESE | Every day | 15 days | 5,00 | 35,00 | ||||||||
Oracle | Every day, 2x a day | 15 days | 50,00 | 350,00 | ||||||||
Oracle | Fri-Wed. | 15 days | 50,00 | 300,00 | ||||||||
Oracle | Thurs. | 30 days | 3.000,00 | 3.000,00 | ||||||||
5.034,00 | 16.078,00 |
Variation
The following table specifies the model:
Service | Measurement criteria | Base | Delta | Limit value of the Managed park pursuant to the present agreement | ||||
-Management and support services - Operation and monitoring - SOC services | Managed server | 135 | 20% (more or less) | 108 n servers 162 | ||||
Service | Measurement criteria | Base | Delta | Value | ||||
DB Administration | Managed DB instance | 4 | 25% more or less | 3 BD 5 | ||||
Service | Measurement criteria | Base | Delta | Value | ||||
Hosting services* | Hosted equipment | 1 | (1) | |||||
Backups services* | GB | Case-by-case analysis (2) |
(*) | In these cases no growth amortizations may occur and should there be an increase or decrease, it must be reflected in the price of the immediately following month |
(1) Hosting
The value of the hosting services depends not only on the occupied space, but mainly on the energy consumption of the hosted equipment.
Additional Empty Rack: 130Eur
Additional Server 1CPU: 40EUR (350W and 1, 5KEur for insurance purposes) Additional Server 2CPU:
57Eur (500W and 3KEur for insurance purposes)
Additional Server 4CPU: 114Eur (1000W and 10KEur for insurance purposes)
The amount calculated for additional servers corresponds to the cost of actual consumption of the equipment multiplied by 2.1, plus a management fee of 5%. The cost of KWh considered for 2009 is €0.0697, this value compares to the value of 0,1211€, applied in the single rate for low voltage between 2.3 kVA and 20.7 kVA (xxx.xxx.xx).
(2) Backups-price estimate for growth
The amount for the backups service depends on the volume of data and the applied retention. The unit is the volume of weekly data in Terabytes (TB) with the following mix for retention:
• | 60% of the volume with a retention of 15 days |
• | 25% of the volume with a retention of 30 days |
• | 15% of the volume with a retention of 546 days (18 months) |
Additional value per TB for weekly backups: EUR 200
Considering the model proposed in the value of Mainroad services, for 2009 we propose the following:
Services | Monthly fee 2009 | |||
Management and support services: | ||||
- System management | ||||
- Database management | ||||
- Networking management | ||||
- Advanced security services | ||||
Data Center Services | ||||
- Hosting | ||||
- Backups | ||||
Total | EUR 19.000,00 |
These values are based on a 3-year agreement with automatic annual renewals.