Appendix E

APPENDIX E: UNIFYED CLOUD HOSTING AND MANAGED SERVICES OVERVIEW

Unifyed Cloud Hosting And Managed Services Overview

Unifyed provides comprehensive 24x7x365 hosting capabilities in the Unifyed Cloud. With Unifyed's hosting and managed services, you can leverage the Unifyed's technical expertise and infrastructure to help reduce your implementation timeframe without the usual upfront infrastructure costs — or the ongoing implementation and management headaches.

When you select Unifyed for the day-to-day hosting and technical management of Unifyed, you gain comprehensive application expertise and reliable IT infrastructure designed to keep your Unifyed solution running smoothly and dependably. Unifyed ensures that your implementation of Unifyed achieves minimum 99.9% up-time on a yearly basis.


Unifyed's Cloud Hosting Service Features:

  • Standard Grade Datacenter Facility
  • Standard Datacenter Equipment
  • Multi-homed, Redundant Internet Connectivity
  • Robust Network, Application, and Physical Security
  • Maintenance of Virtual Instance and Operating System
  • Unifyed Application Administration and Management for Upgrades, Security Patches, Restarts as per SOW
  • Unifyed Database Administration Management Upgrades, Security Patches, Restarts as per SOW
  • Unifyed uses multiple AZ's present in the Amazon environment for high availability of the application (both application and DB).
  • 24x7x365 Network Operations Center staffed by a team of engineers monitoring your applications around the clock

Unifyed's Cloud Hosting Service Benefits:

  • Eliminate upfront capital expenditures – Unifyed takes care of all the equipment and provisioning costs.
  • Maintain high performance, availability, stability, and security while reducing overall cost of ownership.
  • Improve performance and productivity – concentrate your team on its areas of core strength and not infrastructure.
  • Eliminate unplanned downtime and performance issues with our "best-in-class" service level agreements (SLAs).
  • Gain peace of mind knowing your Unifyed solution will be consistently available to those who need it most – your customers.

Reliable

Amazon® EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazon®'s proven network infrastructure and datacenters. Note: The Amazon® EC2 Service Level Agreement commitment is 99.9% availability for each Amazon® EC2 Region.


Secure

Amazon® EC2 works in conjunction with Amazon® VPC to provide security and robust networking functionality for your computed resources.

  • Your compute instances are located in a Virtual Private Cloud (VPC) with an IP range that you specify. You decide which instances are exposed to the Internet and which remain private.
  • Security Groups and networks ACLs allow you to control inbound and outbound network access to and from your instances.
  • You can connect your existing IT infrastructure to resources in your VPC using industry-standard encrypted IPsec VPN connections.
  • Your EC2 resources can be provisioned as Dedicated Instances. Dedicated Instances are Amazon®® EC2 Instances that run on hardware dedicated to a single customer for additional isolation.

Next Generation Cloud:

Just as Amazon® Simple Storage Service (Amazon® S3) enables storage in the cloud, Amazon® EC2 enables "compute" in the cloud. Amazon® EC2 uses Amazon® EBS and Amazon® S3 to provide reliable, scalable storage of your Amazon® Machine Images (AMI) so that we can boot them when you ask us to do so. Amazon® EC2 works in conjunction with Amazon® Simple Storage Service (Amazon® S3), Amazon® Relational Database Service (Amazon® RDS), Amazon® SimpleDB and Amazon® Simple Queue Service (Amazon® SQS) to provide a complete solution for computing, query processing and storage across a wide range of applications.


Backup & Recovery Powered By Amazon® Elastic Block Store (EBS)

Backups for the mentioned EBS volumes are taken through Amazon Snapshots on daily basis which apparently are stored in the Amazon's most persistent and 99.9% durable storage. These snapshots are stored for 30 consecutive days as per the our current policy which can be changed as required.

Unifyed use Amazon® Elastic Block Store (EBS) that offers persistent storage for Amazon® EC2 instances. Amazon® EBS is recommended when data changes frequently and requires long-term persistence. Amazon® EBS volumes are particularly well-suited for use as the primary storage for file systems, databases, or for any applications that require fine granular updates and access to raw, unformatted, block-level storage. Amazon® EBS is particularly helpful for database-style applications that frequently encounter many random reads and writes across the data set.




Storage Powered By Amazon® EBS Snapshot

An Amazon® EBS snapshot is a point-in-time backup copy of an Amazon® EBS volume that is stored in Amazon® S3. Snapshots are incremental back-ups, which mean that only the blocks on the device that have changed after your most recent snapshot are saved. When you delete a snapshot, only the data exclusive to that snapshot is removed. Active snapshots contain all of the information needed to restore your data (from the time the snapshot was taken) to a new Amazon® EBS volume.


Amazon® Virtual Private Cloud

Amazon® Virtual Private Cloud (Amazon® VPC) lets you provision a logically isolated section of the Amazon® Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.


DDoS Protection Powered By Amazon® Web Services

This service enhances AWS' basic DDoS mitigation capabilities so that your business-critical applications are always secure against all types of DDoS attacks. Using advanced traffic inspection technology, DDoS Protection for AWS automatically detects and mitigates volumetric network (OSI layer 3) and sophisticated application (layer 7) DDoS attacks—with zero business disruption to users. If you are a target of DDoS attacks, Unifyed recommends additional DDoS protection using services such as CloudFlare, Akamai and Incapulsa.


Monitoring Powered By Nagios®

At Unifyed, we utilize best-of-breed monitoring and operations center solutions to ensure uptime and accessibility. Unifyed uses Nagios® network management system (NMS) solution for monitoring. Nagios® monitors critical systems and services on a 24/7 basis, ensuring uptime, reliability, availability, and assuring you of receiving your 99.9% uptime guarantee.



In addition to providing you with monitoring capability, Nagios® is utilized by our 24/7 network operations center to monitor and control servers on a global basis. The NOC is utilizing Nagios® to monitor your Unifyed solution every minute of every day, year round.

Beyond ensuring that downtime is dealt with appropriately, Nagios® provides Unifyed a window into the health of your portal server. Through these health check dashboards and monitoring services, the NOC and Unifyed' Support Team can prevent critical infrastructure and services from going down and stop problems before they start – providing you with dedicated resources that are working each day to find and correct problems and maintain your servers in optimum health.




Unifyed Cloud Security

Given a seemingly constant stream of announcements related to security breaches, loses of identity data, and the increasingly rigid legislative environment, protecting your institutional and user data is a key consideration for any service deployment.

Unifyed takes our Member's security extremely seriously and has implemented multi-tier security architecture. Leveraging both industries best practices, third party audits, leading hardware, software, and tools – your data is protected from both hostile attack, and inadvertent release.


Unifyed Data Security Architecture

Unifyed believes the primary role of Unifyed Web Digital Campus is to aggregate, display, and provides access to information - not to store or manage it. Whenever possible management, security and control of information is delegated to institutional core information systems, with Unifyed serving as a conduit, but not maintaining copies or storing user information, aside from that required to look up records.

For example: in the case of integration with an institutional ERP system for Course Grade data, information is retrieved when the user requests it (by accessing a page with portlets displaying the content). The user is identified to the ERP system, and records for that user are displayed in the portal, but not persisted past the end of the user's login session. This architecture allows both:

  • Local enforcement of data access rules and policy
  • Increased security by limiting the dissemination of information

Application Security

The Unifyed web services utilize HTTPS for securing information between the end user and the Unifyed solution. Users can be assured that their grades, financial aid, and other private information are not publicly accessible and susceptible to sniffing attacks that could occur when HTTP is utilized. Web services are verified with Secure Socket Layer (SSL) certifications to verify hostnames and to prevent "spoofing" attacks.

  • Role-Based Access Control allows fine-grained control over data and resources
  • Encryption/Hashing of password and other sensitive data prevents disclosure
  • Delegated Administration over application data allows scoped administration
  • User-based system integration – user information is passed to backend systems allowing for authorization to be enforced at the source
  • Logging & Auditing of access to critical information to aid in diagnostics and recovery
  • Institutional Integration – we use your Directory/SSO infrastructure for end-user authentication, immediately reflecting access/provisioning changes, password policies, etc.

Operational Security

The Unifyed staff takes protective measures to ensure that root passwords, application administrator passwords, and other sensitive information is stored on protected volumes that are accessible only to authorized personnel. Access from Unifyed to the applications you have integration to Unifyed is secured via IPSec VPN tunneling to ensure integrity of any confidential data. These measures and more are all designed to ensure that your Unifyed Web Digital Campus remains available to your users but a secured pathway into your Standard environment.


Privacy

The Unifyed service has crafted a clear and concise statement on privacy concerns, and includes the statement as part of the standard Unifyed service agreement. Unifyed complies with all relevant federal and state laws regarding privacy, including FERPA. Your users' information is never sold to any third party, and Unifyed does not allow its staff to access your students' private information other than for testing purposes.

Your servers will be hosted on dedicated virtual machines. Root passwords, application administration passwords, and other such secure passwords will be site-specific. Root access will be restricted to verified and authorized system administrators only.

Note: For further details on Unifyed's Network Security, ask your Unifyed Customer Success Manager for Unifyed Network Security Whitepaper.


Unifyed Hosting Service Level Agreement (SLA)

Unless otherwise specified in your SOW, Unifyed provisions Standard Edition of Unifyed in a configuration with the following specifications:

  • Disk: 18 GB of SAN storage
  • 4 Virtual CPUs
  • 15 GB of RAM
  • 1 Mbps outbound utilization per year

The virtual server provided for Unifyed Standard Edition supports max 600 (six hundred) active users (stressed mode) which can create total of 1,800 (eighteen hundred) concurrent sessions at HTTP layer in login throughput based load/stress test.

Note: For organizations that require additional active users, Unifyed also has an additional configuration e.g. Unifyed Advanced Enterprise Architecture or Unifyed Advanced Dynamic Enterprise Architecture. Contact your Customer Success Manager for further details on Unifyed Advance Architecture.


System Availability, Response & Maintenance

System Availability

  • Unifyed is a 24x7 application with minimum availability levels of 99.9% system uptime per year. Availability applies to your Unifyed production nodes only, unless otherwise stated in your SOW.
  • This availability does not include downtime caused by the following scenarios:
    • Scheduled downtime where notice is given to Clients, or where the Member's Unifyed solution is taken offline due to Member requested work needing to be performed (eg. Upgrade).
    • Any deletion of pages, content, data by Member that causes the unauthenticated content to be inaccessible to users. (Eg: Deletion of system folders).
    • Any unavailability caused by circumstances beyond our reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving our employees), Internet service provider failure or delay, or denial of service attack.
  • Unifyed will not be accountable for downtime occurred due to issue(s) from Member's end
  • Minimum 24 hour notice of planned system outages.
  • Access 9am-5pm ET to dedicated support team including Tier 1 and 2 tech support (see SOW for details).
  • Access 24x7x365 to dedicated support team for Priority 1 incidents (see SOW for details).

Note: For Clients that require 24x7x365 access to Unifyed Support for Priority 2-5 support requests or custom Solutions available, contact your Customer Success Manager for Platinum Support pricing information.


Unifyed Maintenance

  • Scheduled maintenance and service windows
  • Advanced notification of outages
  • Standard upgrades, bug fixes, performance analysis, storage maintenance
  • Unit tested, load tested, and user tested code
  • Daily backups and pre-maintenance snapshots
  • Backup and archive windows are fully configurable and can be set per Member
  • Backup archives can be requested for compliance with your governance and regulation. Depending on the request, there may be Professional Services fees.

Monitoring & Reporting

  • Report of system performance metrics available upon request
  • Report of service calls broken down in timeframes available upon request
  • Report of system usage statistics available upon request

Dedicated Staff

  • An assigned Unifyed Customer Success Manager
  • Single point of contact for Unifyed
  • Meets online regularly with Member (determined at time of kick-off)
  • Responds in a timely manner to e-mails and phone calls
  • Focused on current status, needs, issues and planning
  • Availability on IM if the Member is using O365