Updated June 12, 2019
This Service Guide (“SG”) sets forth a description of the CenturyLink Cloud Service (“CenturyLink Cloud” or “Service”) including technical details and additional requirements or terms, if any. This SG, the Supplemental Terms, and the Service Level Agreement (SLA) are subject to and incorporated into the governing agreement and Service Schedule between the parties. The specific details of the Service ordered by Customer will be set forth on the relevant Service Order.
CenturyLink Cloud is a suite of cloud services which includes use of virtual servers, orchestration, network, and application services in a multi-tenant service data center environment. CenturyLink provides the infrastructure-including space and power, compute resources, storage resources, virtualization operating system, networking resources-and use of the Control portal and API for provisioning and management.
CenturyLink Cloud Services are available in several regional markets globally, including North America, EMEA, and Asia Pacific. Pricing details and any price variances between regions can be found on the CenturyLink Cloud website: https://www.ctl.io/pricing.
CenturyLink Cloud Services' pricing is listed in USD on the website, however, if Customer elects to be billed in a currency other than USD within the Cloud portal or on a Service Order document, the Services will be invoiced in the chosen currency equivalent as of the date of the invoice and each month thereafter based on the exchange rate as of the date of invoice. For the avoidance of doubt, CenturyLink uses dynamic exchange rates to calculate all non-USD billing. This means that the exchange rate published on the day each respective monthly invoice is created will be the exchange rate used to appropriately convert the invoiced amounts from USD to the applicable currency.
Customers have the ability to purchase virtual servers throughout the Term of the Service.
Each virtual machine is a portion of the larger pool of pre-installed and integrated compute, storage, and network functionality. The customer can define the size of the virtual machine from 1 to 16 vCPUs and 1 GB to 128 GB of memory. The CenturyLink provided operating system templates include CentOS, Debian, RedHat Enterprise Linux, Ubuntu, and Windows Server.
Two types of cloud servers are available: Standard and Bare Metal.
Standard Cloud Servers use persistent SAN based block storage with an optional Simple Backup Service for file-based backup & recovery.
Dedicated physical, non-virtualized nodes that provide workload isolation with very predictable performance. Bare Metal Servers also provide an option for hosting software, which does not have licensing options conducive to virtual machines.
Unlike Standard Cloud Servers, Bare Metal Servers have fixed CPU, RAM and storage configurations. Windows Server, RHEL, CentOS, and Ubuntu operating systems templates are available for Bare Metal Servers. Bare Metal Servers deploy in less than one hour and are accessed via Control portal or APIs. Customers control Bare Metal Servers via Control portal and the API, but do not have access to the IPMI (Intelligent Platform Management Interface) console directly. In the event that a customer inhibits CenturyLink access to the IPMI, network connectivity may be disabled.
All local non-SSD storage associated with Bare Metal Servers are capable of being fully encrypted by Customer, and all SSD storage supports Instant Secure Erase (ISE) or is zeroed out after releasing a server. For storage supporting encryption by default, new encryption keys are automatically generated for Customer to use with each newly provisioned server. Encryption is controlled exclusively by the disk array controller and not within the OS or elsewhere. CenturyLink controls the encryption keys and each key is tied directly to the logical volume on the array controller. When the logical volume is deleted there is no recovery path as the associated key is destroyed at the same time by the array controller. Thus, the data is rendered unrecoverable as part of a routine rediscovery and provisioning process for servers being decommissioned.
There are seven operations that can be performed against a virtual cloud server within the server page. Applicable operations for Bare Metal Servers are "On", "Off", and "Reset".
When a server is created as part of the Create Server process which is set forth in the Control portal, the pricing information is provided within the Control portal as the configuration is adjusted by the user. Users can specify networking details including DNS information, network connectivity, or vLAN attachment. The user can also specify a server lifespan to delete the server at a user specified time.
Servers are organized within a "Server Group(s)" which are based on their resident data center, and can have resource limits, default server settings and access permissions set for individual users. Server Group resource limits are defined by the maximum number of CPUs, memory and storage. Reports and alert monitors can be created for servers within Server Groups which include ping, CPU utilization and disk utilization monitors. Users added to alerts will receive an email in the event a specified monitor metric exceed the user specified condition which includes the interval, trigger and alert limit. Schedules can also be set for Server Groups to perform regular tasks such as server archive, delete, shutdown, reboot, power on, create snapshot, and delete snapshot based on a user specified time and frequency. Scheduled tasks set on a Server Group will not be run on Bare Metal servers in the Group. Maintenance windows can also be specified by Server Group which will disable all monitoring and alerts during this time.
Resource Limits in the Control portal can also be applied to all Server Groups within a specified data center for total CPU, memory and storage as well as specific user rights to resources within that data center.
The Server Archive lists the Standard servers that have been powered down but have retained the server image. Archived servers can be restored into service or deleted from the archive. Archive storage is charged at the archived storage rate. This feature is not available with Bare Metal servers.
For Standard servers only, templates are provided by CenturyLink for many popular operating systems but private server templates can also be created or uploaded by customers. These private server templates are added to the Server Templates catalog where the template size is provided along with total storage required. Customer can use CenturyLink provided templates as a baseline to configure the operating system, install and configure applications and data, and use the Convert to Template function, which will create a template from the selected server. The server admin or root password must be provided to create a template from the VM. Templates are available for specific datacenters. Customers who wish to copy templates to multiple datacenters should open a trouble ticket with the NOC. Template storage is billed on a GB basis at the Standard Storage rate.
Customers can also upload their own templates for an additional fee. Customers initiate the process by opening a NOC ticket, and then FTP the server template to a provided FTP site. The OVF image format is recommended. Once uploaded, the NOC with ingest the server template into the platform and it will be listed in the Server Template catalogue. Server templates can be converted into a server, used to create a new server, or deleted from within the Template catalogue.
For Standard servers only, Customer may purchase at an additional cost Data Protect Backup for use with the Services ("Managed Backup"). Managed Backup enables customizable rolling backups stored locally and at a secondary regional data center. This feature may be added or removed after the server is created.
Product specific terms and technical specifications for Managed Backup are set for in the Data Protect Backup Service Guide located at http://service-guides.centurylinktechnology.com/Default.aspx. Managed Backup pricing is usage based and available for subscription within the Control portal; however, such pricing does not contribute to any applicable Service commitment or discount.
CenturyLink Cloud offers a comprehensive portfolio of Managed Operating Systems ("Managed OS") and Managed Application Services (including web, middleware, database and business applications), as defined below, for Standard servers. Both Managed OS and Managed Application Services are usage-based services, charged on an hourly basis, and designed to maximize Customer's business availability and performance. The managed and unmanaged servers can coexist on the same network.
Managed service availability can be found at CenturyLink Cloud Data Centers.
Managed OS Service provides fully managed operating system ("OS") services for the Customer. User creates a managed server on a self-service basis through the Create Server process from the Control portal.
The standard features of the Managed OS Service consist of the licensing, installation, configuration, administration, monitoring, maintenance and support for the CenturyLink-provided software components. The Managed OS includes Microsoft Windows Server and Red Hat Enterprise Linux.
Applicable fees for Managed OS Services do not apply to VMs that are "parked" or otherwise not in use.
The following table describes the Managed OS Service activities and tasks provided by CenturyLink. Note: Customer is fully responsible for reporting Managed OS disruptions or changes to CenturyLink, and for requesting new OS-level user creation/access.
|Configuration & Administration||
Managed Application Services may be purchased by launching a Managed Application Blueprint on a Managed OS. On a successful deployment, Customer will have all necessary credentials to interact with their managed environments just like any other instance in CenturyLink Cloud.
CenturyLink and imbedded automated processes take over the end-to-end process of installing, configuring, managing, monitoring, maintaining (patching, hotfixes, change management) Customer managed application(s) and provides 24x7 support.
|Managed Application Service||Available on CenturyLink Cloud Managed Windows||Available on CenturyLink Managed Red Hat Enterprise Linux|
|Datenbank||Microsoft SQL 2008||MySQL|
|Directory Service||Active Directory 2008|
Customer can increase MySQL database availability by purchasing the CenturyLink Cloud Managed MySQL Replication Service that can be added on to the standard Managed MySQL service for an additional fee and all Customers who purchase the Managed MySQL Service acknowledge and agree that they do so subject to the any applicable terms and conditions. MySQL Replication includes replication setup (master-master, master-slave), enabling replication session monitoring, and managing failover and fail-back.
The following table describes the typical operational support services and requests that may arise for Managed OS and Managed Applications provisioned on the CenturyLink Cloud platform. In the event Customer initiates a service request for tasks that are not described in the tables below, CenturyLink reserves the right to charge the customer on an hourly basis for a requested task. Please contact your CenturyLink account executive for service charge details.
|Maintenance and support||
|Support Offerings Provided for Managed Applications Services||Notes|
|24x7x365 health monitoring and incident resolution of the managed applications (i.e., IIS restarts, MySQL error)||Does not include application performance issues within managed application services.|
|Application hardening via security policies||Implements application hardening per CenturyLink security policies. Any additional settings, not included in CenturyLink's security policies, may incur an additional hourly billable charge.|
|Planned application maintenance||Generates email notifications of scheduled maintenance to Customer in time to provide 48-hours (two business days) notice.|
|Troubleshooting managed application performance||CenturyLink will investigate any Service interruptions for the managed application upon request. Any troubleshooting that impacts non-managed services (e.g. Customer's VPN, co-location hardware etc.) is an additional billable support engagement.|
|Updates to managed applications via hot-fix or patch||Hot-fix installation is available upon request.|
Except for Bare Metal servers, the Import Server page in the Control Portal allows Customers to import their existing Windows or Red Hat virtual servers into the CenturyLink Cloud. Servers can be uploaded into any cloud data center. Customers can choose the account, group, server type, storage level, and VLAN for the imported server.
The Policies page in the Control portal allows customers to create unique rules or parameters to help manage server operations. For example, policies can alert users to usage peaks or CPU memory and disk utilization thresholds. Users can be notified to take action or the policies can auto-correct server settings based on preferences established by users.
Alert policies can be set up by Customer to allow for notification via email, webhooks, and the Control portal based on customized threshold criteria. Customers can apply alert policies to entire server groups or individual servers, excluding Bare Metal servers.
CenturyLink Cloud supports both Vertical Autoscale and Horizontal Autoscale which can be applied to Standard server instances.
Vertical Autoscale policies can be set by users to scale CPU allocation up and down based on CPU utilization. Users can specify the CPU range for the Vertical Autoscale policy, threshold period of time, and increment of CPUs to scale up or down. A scale down time window can also be specified as scale down events require a reboot to complete. This policy cannot be applied to Bare Metal servers.
Horizontal Autoscale can be set by users, allowing for groups of virtual servers that meet a user-defined CPU and/or RAM utilization threshold to be scaled out/in by powering on or off one (1) or more additional virtual servers in the group.
Note: A server that has a Vertical Autoscale policy set cannot be part of a horizontally autoscaled group.
Anti-affinity groups can be created to provide an even distribution of virtual machines across different physical hosts. These policies are applied when servers are added to an existing anti-affinity pool.
Cloud Application Manager enables the customer to automate deployment, enable cost control and user governance, auto scale and manage applications and infrastructure across public clouds (i.e. AWS, Azure, CenturyLink Cloud) and private clouds (via OpenStack and VSphere).
In addition, Cloud Application Manager enables customers to manage their own environments or allows CenturyLink to manage environments on customer's behalf. This product provides the flexibility of choice in determining where to deploy and manage the application lifecycles: on-premises, hybrid, hosting, colocation and 3rd party cloud, or service provider environments. Additionally, customers can dynamically choose which workloads are customer-managed and/or which workloads CenturyLink manages. The default is customer-managed workloads, however, customers may choose to have CenturyLink managed options, which may incur additional cost and additional terms and conditions.
The primary capabilities of Cloud Application Manager focus on:
When the Cloud Application Manager is used to consume Azure and AWS services, CenturyLink oversees the financial obligations on the Customer’s account and provides a consolidated bill along with other CenturyLink services.
For additional information on Cloud Application Manger features and functionality, see the Cloud Application Manager Service Guide: www.ctl.io/legal/cloud-application-manager/service-guide/
CenturyLink Cloud Blueprints ("Blueprints") are executable templates that can create servers, install software, and execute scripts for Standard servers only. Most major operations within the CenturyLink Cloud Service are executed as Blueprints and customers can also define their own Blueprints to assist in DevOps, deployment and standardized use of the cloud.
The Blueprints Queue shows the status of all Blueprints running within a specific datacenter. CenturyLink provides publicly available Blueprints and users can create private Blueprints to be shared within their account.
The Blueprints Library lists available Blueprints that can be searched by keyword and filtered by author, solution type, operating system, and company size. A library listing show the name of the Blueprint, the configured compute and storage resources within the Blueprint, cost of deploying the Blueprint, version, visibility, tags, community rating and user reviews. The tabs within the Blueprint show the individual servers contained within the Blueprint and their individual configuration along with the number of packaged scripts and software, the sequence of operations within the Blueprint itself and bundled software. Users can click the Deploy Blueprint button to launch the Blueprint or be presented with the required user input to launch a Blueprint.
The Blueprint Designer provides a four-step process to create a Blueprint. First the user specifies basics about the Blueprint including the name, version, visibility, and description. Servers are added to the Blueprint with user specified quantities, template, and configuration and associated software and scripts. Next, tasks are created and the order of the tasks specified. Blueprints can also be nested within Blueprints as a specified task. Lastly the Blueprint is reviewed and the cost of the Blueprint is provided. The user can submit the Blueprint for publishing.
The open source and public domain Scripts and Software catalogues allows users to browse and create script and software packages. These packages are configured to run scripts, run executables, and install software. Packages are zip file which contain a package XML based manifest, executable and resources. Users can upload both script and software packages via the control interface and provide metadata describing the package and supported OS types.
This Control portal allows users to create an FTP account and credentials for an FTP site used to assist in uploading software and scripts with the platform.
The following service description applies to SafeHaven version 5.0. The service description for SafeHaven version 4.0 can be found at SafeHaven Disaster Recovery as a Service 4.0.
CenturyLink's SafeHaven Disaster Recovery as a Service ("SafeHaven DRaaS") software is a distributed software architecture that delivers group consistency and run book automation for multi-tiered applications, automates data center disaster recovery orchestration, enables continuous recovery with group consistency and checkpoints, and provides recovery/redundancy for physical and virtualized IT servers. SafeHaven DRaaS also includes a graphical user interface and is compatible with multiple server operating systems. Within this Section, Safehaven DRaaS may also be referred to as "Safehaven DRaaS Service" or "Service".
As used herein, "data centers" refers to the infrastructure on which SafeHaven Replication Node ("SRN") and Central Management Server ("CMS") are deployed and configured. Customer may designate any supported data center as the production data center, and the remaining supported data centers would thereby be the recovery data center.
In addition to the applicable Service Schedule, Customers will also be required to sign a Statement of Work and applicable contract documents for all onboarding activities prior to commencement of SafeHaven DRaaS Services. SafeHaven DRaaS is not available to Customers who click to accept the CenturyLink Cloud Master Services Agreement online.
The SafeHaven software is comprised of certain open source software. Customers must install the relevant software on all desktop or laptop computers that Customer will use for SafeHaven DRaaS administration. Please see the Knowledge Base article SafeHaven 5: Open Source Components for additional details.
DRaaS includes the system components listed below and follows a structural hierarchy in the following order:
A SafeHaven Cluster means the group of data centers Customer selects to use with their SafeHaven DRaaS Service. Each SafeHaven cluster can service up to 64 data centers. For CenturyLink Cloud, the data centers are virtual data centers, however a Customer may utilize any combination of virtual data centers and dedicated data centers; provided however, dedicated data centers will require the purchase of certain CenturyLink Managed Hosting services.
A Central Management Server is an Ubuntu 16-based lightweight virtual appliance (virtual machine) in a recovery data center that connects all the data centers/appliances together and provides access to the DR environment via a SafeHaven console (GUI), which is a standalone java client (provided by CenturyLink) utilized to access the SafeHaven cluster.
The console remotely sends commands to the CMS installed at the recovery site (as more fully described below). Commands are encrypted automatically by embedded SSL in the console and the CMS. Customers use the SafeHaven console to administer and manage their DR environment and initiate point-and-click recovery operations upon individual virtual machines, groups of servers and data drives, or entire data centers. Recovery operations include:
Each SafeHaven cluster includes a single active Central Management Server (CMS). The CMS utilizes the SafeHaven virtual appliance installed at the recovery site and is part of the SafeHaven architecture that:
The data center layer is the set of data centers Customer chooses to provision as the recovery site(s) within a cluster via the SafeHaven console.
SafeHaven classifies data centers based on the API used for orchestration of recovery operations and recognizes the following five data center types.
For Clauses 2-5 immediately above, where the data center type is identified as third party, the following additional conditions apply: Where Customer is using their own account, Customer is solely responsible for configuring their account(s), using the third party services in a manner that provides security and redundancy, including enhanced access controls, encryption and backup, and ensuring CenturyLink has all appropriate permissions, credentials and access in order for CenturyLink to perform installation and configuration of SafeHaven. CenturyLink is not responsible or liable for any losses or damages related to the third party services, (direct or via any indemnity) including any liability, losses or damages related to unauthorized access or content or data loss and any losses or damages arising from or related to the installation and operation of SafeHaven on third party systems./p>
For all five data center types above, Customer is fully responsible for performing operations required to control and manage the Service including failover, failback, encryption and data management requirements and other operations documented in these “Disaster Recovery” Knowledge Base articles. Any required network or internet connectivity between any of the data center types listed above is solely the responsibility of the Customer. Customer acknowledges that CenturyLink’s responsibility herein is related to enabling production and recovery environments and storage as detailed herein and such responsibility does not extend to any information, data or content that the Customer may send and/or store within such production or recovery sites. Customer is solely responsible for all data or content, in transit and at rest, whether in the DR or Production environment or in the storage space on disc as detailed in the SRN section below. CenturyLink is not liable for any losses or damages direct or via indemnity related to such data or information including any liability, losses or damages related to unauthorized access or content or data loss.
The SRN is an Ubuntu 16 based lightweight virtual appliance (virtual machine) which transfers and retains production data. This includes all SRNs provisioned within the SafeHaven cluster. Each SRN is associated with a data center as shown in the SafeHaven hierarchy. A given data center may include multiple SRNs. The SRN virtual appliance which is a component of the SafeHaven software is set up to automatically:
SRNs replicate at the LUN level transmitting updated blocks for each Protection Group to a peered SRN in a remote data center. Although each active Protection Group has a replica in only one other site, an SRN may support a set of Protection Groups that each have replica instances in distinct remote data centers.
Customer is responsible for purchasing and providing the following additional storage requirements or CenturyLink may not be able to provide the Service:
A Protection Group is a set of servers and hard disks grouped by SafeHaven that failover and failback together to the same instant in time and are shutdown and brought-up according to a prescribed recovery plan. Each Protection Group corresponds to a distinct set of servers and hard disks replicated to a remote site by SRNs. When protecting a multi-tiered application, administrators should provision a Protection Group that includes the set of all servers and hard disks that participate in the multi-tiered application. SafeHaven is set up to allow the applicable systems to recover via a remote data center with mutually consistent data images as they were at specific instances in time. Each data center within a cluster can include both active Protection Groups and replica instances of remote Protection Groups.
Protection Groups are logical mappings between the production and recovery servers. Protection Groups are created from within the SafeHaven console and users have the choice to either include one or multiple servers inside a single protection group. All the recovery operations are initiated from a Protection Group level.
Write traffic for each protected VM and hard disk is locally and synchronously mirrored within the production data center so that it is written both to the primary data store and also to a local SRN. For Windows Server Operating Systems 2008R2 and later, the SafeHaven local replication agent is employed and in Linux Operating Systems, Rsync is employed.
SafeHaven checkpoints correspond to LUN-level Copy on Write snapshots and are block-consistent representations of a Protection Group at an instant in time.
Open Source Software
DRaaS uses SafeHaven software to employ the relevant open source software. Details of the various components can be found in the Knowledge Base article SafeHaven: Open Source Components. All users of the Service are subject to the terms and conditions of any applicable open source license agreements.
Due to the self-service nature of the Service, upon termination of the SafeHaven DRaaS Services, Customer is responsible for deleting all SafeHaven software, any related cloud infrastructure and components employed to provide the Service and any and all data or content Customer chose to replicate and/or store to an applicable data center while using the Services.
The Service provides the ability to create complex network topologies to securely segment application tiers or entire systems. Using the Control portal, customer can provision private VLANs and delete unused ones. Each customer gets an initial private VLAN to use, and can add more VLANs (for a fee) up to a total of 3 VLANs per account.
The Service provides optional external IP addresses (for a fee). Customers can use Public IP addresses provided by the Service through Network Address Translation (NAT).
By default, all external network access to servers in the Service is turned off by firewall policy. Users may open external access to servers by creating the appropriate firewall policy. Users are responsible for the security implications of the firewall rules they create.
Firewall policies may be created enabling network connections within a data center ("Intra Data Center") and/or network connections across data centers ("Cross Data Center"). Users may specify the Source and Destination accounts in the Control portal, networks/subnets, specific IP address ranges and ports exposed by firewall policies.
A firewall Change Log displaying recent activity is also available on the Firewalls portal page.
The Service uses a data transfer billing methodology for internet bandwidth usage. Outbound network traffic from CenturyLink Cloud to the Internet is metered on a gigabyte transfer basis and there is a gigabyte charge for internet bandwidth. Inbound traffic from the Internet to CenturyLink Cloud is free of charge and not metered. Intra Data Center and Cross Data Center traffic is not charged for or metered at this time.
Each data center with CenturyLink Cloud Services is connected to the Internet via redundant, high-speed connections. Darüber hinaus ist jeder Standort über mehrere Anbieter mit mehreren Internet-Grundnetzen in jeder Anlage verbunden. So kann die Wahrscheinlichkeit von Kunden-Ausfallzeiten bei Unterbrechungen der Betreiber verringert und eine zuverlässigere Verbindung gewährleistet werden.
Standard Client-to-Site VPN
Each customer gets a dedicated VPN server for establishing client access to their cloud network. Users can set up standard client-to-site VPN connections by installing the Open VPN client for Windows or Apple OS X as directed in the portal and in the Knowledge Base.
VPN certificates may be created, downloaded and deleted. VPN settings are editable. VPN servers can be restarted through the Control portal. The maximum number of client VPN connections is 19.
The CenturyLink Cloud platform offers self-service support for configuring gateway-to-gateway, persistent IPsec VPN Tunnels. This model protects communications between two specific networks, such as an organization's main office network and a branch office network, or two business partner's networks. The Control portal supports creating and deleting IPsec VPN Tunnels, but not editing. Users can delete and create IPsec VPN tunnels when a change is needed.
The Services section of the CenturyLink Cloud Control portal provides both platform services and higher level functions that leverage and compliment servers, networks and blueprints. These services include object storage, DNS, site redirect, SMTP relay, load balancer, and backup.
Relational DB Service is a Database as a Service (DBaaS) offering powered by CenturyLink Cloud Servers. Relational DB Service provides immediate access to a MySQL-compatible or MSSQL database instance and includes daily backups. Users have the option to purchase replication for high availability.
Relational DB Service includes:
Relational DB Customers can initiate the following tasks via automation:
Relational DB Customers can use any MySQL/MSSQL client to manage the database instance. For example:
Object Storage is a storage service for digital assets stored in "buckets." The object storage service replicates a single object three times within the selected region. User accounts are created for object storage and given an access key and secret access key. Users can also define bucket access permissions per group and user. The Object Storage service is Amazon S3 compatible so users can use Amazon S3 compliant tools and API commands to access the objects.
The DNS service allows users to purchase a DNS zone and specify time to live. Once the DNS zone is created, resource records can be created, modified and deleted covering A, AAAA, CNAME, KEY, LOC, MX, NS, SOA, SRV and TXT resource record types. This service can be used to create geo-load balancing traffic distribution based on rule set and weighted or geo-targeted definitions. Users can map multiple host names to a single service in order to service multiple websites or map a single host name to multiple machines leveraging simple DNS provided load balancing.
Site Redirect is an option that enables the ability to do a HTTP based redirect of a web site domain name to any URL. Once configured in the Control portal, Site Redirect can take up to 1 hour to replicate the redirection settings.
The CenturyLink Cloud Intrusion Prevention Service ("IPS") is a critical security component for helping to prevent business disruption, securing a cloud environment, and satisfying certain compliance standards. IPS leverages industry-leading technology from Trend Micro. A host-based IPS agent is deployed on a Customer's VM to provide enhanced security protection for customer critical data. The agent uses vendor defined signatures combined with host operating system details to create a unique host-specific configuration policy designed to proactively mitigate potential attacks on the host.
In jeder VM ist eine Standardrichtlinie integriert, die in einem solchen Fall automatisch auf das Betriebssystem des Hosts und auf die installierten Anwendungen angepasst wird. If a vulnerability is identified, the system will log it, take appropriate action, and report on it based on the IPS policy. IPS is provisioned via Blueprints through the Control portal.
The CenturyLink Cloud Service offers both dedicated and shared load balancers. This service is delivered via highly available devices. Shared load balancers are managed through the Control portal, while dedicated load balancers are managed outside the Control portal. The table below provides performance specifications for the load balancing options. Shared load balancers are used by multiple clients within a given data center, so client specific performance may vary.
|Availability||Highly Available pair||Single Instance or Highly Available pair options available|
|Load Balancing VIP Ports||TCP/80 & TCP/443||Any|
|Load Balancing Algorithms||
|Citrix Complete Listing|
|Costing model||per VIP (NLB Group)||Per Device: VPX-200 or VPX-1000 available in both Standard or Enterprise Edition|
|Responsibility for Support & Management||CenturyLink Cloud||Customer via CLI or Web based UI|
HTTP throughput: up to 400 Mbps
Performance is shared among all clients
HTTP throughput: Up to 400 Mbps
SSL encrypted throughput: Up to 400 Mbps
HTTP compression throughput: Up to 350 Mbps
SSL VPN/ICA Proxy Concurrent Users: Up to 1500
New SSL requests/second: Up to 750
|SSL Offloading||Nein||Yes, Customer Configured|
|Health Checks||Yes, TCP and PING||Yes, Customer Configured|
When creating a load balancer group on the shared load balancer, the user can specify the group name, description, port, method, persistence and IP address assignment. Upon creating a load balancer configuration, a Virtual IP (VIP) is assigned and shown to the user.
Available options include:
A log of recent activity, billing summary and bandwidth history is available on the load balancer Overview page in the portal.
The CenturyLink Cloud Simple Backup Service ("SBS") provides secure, file-level backup and restore of your important data. A host-based backup agent is deployed on a Customer's CenturyLink Cloud VM, Bare Metal Server, or a customer-owned and managed host to provide enhanced backup/restore protection for customer critical data. The agent applies policies defined by the customer to store data on the CenturyLink Cloud VM, Bare Metal Server, or a customer-owned and managed host, backs it up to a customer specified storage region over the internet, and retains the data according to the policy.
Runner is a hybrid IT management tool capable of automating infrastructure and providing control of devices in data centers on on-premises. It can also scale infrastructure in any cloud environment.
Powered by Ansible
Simple Control Panel
Focused on Reuse
The CenturyLink Cloud Network Exchange Service provides a secure, high-speed, redundant, private network using a layer 3 based software defined network interface to connect disparate IT environments and devices, including but not limited to CenturyLink Cloud, Managed Hosting, and colocation environments within select data centers, so long as environments are either within the same CenturyLink data center for Managed Hosting and colocation environments; or within the same metropolitan area for CenturyLink Cloud. Network Exchange utilizes the CenturyLink Cloud Control portal for setup and management, coupled with CenturyLink Cloud network automation and pre-deployed network infrastructure.
The Account section of the Control portal user interface provides overall account management functions including governance, user access billing, user interface customization and activity history.
The Information page displays overall customer information including business name, address, contact information and time zone.
The Billing tab provides billing summary information including month to date billing, and the estimate of the current month. The billing history tab shows specific credits and debits against the account. The payment method tab allows customers to update or change payment options and details. The Billing Details tab shows the global discount applied toward the account, purchase order details, monthly commit details if applicable, payment terms and contract expiration date if applicable.
Sub accounts allow separate accounts to be created but maintain a hierarchical relationship between parent and child accounts. This can be useful for control and governance features where different legal entities or lines of business within an enterprise may want their own chargeback information, billing detail and different pools of users for access. This feature is also useful for customers reselling CenturyLink Cloud or using it to deliver SaaS or System Integration activity where customer specific billing history must be maintained.
Multiple subaccounts can be created and there can be multiple subaccounts under subaccounts for businesses with complex resale, governance or access requirements. Parent networks can be shared with subaccounts as well as branding and data preferences passed from the parent to the subaccount. When the subaccount is created, a primary datacenter is also declared as part of the subaccount definition. This primary data center is the default datacenter selected when new resources are created.
The users tab allows Customers to add additional users to their account. Name, email address, and username are required. Additional optional information can also be provided (e.g., title, phone numbers, etc.). CenturyLink Cloud supports Security Assertion Markup Language 2.0 ("SAML") based on Single Sign-On ("SSO") to the Control portal, which provides Customers with control over the authentication of their hosted user accounts and who can access the Control portal. Using the SAML model, CenturyLink Cloud acts as the service provider and Customer acts as the identity provider controlling usernames, passwords and other information used to identify and authenticate users for the Control portal. Customers who wish to integrate CenturyLink Cloud with a single sign-on solution using a SAML based server may do so by clicking the Authentication sub tab and specifying SAML Authentication details including SSO IdP URL, Signing Certificate Key and Encryption Certificate Key.
The CenturyLink Cloud user security model has eight roles that map to unique personas within an organization and help customers apply a least-privilege approach to their cloud environment. The user security model cascades throughout the user interface and v2 API. A user can be part of multiple roles, and the Control portal user interface recognizes which role(s) a customer has and adjusts accordingly. Below is a brief description of each role:
Once a user is created, Area permissions can be applied to the specific user account including Account Admin permissions which give the user full access to all resources and settings on the account, Billing Admin, Domain Admin and Premium Server Admin permissions.
Administrators also have the option to require all users to login via SAML. If enabled, this feature will automatically forward users, who attempt to login via Control portal, to the specified SAML login page. This "forced path" offers greater compliance with enterprise policies. In addition, administrator can toggle this feature to all subaccounts.
The notification page allows the customer to specify specific users as Primary, Secondary, Billing and Billing carbon copy points of contact for CenturyLink.
When user accounts are created, they do not by default have access to the API. An API user account must be created within this page by providing an Email address. The system then generates the API key and password within the portal for API authentication. Webhooks send push notifications to a user specified HTTP endpoint. This prevents a developer from having to constantly poll the API to check status as the CenturyLink Cloud webhook will tell the customer provided URL that a specific event occurred. Webhooks are available for many events including account, server and user creation/deletion/update.
The API is available via both a SOAP (XML) and HTTP (XML/JSON) web services. Software development kits are available for both Java and .Net environments. The API is documented online via the CenturyLink Cloud Knowledge Base.
The Tickets page allows a customer to view open tickets and their status along with create new tickets. Customers can also send an Email to firstname.lastname@example.org to create a new trouble ticket.
The activity history page allows users to pull complete activity history across the account based on date range, specified accounts and subaccounts, or keyword. Users may also download a comma delimited file from the portal to review and parse the account history.
The Settings page allows users to customize the Control user experience by adjusting branding, colors, site footers, DNS, customer support details, legal details, create custom fields, customize Email based notifications and adjust account access to specific data centers. This capability enables customers to make the user experience their own. This is useful for Enterprise customers who want brand the service with their own branding and direct end users to internal IT support teams to be the first point of contact before contacting CenturyLink Cloud support. Reseller and wholesalers can provide create their user experience and hide the CenturyLink Cloud details and branding.
There are three support tiers to choose from: Developer, Professional and Enterprise. Each support tier provides break fix level of support via web tickets to resolve Customer platform related issues. The Professional and Enterprise Support service tiers add phone and chat based support. The response time service level objective for Professional support is one hour while the Enterprise response time is 30 minutes.
Enterprise support requires at least 160 hours of CenturyLink Cloud Service Engineering.
Customers selecting the Enterprise support tier must purchase a minimum of 160 hours or up to 640 hours per month in support of their account. The work shift for each designated resource is 36 hours per week.
Support Tier Comparison:
|Access to forums, white papers, and providing access to the CenturyLink Cloud knowledge base||Ja||Ja||Ja|
|Response SLA||< 8 Stunden||< 1 hour||< 30 Minuten|
|Service management support||nicht zutreffend||Available||Available|
The following table describes list of operational support activities and requests offered across CenturyLink Cloud support tiers that may arise for virtual machines (VMs) provisioned on the CenturyLink Cloud platform.
Support Activities provided for Services and Systems Hosted on the CenturyLink Cloud Platform:
|24x7x365 health monitoring and incident resolution of the CenturyLink Cloud platform’s systems (i.e., physical servers, orchestration systems, virtualization management systems, data center hosting services, network architecture, and storage systems)||Does not include operating systems and/or application performance issues within a Customer’s virtual machine (VM).|
|Data backup||Backups utilizing single node/non-replicated storage and the number of days are determined by the class of storage provisioned.|
|Data/Server restores from backup||Until this is exposed as a self-service feature it will be provided at no cost to Customers.|
|Network latency/interruption within the CenturyLink Cloud platform (e.g., between servers)||CenturyLink will investigate any network latency and/or service interruptions within the Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.|
|Troubleshooting client-based OpenVPN issues||CenturyLink will investigate any network latency and/or service interruptions within the CenturyLink Cloud Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.|
|Troubleshooting point-to-point VPN issues||CenturyLink will investigate any network latency and/or service interruptions within the CenturyLink Cloud Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.|
|DDOS investigation||Commercially reasonable efforts are employed to mitigate, investigate, and resolve DDOS attacks and/or other security intrusions that affect the shared platform.|
|Troubleshooting SafeHaven Performance||CenturyLink will investigate any performance issues for the SafeHaven software inclusive of SRN, CMS and Console.|
|SafeHaven Software updates||Will require re-installation at the current SafeHaven Installation Service task price.|
The Developer support tier is provided at no cost. Professional and Enterprise support are fee-based with a graduated scale based on total platform usage, including services like SW licenses, managed operating systems and managed application services.
The scaled model for support fees is as follows:
The following table provides a sample calculation for Profession or Enterprise support fees based on a monthly invoice totaling 130 USDk. Using the tiered structure above, the support fees would be 8.400 USD.
|Usage Tier||Actual Usage||Rate||Support Charges|
|0 USD-10 USDk||10 USDk||10%||1.000 USD|
|10 USDk-80 USDk||70 USDk||7%||4.900 USD|
|80 USDk-250 USDk||50 USDk||5 USD%||2.500 USD|
|>250 USDk||0 USD||3%||0 USD|
The CenturyLink Cloud Service Engineering function provides personalized support services including:
Service Engineering is available in 20, 40, 60, 80, 160 and multiples of 160 hour blocks per month. In order for Customers to achieve the Enterprise SLA, at least 160 hours per month of Service Engineering must be purchased. Customers purchasing 160 hours of Service Engineering are required to commit to a one-year service term for the personalized support. Standard Professional or Enterprise support uplift fees also apply. Service Engineering is not available to customers who choose the Developer level of support. Service Engineering hours must be used on a monthly basis and unused time does not rollover to the following month. In the event a customer requires hours in addition to the block of hours purchased, an hourly Service Engineering fee will be applied for hours used beyond the monthly block.
Customers who purchase Service Engineering in less than 160 hour blocks can submit support requests around the clock to the shared pool of engineering resources, however consultative related requests need to be scheduled in advance. Customers who purchase 160 hours or greater blocks of time are assigned a designated person per 160 hour increment within the Service Engineering team as a primary point of contact. This primary point of contact will works a specified shift based on the Customer's needs. Consultative requests are performed during that shift. The 160 hour block of time assumes a designated point of contact working 40 hours per week with a four week per month average and Services are performed evenly throughout the month CenturyLink will begin staffing of 160 hour block resources when Customer orders Service Engineering and may take up to two months to hire personnel.
CenturyLink Cloud Service Engineers are CenturyLink Cloud platform oriented and are knowledgeable on cloud solution architectures but are not operating system or application layer experts. Customers who desire expertise for operating systems or applications are encouraged to purchase Service Management Technical Service Engineers where expertise is available for Windows, RedHat, Database and Applications.
CenturyLink can also provide integrated fee-based Service Management for Customers considering Professional or Enterprise Support tiers.
The Service Management Service offers personalized support relationships for Customers of CenturyLink Cloud and other CenturyLink Services. Service Management Client Service Partners assist customers with business lifecycle management and customer experience. Technical Service Engineers provide operating system and application layer expertise across CenturyLink Cloud and traditional managed hosting solutions.
|Feature||Designated TSE and CSP|
|TSE hours allocated||20, 40, 60, 80 or 160 hours per month|
|CSP hours allocated||Minimum 8 hours per month|
|Quarterly reviews||Included (expect travel expenses)|
There are several Service Management tiers to choose from based on designated resources for specific hours per month. Designated resources include a Technical Service Engineer (TSE) and a Client Service Partner (CSP). For pricing, please contact your CenturyLink account executive.
The designated Service Management (TSE and CSP) and CenturyLink Cloud Service Engineering team will work closely with Customer’s staff to proactively assist on deployment, development, and IT issues with CenturyLink Cloud technologies and works to address issues in an effective way.
CenturyLink Cloud offers individual Service tasks to assist with ad hoc requests for technical services like VM Imports, Data Import/Export, Usage Reporting, Disaster Recovery Testing, and more. Service tasks can be purchased on an hourly basis. A complete list of available Service tasks and pricing can be found at CenturyLink Cloud Pricing. Aufträge werden während der Geschäftszeiten (von 9 a. m. bis 5 p. m. PST) durchgeführt.
A Technical Account Manager ("TAM") is a customer advocate and lifecycle business partner for CenturyLink Partners and Customers utilizing CenturyLink Cloud.
Key activities for each TAM include:
Designated TAM engagements are available to Professional and Enterprise support level customers on a case-by-case basis. Customers may also utilize TAM services for a fee on an as-needed basis.
In the event Customer initiates a service request not described in the Support Activities table in the support section the request will be considered as a professional services request and CenturyLink reserves the right to charge the customer for such requested Services at then current rates or as identified in Customer’s applicable support contract.
Internal VIP: A VIP on a dedicated load balancer. This will always be an internal IP.
IP: The IP used for the Virtual Server. A VIP includes both an IP and a port. Separate VIP's are required for multiple ports used with the same IP.
LUN Copy on Write: Logical Unit Number (LUN) is a unique identifier used to designate individual or collections of hard disk devices for address by a protocol associated with an iSCSI interface. A snapshot of a storage volume is created using the pre-designated space for the snapshot. When the snapshot is first created, only the meta-data about where original data is stored is copied. No physical copy of the data is done at the time the snapshot is created. Therefore, the creation of the snapshot is almost instantaneous. The snapshot copy then tracks the changing blocks on the original volume as writes to the original volume are performed. The original data that is being written to is copied into the designated storage pool that is set aside for the snapshot before original data is overwritten, hence the name "copy-on-write".Nach oben