Transcription
STATEMENT OF WORK - Service DescriptionManaged Hosted ServerAtos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Bull, Canopy, equensWorldline, Unify, Worldline and ZeroEmail are registered trademarks of the Atos group. August 2017 Copyright 2017, Atos IT Solutions and Services Inc.All rights reserved. Reproduction in whole or in parts is prohibited without the written consent of the copyright owner.
ConfidentialContents1Scope of services . 31.1Managed Hosted Server Services . 31.1.1 Description . 31.1.2 ITIL Process Delivery and Service Desk Support . 41.1.3 Managed Windows Server . 61.1.4 Managed Linux Server . 71.1.5 Operational Activities . 71.1.6 Security Management . 91.1.7 Virus Protection Management .101.1.8 Virus Protection Management – Outbreak Management .101.1.9 Software Distribution — Fixes & Patches .111.1.10 Cluster Management — Single Data Center.121.1.11 Server Decommissioning .121.1.12 System Backup and Recovery .131.1.13 Print Management .132Service levels and service requests . 152.1Managed Server Service Levels .152.1.1 Service and Support Availability .152.1.2 Standard Reports .163Transition . 173.1General Principles .173.2Transition Approach.173.3Transition and Transformation Program Overview .173.4Transition Activities .173.4.13.4.23.4.33.4.43.4.5Pre-Transition Activities – Operational Readiness .17Transition Phases .18Transition Organization .18Supplier Roles and Responsibilities .18Customer Roles and Responsibilities .193.5Communication .193.6Transition Responsibilities .203.6.1 Transition Roles and Responsibilities .203.7Customer Obligations .203.7.13.7.23.7.33.7.4Knowledge Transfer .21Pilot Testing .22Deployment of Service Management and Services .22Handover .234Appendix A: Volumes and Assumptions . 244.1Minimum volumes .244.2Assumptions .24Doc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.InitialsInitialsAtos2 of 24
Confidential1Scope of services1.1Managed Hosted Server Services1.1.1DescriptionExecutive SummaryAtos is a comprehensive IT services provider who can provide any services that state and localentities need, from Mainframe to High Performance Computing. Atos has extensive experience insimilar environments to yours and delivers with a “service Beyond Reason’ mentality.Government ExpertiseWith more than 13 billion inannual revenue, Atos provides ITservices across the spectrum oftechnology with a companyfocus in the State & Local andPublic Sector based on thefollowing highlights: 11,000 business technologistsfocused on delivering publicsector projects and solutions More than 22 percent of totalrevenues coming from work forcentral, regional, and localgovernments 40 years’ experience of designing and delivering public sector projectsWe have experience in transitioning large, complex state and local governments, such asthe State of Texas, from existing incumbent providers, including the provision of the future todayvia our Atos government cloud framework. This allows ultimate flexibility and service choice forstate agencies, local governments and educational institutions.Atos is an expert at providing advanced server services to local and state government entitieswith various compliance requirements. Atos has designed the services within this proposal tosupport normal generic state and local requirements, any specialized requirements can beaccommodated with adjustments to meet the specific requirements. The following sectionsdescribe the services provided in more detail. What is included? Hosting of servers – data center infrastructureServer hosting can include both physical and virtual servers and databasesComprehensive server management both pro-active and re-activeBasic server securityA centralized, enterprise service desk to capture and record incidents and requests viaemail, voice, via mobile devices and chat if desiredStorage managementNetwork managementSystem and data backups – Tape or replication basedDR plans and architecture to support needs for sustainabilityDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.InitialsInitialsAtos3 of 24
ConfidentialAtos delivers all these services with a client centered framework and more importantly, attitudethat we call ‘Service Beyond Reason’.Service Beyond ReasonAtos’ foremost objective is to ensure we exceed expectations and fulfill our client’s vision.With one of the highest contract renewal rates in the industry, Atoslives and breathes a “Client for Life” approach for our clients.What is Service Beyond Reason? It means understanding your goals andyour needs and managing the services to those as opposed to a contract. Itmeans over-communicating and going the extra mile to be sure we deliverfor you and for your clients as well. Service Beyond Reason is not measuredvia SLAs or KPIs but purely via the satisfaction of our clients ascommunicated daily, weekly and monthly.Being the best in providing public sector services to states, cities, and counties, no othercompany has the proven experience, capabilities, and happy clients like Atos, we are bringingour best to you! We look forward to meeting with you and working together to ensure yourongoing success.Managed Server Services provides certain activities related to the Server Hardware and theOperating System, and addresses the following: Resolving IncidentsDaily operationsRetaining securityTooling required to execute these activitiesThe Supplier executes daily operations/monitoring for the Managed Server environment.Managed Hosted Server Services is available in four variants: Windows Tier 1 (24x7 Support) Standard Linux Tier 1 (24x7 Support) StandardManaged Server Services includes the following components: 1.1.2Service Desk and ITIL SupportOperational ActivitiesSecurity ManagementVirus Protection ManagementVirus Protection Management – Outbreak ManagementSoftware Distribution – Fixes & PatchesCluster Management – Single Data CenterServer DecommissioningSystem Backup and RecoveryPrint ManagementITIL Process Delivery and Service Desk SupportAtos will provide our global ITIL-based process governance framework, branded as the AtosService Management Methodology (ASMM). This methodology is designed using a combination ofindustry best practices and Atos’ practical experience in delivering managed services in anenterprise environment. The services are delivered through an independent delivery organization;the US based Atos Service Management Center (SMC), which is dedicated to the processgovernance activities required to ensure the successful deployment and delivery of services in amanaged outsourcing engagement. The SMC leads will define, document and maintain theDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.InitialsInitialsAtos4 of 24
Confidentialprocess flows, integration points and procedures necessary to support the mainframe servicesincluded in this contract. As shown in the following table the SMC will provide the followingprocess level functionality in support of the mainframe services.ProcessSMC ResponsibilityIncidentManagementResponsible for managing lifecycle of all incidents. The SMC will monitor theprocess to ensure it is efficient and effective, identify trends, improve recoverytime, and identify service improvementsMajor IncidentManagementWork to effectively and efficiently manage Major Incidents ensuring appropriatecommunication and swift resolutionChangeManagementManage IT changes and deliverables while managing risk. The SMC will managechanges related to the services and the change process including:Prioritize and categorizeAuthorize and schedule, implementationReview the implementationParticipate in the CAB meetingsAdditionally, the SMC will ensure that standardized analysis, reviews andapproval processes are followed, artifacts captured, and the appropriate auditfocus given.ProblemManagementResponsible for managing the lifecycle of all problems. The SMC will identifyneeded corrective actions, create and manage action plans to resolve knownerrors, update the knowledge database, provide quality assurance (root causeanalysis, actions identified and closed), and provide proactive problem analysisto identify trendsRequestFulfillmentResponsible for end-to-end management of the Service Request Lifecycle. TheSMC will monitor the process to ensure it is efficient and effective, identifyservice improvements, provide management reporting and quality assurance(consistent delivery, manage backlog, information gathering)Service Asset &ConfigurationMgmt.Provide and maintain information on Configuration Items required to deliver anIT service, including their relationshipsCapacityManagementResponsible for ensuring that the capacity of the IT service meets the businessrequirements in a cost-effective, efficient, and timely mannerKnowledgeManagementResponsible for working with the towers to ensure knowledge articles aredeveloped and maintained with the internal and customer-specific knowledgeProcess ServiceManagerContributes to overall service delivery improvement process strategy incollaboration with the AMO and other delivery linesAtos will implement our Atos Technology Framework (ATF) including ITSM functionality and anextensive integrated toolset that serves as the foundation for Atos’ service management services.Doc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.InitialsInitialsAtos5 of 24
ConfidentialThe underlying advanced autonomics, discovery, monitoring, and management tool sets are fullyintegrated within the platform and deliver alert information to automated processing correlationtools, which then trigger Atos ServiceNow for automated ticketing and direct routing to Atossupport teams or automated resolution.The Atos Service Desk will support the delivery of these ITIL process based services, taking callsfor any needed changes or to report incidents and using ServiceNow will ensure that theprocesses described above are delivered effectively. Atos service desks take millions of calls peryear and have experience across all sectors and services.1.1.3Managed Windows ServerManaged Windows Server: Applies to Servers running Microsoft workplace-related applications. Supports Windows Server 2016 and 2012 current version (N) and previous versions (N-1), andService packs for all supported versions. Provides activities related to installation, configuration, and maintenance of hypervisorenvironments supporting virtualized Windows Servers. By default, the Supplier shall deploy Server instances virtualized, though may, at its option,deploy Servers physically.The following Services are out-of-scope and are not part of the Managed Windows Server forWorkplace: Special Server Hardware configurations and specific peripheral Equipment needed for specificApplications Cloud services First-line End User support by telephone Technical and functional management of the Applications running on top of the providedplatform Services on delegation or project basis, such as technical consultancyThe Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 1 Managed Windows Server Responsibility MatrixNo.Task1.Provide a virtualized environment based on respective hypervisor tools.X2.Perform special backup functions.X3.Monitor and detect unexpected Hardware events.X4.Automatically monitor resource utilization against predefinedthresholds.X5.Process error information of relevant Hardware manufacturers.X6.Notify Third Parties, when Incidents or Problems related to this Servicerequire attention of a support vendor.X7.Perform management with performance tuning such as configuring theHardware.X8.Perform operational activities such as regular housekeeping of theServers.XDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.SupplierInitialsInitialsAtosCustomer6 of 24
Confidential1.1.4Managed Linux ServerManaged Linux Server supports Enterprise Linux, from Red Hat and Novell SUSE Linux EnterpriseServer, current version (N) and the previous version (N-1), and Service packs for all thesupported versions.The Managed Linux Server is applicable for Servers running multi-discipline Applications.The following are out-of-scope and are not part of Managed Linux Server: Special Server Hardware configurations and specific peripheral Equipment needed for specificApplications Cloud services First-line End User support by telephone Technical and functional management of the Applications running on top of the providedplatform Services on delegation or project basis, such as technical consultancyManaged Linux Server supports activities related to installation, configuration, and maintenance ofhypervisor environments supporting virtualized Linux servers.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 3 Managed Linux Server Responsibility Matrix1.1.5No.TaskSupplier1.Provision of virtualized environment: Respective hypervisor tools Special backup functions Separate performance management and requires access to consolefacilitiesX2.Monitor and detect unexpected Hardware events.X3.Automatically monitor resource utilization against predefinedthresholds.X4.Process error information of relevant Hardware manufacturers.X5.Notify Third Parties when Incidents or Problems related to this Servicerequire attention of a support vendor.X6.Perform management with performance tuning such as configuring theHardware.X7.Perform operational activities such as regular housekeeping of theServers.XCustomerOperational ActivitiesOperational activities address the administration, monitoring, maintenance, and support for themanaged Server environment.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Doc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.InitialsInitialsAtos7 of 24
ConfidentialTable 4 Operational Activities Responsibility MatrixNo.Task1.Monitor the managed Server management Infrastructure.X2.Monitor virtual and physical instances.X3.Via event management, detect unexpected Hardware events relating tomemory, processors, disks, and Network.X4.Via event management, detect unexpected Operating System Softwareevents.X5.Automatically monitor resource utilization such as disk, memory, andprocessor against predefined thresholds.X6.Review capacity for current utilization, maximum and availablecapacity.X7.Invoke overarching Capacity Management process when capacitythresholds are in jeopardy, at risk, underutilized or exceeded.X8.Where the Customer owns the Hardware, meet the costs of anyadditional capacity.9.Provide specialist support for Incidents that cannot be solved by a firstline support organization.X10.Manage the accounts that Supplier uses for the Operating Systemadministration.X11.Create and manage accounts used by Services on the system.X12.Create and manage accounts used to administer such Services.X13.Create, manage, and remove temporary accounts for installation ofServices.X14.At the Supplier’s sole discretion, separate duties through its Delegationof Control models, which are based on the Supplier Security baselines.X15.Administer accounts and Application management accounts withrelation to local server functions.X16.Agree to a rights and delegation model to confirm that admin rights areused correctly.X17.Agree to a rights and delegation model to confirm that admin rights areused correctly.X18.Provide Customer-specific information (e.g., user accounts, passwords,account requirements).X19.Schedule and perform regular housekeeping of the Servers.X20.Schedule and perform Server maintenance activities.X21.Schedule and control the correct functioning of the Servers.X22.Each day, check that the processes and automation are working asintended.X23.Coordinate Incident Management and monitoring related activities.X24.Update ticket status on applicable tickets.X25.Update work instructions.X26.Start, shut down, and re-start (scheduled and non-scheduled) Serversor Services/tasks and related Applications routinely, after a failure ofthe Operating System and for maintenance.X27.Coordinate recovery of Hardware/Software/Operating Systems to aknown/consistent state after Failure.X28.Execute system commands on the console command line, such ascommands needed to install patches, commands for Deviceinformation, check statuses.X29.Stop and start the Server, when instructed by the Application supportowner, as part of an Application restart.XDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.SupplierInitialsCustomerXInitialsAtos8 of 24
Confidential1.1.6No.Task30.Resolve Operating System-related incidents in the field betweenOperating System and Application, with the corresponding problemmanagement activities.SupplierXCustomer31.Deliver Operating System support for the Application vendor.X32.Deliver support for the internal Storage under the Application data.X33.Work with Application-responsible personnel to determine that theApplication is working correctly with the underlying Operating Systemand patches.X34.Distribute all patches in the Maintenance Windows defined in the 2.1.1Service Levels section.X35.Before the Supplier can change the environment (Operating System orpatches), provide authorized approval from Application-responsiblepeople.36.Change the environment (Operating System or patches) followingauthorized approval from Application-responsible people.37.As the Application owner, approve any changes to the Applicationenvironment.38.Change the Application environment based on approved changes fromthe Application owner.X39.Discuss and agree to a certain Operating System for the Application.X40.Discuss and agree to a certain Operating System for the Application.41.Discuss and agree to the resolution to events (Incidents) that are acombination of the Operating System or the Application.42.Discuss and agree to the resolution to events (Incidents) that are acombination of the Operating System or the Application.X43.Where the Customer manages the Application contract, the Customer isrequired to provide the Supplier with any necessary access to anyApplication manufacturer’s support facilities required to perform theduties listed herein.X44.Monitor and detect unexpected Hardware events.X45.Automatically monitor resource utilization against pre-definedthresholds.X46.Process Hardware manufacturers’ error information.X47.Notify Third Parties when Incidents or Problems require supportSupplier.X48.Provide performance tuning, such as configuring the Hardware.XXXXXXSecurity ManagementSecurity management activities shall be performed within the scope of the managed ServerService to comply with the Supplier’s Security standards.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 5 Security Management Responsibility MatrixNo.Task1.Setup and Manage the Operating System environment, in accordancewith the Supplier’s baseline standards (a set of administrative Securityguidelines that maintain a high level of Security at an organizationaland technical level).X2.Automatically monitor Security settings.XDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.SupplierInitialsInitialsAtosCustomer9 of 24
Confidential1.1.7No.Task3.In the event of a Security setting deviation, notify the Supplier and theCustomer’s Security officers and take appropriate actions.SupplierCustomer4.In the event of a Security setting deviation, notify the Supplier and theCustomer’s Security officers and take appropriate actions.5.Enforce a Security policy, such as password length, strength andduration, data protection, according to the Supplier’s baselines.X6.Provide physical Security of the Hardware Infrastructure based on theSupplier’s data center policies.X7.Request logical access to Infrastructure components for the Customeror on behalf of Third Parties for the purposes of Application-relatedincident resolution, Application Change implementation, or Applicationpatching.X8.For any access, adhere to the Supplier’s Security Policy.X9.Where a Security Incident exists, may be required to sanctionunscheduled outages and authorize emergency changes.XXXVirus Protection ManagementThe virus protection management service shall confirm that the Operating System is protectedagainst malware threats.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 6 Virus Protection Management Responsibility Matrix1.1.8No.Task1.Use Supplier’s endpoint protection Service to secure the OperatingSystem.SupplierX2.Use pattern and heuristic technologies to provide traditional protectionagainst malware.X3.Provide file reputation Services to detect malware.X4.Monitor the functioning of the servers’ central components of theendpoint protection Service.X5.Notify the Supplier of all relevant and valid non-Microsoft Applicationsso that the Supplier can differentiate between acceptable configurationsand viruses.6.Based on Customer-provided information of relevant and valid nonMicrosoft applications, differentiate between acceptable configurationsand viruses.CustomerXXVirus Protection Management – Outbreak ManagementThe virus protection management – outbreak management Service provides management of virusoutbreaks. In the event a virus is not stopped by the endpoint protection Service, this Serviceshall manage the outbreak.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Doc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.InitialsInitialsAtos10 of 24
ConfidentialTable 7 Virus Protection Management – Outbreak Management Responsibility Matrix1.1.9No.Task1.SupplierWhen there is a virus outbreak and there is a definition file, takeappropriate actions to infected files/systems, such as ad hoc updates ofthe virus detection tool and virus definition file, and manual removal ofmalware.X2.As deemed appropriate solely by the Supplier, shut down the Server orNetwork as a preventive measure. If the time and situation allows,consult with the Customer.X3.Accept and support the necessary shut down of the Server or Networkas a preventive measure.CustomerXSoftware Distribution — Fixes & PatchesThe Software distribution — fixes & patches Service provides Software fix and patch Servicebased upon the respective vendor patch policy.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 8 Software Distribution — Fixes & Patches Responsibility MatrixNo.Task1.Analyze respective vendor releases of new security or operating systempatches. Implement as relevant in the Maintenance Window, defined inthe 2.1.1 Service Levels section.X2.Analyze relevant patches from other Suppliers within the Supplier’sManaged Server scope. Prepare for distribution and distribute in theMaintenance Window defined in the 2.1.1 Service Levels section to allinstances of the corresponding Operating System version and release.X3.Define the order of patches to be implemented.X4.Inform the Customer which changes are executed at what time.X5.During the Maintenance Window defined in the 2.1.1 Service Levelssection, reboot the Server when required.X6.Install Service packs when respective vendors regularly issue a Servicepack.X7.Support the current and previous Service packs for all supportedreleases.X8.To maintain a secure environment, use Supplier-approved Tooling tomonitor/report on the patches/Service packs status for the baseOperating System.X9.Implement Tooling and policies for updating systems.X10.Analyze information for impact, deployment speed, sequence, andcommunication paths required.X11.Accept analysis of information for impact, deployment speed, sequence,and communication paths required.12.Deploy patches, hot fixes, and service packs during the MaintenanceWindow defined in the 2.1.1 Service Levels section.X13.Monitor the correct deployment of mandatory patch levels.X14.When present in Change Advisory Boards (CABs), approve Changes andsign off when completed.X15.Where managing an application contract, provide the necessaryinformation and access to the application manufacturers supportfacilities that affect the patching duties listed herein.XDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.SupplierInitialsCustomerXInitialsAtos11 of 24
Confidential1.1.10 Cluster Management — Single Data CenterMicrosoft clustering Service (MSCS) management provides high availability environment. A clusteris at least two Servers working together to provide the high availability. Applications running onthe system must be cluster-aware on the respective cluster management Software.The Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 9 Cluster Management – Single Data Center Responsibility MatrixNo.TaskSupplier1.Manage the MSCS with optionally Microsoft certified external Storage orHardware Network load balancing services for high availability in aWindows environment.X2.Manage the respective vendor cluster Software for high availability in aUNIX/Linux environment.X3.Check Changes for the effect on the cluster environment.X4.Prepare, communicate, plan, execute, and follow up on failover clustertests.X5.Perform activities resulting from operating system Software distributionChanges, such as cluster Software updates.X6.Perform activities resulting from start and stop of cluster managementService.X7.Perform activities resulting from the addition of cluster monitoring.X8.Add/remove additional cluster nodes.X9.For existing clusters, conduct cluster installation assessment.XCustomer1.1.11 Server DecommissioningThe Server decommissioning Service provides the removal of managed Servers that are no longerrequired in an environment.The following Services are outside of the scope of this Service: Transport of Hardware to Customer or a Third Party, e.g. lease company Destruction of Hardware or Hardware components in an environmental friendly way Accounting for compliancy demands, e.g. erasing hard disks Final backup of data, safeguarding of application backup media for a longer periodThe Customer and the Supplier shall comply with the responsibilities, as set out in the followingtable.Table 10 Server Decommissioning Responsibility MatrixNo.Task1.When the Server is stopped, remove logical components of a physicalor virtual Server.X2.Communicate to the Customer regarding stopping a Server or virtualServer and all its related items.X3.Remove the Server from administration.X4.Discontinue Hardware maintenance contract and inform owner.X5.In the event the Customer requests deletion of data, coordinate servicewith the disposal provider.X6.Dispose Supplier-owned Hardware, if not virtualized.XDoc. No: 9000322471 Copyright 2017, Atos IT Solutions and Services Inc.SupplierInitialsInitialsAtosCustomer12 of 24
ConfidentialNo.Task7.Remove from monitoring systems and CMDB.Supplier8.If required, specify that data destruction is necessary during Ha
Print Management 1.1.2 ITIL Process Delivery and Service Desk Support Atos will provide our global ITIL -based process governance framework, branded as the Atos . Incident Management Responsible for managing lifecycle of all incidents. The SMC will monitor the process to ensure it is efficient and effective, identify trends, improve recovery
