1. No category

Check our Service Level Agreement

NUCLEUS UPTIME LEVEL AGREEMENT & SERVICE PACKS Table of contents
1. About Nucleus ............................................................................................................................ 3 Healthy grower .............................................................................................................................. 3 Hosting Solution Builder .................................................................................................................. 3 2. References ................................................................................................................................. 4 3. Our Network .............................................................................................................................. 5 Description .................................................................................................................................... 5 Advantages.................................................................................................................................... 6 4. Our datacenters.......................................................................................................................... 7 Locations ....................................................................................................................................... 7 Description .................................................................................................................................... 7 Advantages.................................................................................................................................... 9 5. Security ................................................................................................................................... 11 Physical security of the equipment................................................................................................. 11 Network security .......................................................................................................................... 12 Monitoring the access rights at Nucleus ......................................................................................... 12 ISO 27001 ................................................................................................................................... 14 6. Uptime Level Agreement ........................................................................................................... 16 6.1. Physical security ................................................................................................................. 16 6.2. Power ................................................................................................................................ 16 6.3. Automatic climate control .................................................................................................... 17 6.4. Fire protection and water detection ...................................................................................... 18 6.5. Network infrastructure & connectivity ................................................................................... 18 7. Availability................................................................................................................................ 19 7.1. Measuring method .............................................................................................................. 19 7.2. Quality and availability connectivity ...................................................................................... 19 7.3. Availability bandwidth ......................................................................................................... 19 7.4. Availability of the supplied services ...................................................................................... 20 7.5. Availability support ............................................................................................................. 20 8. Service Packs ........................................................................................................................... 21 8.1. Review............................................................................................................................... 21 8.2. Summary ........................................................................................................................... 23 8.3. Critical versus non-critical support........................................................................................ 23 Versie 4.1 (20150401) - Page 1
8.4. Paid or free support? .......................................................................................................... 24 8.5. 24/7 emergency number ..................................................................................................... 24 8.6. Response period ................................................................................................................. 24 8.7. Solution Goal ...................................................................................................................... 25 8.8. Updates and patches .......................................................................................................... 25 8.9. Server management ........................................................................................................... 26 8.10. Infrastructure monitoring .................................................................................................. 26 8.11. Basic monitoring ............................................................................................................... 26 8.12. Advanced monitoring & trending ........................................................................................ 27 8.13. Trending surveillance ........................................................................................................ 28 8.14. External Monitoring ........................................................................................................... 28 8.15. Backup check ................................................................................................................... 28 8.16. Restores........................................................................................................................... 28 8.17. Alert handling ................................................................................................................... 29 8.18. Traffic reporting................................................................................................................ 29 8.19. Resource use .................................................................................................................... 29 8.20. Incident reporting ............................................................................................................. 30 8.21. Root Cause Analysis .......................................................................................................... 30 8.22. Report analysis and executive summary ............................................................................. 30 8.23. Advanced services ............................................................................................................ 30 9. Delivery and installations ........................................................................................................... 32 9.1. Delivery server ................................................................................................................... 32 9.2. Software installation ........................................................................................................... 32 10. Acceptable Use Policy .............................................................................................................. 33 10.1. Access to the systems ....................................................................................................... 33 10.2. Abusing the server ............................................................................................................ 33 11. Compensations and statutory provisions ................................................................................... 34 11.1. Compensation when not realising the ULA .......................................................................... 34 11.2. Difference between ULA and service pack description .......................................................... 34 11.3. Submitting the claims ........................................................................................................ 34 11.4. Relationship with general terms and conditions ................................................................... 35 Versie 4.1 (20150401) - Page 2
1. About Nucleus
Healthy grower
Since its start in 2000 Nucleus has obtained a place at the top of the Belgian hosting
companies. Our strength? The expertise of a small committed team. They are all specialists in
their field of expertise who work complementarily.
In the first place Nucleus wants to be a healthy company. No cowboy ways. A sensible policy in
the operational and financial field. Stability on the balance sheet and in the racks.
Hosting Solution Builder
Nucleus is a hosting solution builder. We cannot formulate this any better.
•
•
•
Hosting: The alpha and omega, our core business. Nucleus offers hosting and all things
related to this. If there is no connection with hosting, we will not be involved.
Solution: The background of the company managers is in consultancy. First listen, then
speak, then take action. We identify the problems which (could) emerge and seek the
optimal solution.
Builder: Nucleus stands for a hands-on approach. Both in the field of software and
hardware we are not afraid to soil our hands. We therefore do not depend on external
technicians. This means that we can deliver tailor-made work for our clients. Efficient
and effective.
Versie 4.1 (20150401) - Page 3
2. References
Nucleus manages more than 1,600 servers divided over 4 datacenters.
Below we show some of our clients, because it shows you that we have experience with
working with large and small companies, private companies and the government, IT and other
sectors, …
Versie 4.1 (20150401) - Page 4
3. Our Network
Description
A double redundant dark fibre ring connects the datacenters in Nossegem, Antwerp, Zaventem
and Diegem.
The first ring connects Nossegem, Zaventem and Diegem. The second ring includes Antwerp,
Zaventem and Diegem.
All locations have redundant 10Gig Ethernet connections on this dark fibre ring, so that our
network throughout the four datacenters form one logical network. Failover solutions in a
multidatacenter approach are made possible in this way.
In InterXion Zaventem and LCL Antwerp our backbone ring is connected with several national
and international TIER1 providers. In order to always be able to offer sufficient capacity all
these connections are equipped with at least 10GE uplinks. The network is also peered with all
large providers in the largest hub of Europa through NL-IX and AMS-IX. These uplinks and
Versie 4.1 (20150401) - Page 5
peerings are evaluated on a regular basis. When selecting these uplink providers of peering
connections we will always let the quality (latency etc.) prevail.
If you want to let your solution at Nucleus be part of your own private network between, for
example, various locations, we can also offer different solutions here. For example, Nucleus has
partnerships with Proximus (Explore), Eurofibre, Destiny, Mobistar. Other providers are also
always possible.
The border routers in Zaventem and Antwerp are Juniper MX routers, with a total routing
capacity of 480 gigabit/s. The core and distribution switches are fully connected with multiple
10Gig Ethernet connections.
Clients can be connected from redundant distribution switches to multiple connections. For
example, Nucleus can guarantee all requirements regarding bandwidth, however large.
Each colocation datacenter is also equipped with redundant Juniper firewalls which can be
switched on as a shared firewall for those who also want to subcontract the security to Nucleus.
Besides this shared firewall solution it is also possible to install numerous dedicated firewall
solutions for your project.
Advantages
•
•
•
•
•
•
Virtual Ethernet possible between datacenters
Location non-bound IP network
Backbone by the company itself
Several TIER1 as uplink
High bandwidth routing
Optimal security for your hosting solution
Versie 4.1 (20150401) - Page 6
4. Our datacenters
Locations
At present Nucleus operates from four datacenters: Antwerp, Nossegem, Diegem and
Zaventem.
Nossegem and Antwerp are completely equipped as high density datacenters.
This datacenter is owned by Mobistar and is located along Leuvensesteenweg in Nossegem.
The Antwerp datacenter is situated in the North Trade Building, Noorderlaan 133 in Antwerp.
Diegem is equipped as a network datacenter. Diegem is also our location where we connect our
fibre network to various uplink providers. After all, Diegem has more than 50 carriers. The
datacenter is owned by LCL and is located at Kouterveldstraat in Diegem.
Zaventem is our second location in our Brussels ring. Here we only develop colocation services
after an explicit request and do not have an own suite. The aim of this POP is to guarantee the
full redundancy of our network. After all, Zaventem also has more than 50 uplink providers to
which we can connect, including the known BNIX hub.
Zaventem is operated by InterXion and is located at Wezenbeekstraat in Zaventem.
Description
Own suites
In Nossegem and Antwerp we have our own suites. This means that we can check everything
within our own space ourselves: each cable is placed under our supervision and we can
therefore place installations and connections without any restrictions.
Strict security
All our racks and rack compartments are locked with individual combination locks. Clients who
use shared colocation or dedicated servers only have access after a request and under
supervision. Clients who have dedicated racks or compartments, have independent 24/7 access
on the basis of previously defined access lists.
All buildings and spaces are fully monitored by all kinds of access and alarm systems.
Nossegem and Zaventem are monitored 24/7 by a security agent on the spot, while Diegem
and Antwerp are under surveillance of a video room.
Versie 4.1 (20150401) - Page 7
It is obvious that there are also extensive movement detection systems and camera surveillance
systems through a CCTV system. At the same time there are also extensive fire detection,
extinguishing and water detection systems.
Cold contained corridors create high density
In our datacenters we work with the principle of cold contained corridors (sometimes also called
aisles). In this set-up a double row of racks is always arranged as a closed island. The middle
corridor is closed by automatic doors along both sides and is under pressure of cold air.
The hot air is therefore blown this island at once outside by the servers and sucked off again
alongside the outside above. Inside in the racks we strictly monitor the use of blinding panels in
order to avoid that cold air mixes with hot air.
This method of working has numerous advantages: high density (until 32 amperes per rack),
whereby we guarantee that servers at the top in the racks are also cooled sufficiently, but at
the same time are used less (your fans have less work) and your servers have a longer life.
For these systems we rely on Minkels, which does not only supply high-quality material to us,
but is also involved in designing our rooms, so that they can make use of their worldwide
expertise in arranging data center rooms in an efficient way.
The cooling of the air is guaranteed by redundant air-conditioning units. The control units of the
air conditioning are double in our suites. The cooling takes place outside by a whole battery of
chillers, whereby various chillers may fail without any problems for the datacenter. This
therefore also implies transparent maintenance.
Extensive power supplies
The Brussels datacenters are all arranged according to the 2N principle regarding their power
supply. Antwerp has been built up according to the N+1 principle.
Each building has two separated high-voltage lines, each of which has an own transformer and
is fully redundant. That is to say, if one transformer would fail, the other transformer is
powerful enough to fully power the datacenter.
From there the power goes to two separated UPS rooms. Each UPS room has been built
redundantly, so that each separate UPS is sufficient in itself to power the double circuits. This is
not only handy when the external electricity network fails, but also when maintenance has to be
performed. This is always planned for each UPS separately.
In Antwerp the situation is slightly different: there are 3 UPSs in 1 room (1 UPS per circuit and
1 as a backup for both active UPSs).
Versie 4.1 (20150401) - Page 8
The UPS rooms are not only connected to the double transformers, but are also back-upped by
at least 4 emergency generators, of which in principle only 2 are necessary to keep the
datacenter in operation. They are tested monthly under a full load, so that surprises are
excluded.
A circuit leaves from each UPS room. This A+B arrangement is continued up to each rack. Each
rack is separately fused. If there are smaller compartments all compartments are even fused.
This gives you a guarantee, in contrast with other providers, that you cannot be a victim in your
quarter rack of a short-circuit of your neighbour.
With compartmented racks all cables, both the power and network cables, are fully separated
from the other racks.
Network cabling of the new generation
All cabling between the core and distribution switches as well as to the individual racks consists
of CAT6A/10GigE cabling.
We decide to prepare our internal backbone for 10 gigabit Ethernet, that we can not only
comply with high bandwidth requirements on our fibre network, but also for your switch or
servers. However, if you also need fibre connections, we can also build this for you tailor-made.
Due to the expansion of our distribution switches and the VRPP protocol, we can give each
switch a redundant uplink, without you having to apply extensive configurations yourself or
place complex and unreliable voltage tree switches. Just plug in two Ethernet cables and you
can start, Nucleus will do the rest.
Due to our own fibre network we can also offer you a virtual Ethernet connection between
Nossegem and Antwerp. We will give you an extra Ethernet cable along both sides and your
both locations will act as one virtual LAN.
It is obvious that we make extensive use of VLAN’s to separate your traffic from other traffic, so
that you can always have the best guaranteed uplink speed.
As a standard all our connections are burstable up to 1 gbit/s.
Advantages
•
•
•
•
•
Own suites for more flexibility
Extensive security measures
High density, up to 32A per rack
Cold contained corridors
Qualitative Minkels racks
Versie 4.1 (20150401) - Page 9
•
•
•
•
2N+1 power supplies
Double redundant network
CAT6A/10GigE cabling up to the racks
Separate fuses per rack compartment
Versie 4.1 (20150401) - Page 10
5. Security
Physical security of the equipment
The datacenter is 24/7 guarded by a security team on the spot.
This team makes rounds and has a CCTV system which monitors the perimeter around the
building, as well as all accesses and passageways.
The entrance itself is closed with gates and a barrier, which is operated by the security agent.
Access to the building is only possible by persons who have been placed on the access list in
advance. Nucleus manages this access list for its suite.
Furthermore, the building is equipped with access and movement detectors.
The suite itself is equipped with fire and water detection systems. Fire is combated on the basis
of Argon gas. The gas supply is sufficient to fill the entire building in one go.
The suite itself is filled with a cold contained aisle racks. Each rack is locked with an individual
combination lock at the front and back. Its code is only known by the competent persons.
Each individual server is equipped with sensors which detect unauthorised opening. It is also
detected when the power is removed (and therefore switched off).
The functioning of the servers is also checked by an external monitoring system. In case of
failure of a component, our NOC will be informed automatically at once, 24/7.
Versie 4.1 (20150401) - Page 11
Network security
Another aspect of security is what goes to the servers through the internet.
Optionally we work with a double security:
First of all, the perimeter is monitored. The redundant Juniper Firewalls have been placed near
the border routers. These physical firewalls are suitable for inspecting high traffic in depth.
These firewalls provide protection as follows:
• Flood attacks: detection of superfluous traffic of one of several origin points if these
certain parameters are exceeded. In a cascade of counter measures these attacks are
blocked automatically and reported to the NOC. If necessary, the NOC will then
nullroute such origins to definitely guarantee the traffic to the network.
• Scans: IP and port scans are detected very fast and the traffic coming from such scans
will then be blocked from access to the network during a random period. Repeated
attempts of the same origin may result in a longer blockage of this origin.
• Intrusion Detection: based on the renowned system of Juniper itself it is checked
whether there is intrusion in masked packets on the basis of in-depth scanning of the IP
packets. In case of detection they are blocked and reported at once.
• Access control: clients who take this option can obtain certain access rights through
VPN. The VPN tunnels are then terminated on the Juniper firewalls which can set up
fully IPSEC compliant tunnels with other branch connection points, also of other brands.
By using high-level Juniper technology these tunnels can be set up with AES encryption
without loss of network speed.
Setting and configuring the security may only be done by Nucleus staff that has been trained
and authenticated for this purpose.
Monitoring the access rights at Nucleus
We apply a central access policy. A central authentication server manages the access rights of
each individual staff member. Revoking rights of an employee therefore takes place on a central
basis and can be done with one push on the button.
Managing this central security is the responsibility of both managing partners. The second
highest clearance is reserved to the senior system engineers. Only the above-mentioned
persons can delegate rights to others.
Each individual employee of Nucleus has included the following provision in its employment
agreement:
During the term of this agreement and after its termination the employee is obliged to
not provide any reliable information or confidential procedures and programs regarding
Versie 4.1 (20150401) - Page 12
the functioning and policy of the company to third parties, irrespective of its importance
and possible impact.
Confidential information refers to the details, data, programs or procedures which are
not known to the public, or which can be known to others through an illegal action.
This clause regarding the confidential handling of data also applies to the data and
documents received by the company as part of its work for clients. This information is
owned by clients and may never be used for other purposes than those for which the
company received an assignment. They may never be made available to non-accepted
third parties.
The labour regulations also clearly state the following:
At the company the following actions, amongst others, are considered as serious
shortcomings which make all forms of professional cooperation impossible at once
and definitely:
•
[…]
•
violation of business secrets;
•
[…]
•
violation of business secrets of clients.
We attach much importance to this and our employees know that this violation will be
sanctioned at once. If they cause damage, to us or the client, they will be prosecuted.
Since we started we never have had to make use of these provisions.
Versie 4.1 (20150401) - Page 13
ISO 27001
Nucleus has had an ISO 27001 certificate since June
2014. This quality label is the result of an extensive external
audit in the field of Security Management. We therefore
offer our clients an extensive guarantee for the security of
their hosting solution bij Nucleus.
ISO/IEC 27001:2005 is part of the growing family of
ISO/IEC 27000 standards. ISO/IEC 27001:2005 is a
standard regarding an Information Security Management
System (ISMS) and was published in October 2005 by the
International Organisation for Standardization (ISO) and by
the International Electrotechnical Commission (IEC).
The norm specifies requirements for establishing, implementing, carrying out, monitoring,
assessing, updating and improving a documented Information Security Management
System (ISMS). The ISMS has been designed to guarantee the choice of adequate and
proportional security measures that protect the information and give confidence to
interested parties.
The ISO 27001 standard regards all aspects of data protection:
1. Policy-related (management)
2. Organisational (responsibilities)
3. Operating assets (infrastructure, network, systems and other operating assets)
4. Staff (company rules, errors, theft, fraud, abuse)
5. Physical (locks, fire protection)
6. Communication and operation (managing systems, processes and procedures)
7. Access control (logical & physical)
8. System and software development and maintenance (documentation, processes)
9. Incident management (anticipating and responding to security problems)
10. Continuity (disaster provisions)
11. Regulations (Computer Crime Act, Personal Data Protection Act)
ISO 27001 requires that the management:
•
•
•
systematically investigates the security risks of the company and makes others
aware of the threats, weaknesses and their impact;
designs and implements a coherent and comprehensive system of security control,
so that all forms of risk management (such as risk avoidance) and the risks which
are considered to be unacceptable are tackled;
introduces a coordinating management process to constantly to monitor the evolving
security risks.
Versie 4.1 (20150401) - Page 14
The advantages of ISO 27001 are:
•
•
•
•
It is an expansion of the general quality system to include everything related to
security;
It offers an opportunity to map and manage all risks in connection with IT systems;
Creates confidence with and a guarantee of a sound security management for
commercial partners and clients;
Offers an independent audit of all procedures related to security.
Versie 4.1 (20150401) - Page 15
6. Uptime Level Agreement
Nucleus has rooms in four different carrier neutral datacenters: Antwerp (LCL), Nossegem
(Mobistar), Zaventem (InterXion) and Diegem (LCL). These datacenters are all equipped with
UPS (Uninterruptable Power Supply), an emergency power generator, automatic climate
control, fire detection, temperature control, access control, circuits and network connections.
Nucleus sees to it that the facilities are extended redundantly.
In Nossegem and Antwerp we have our own suites. This means that we can check everything
inside our own rooms ourselves: each cable is placed under our supervision and we can
therefore place installations and connections without any restrictions.
6.1.
Physical security
Our datacenters are guarded 24/7 by an external security company. There is also camera
surveillance and movement detection in each room.
Access to the datacenter is either checked though electronic access, or through checks by the
security agent. Access is only allowed by persons who are reported individually on the access
list.
All our racks and rack compartments are locked with individual combination locks. Clients who
make use of shared colocation or dedicated servers only have access after requesting this and
under supervision. Clients who have dedicated racks of compartments have the same
independent access 24/7 on the basis of previously defined access lists.
6.2.
Power
The datacenters are all arranged according to the 2N principle regarding their power supply.
According to the 2N system, there are two separated high-voltage lines, each of which has an
own transformer and is fully redundant. That is to say, if one transformer would fail, the other
transformer is powerful enough to fully power the datacenter.
From there the power goes to two separated UPS rooms. Each UPS room has been extended
redundantly, so that each separate UPS is sufficient in itself to power the double circuits. This is
not only handy when the external electricity network fails, but also when maintenance has to be
performed. This is always planned for each UPS separately.
The UPS rooms are not only connected to the double transformers, but are also back-upped by
at least 4 emergency generators, of which in principle only 2 are necessary to keep the
datacenter in operation. They are tested monthly under a full load, so that surprises are
excluded.
Versie 4.1 (20150401) - Page 16
In Antwerp the situation is slightly different: there are 3 UPSs in 1 room (1 UPS per circuit and
1 as a backup for both active UPSs) and 1 emergency generator.
A circuit leaves from each UPS. This A+B arrangement is continued up to each rack. Each rack
is separately fused. If there are smaller compartments all compartments are even fused. This
offers you a guarantee, in contrast with other providers, that you cannot be a victim in your
quarter rack of a short-circuit in another compartment.
With compartmented racks all cables, both the power and network cables, are fully separated
from the other racks.
6.3.
Automatic climate control
In our datacenters we work with the principle of cold contained corridors (sometimes also called
aisles). In this set-up a double row of racks is always arranged as a closed island. The middle
corridor is closed by automatic doors along both sides and is under pressure of cold air.
The hot air is therefore blown this island at once outside by the servers and sucked off again
alongside the outside above. Inside in the racks we strictly monitor the use of blinding panels in
order to avoid that cold air mixes with hot air.
This method of working has numerous advantages: high density (until 32 amperes per rack),
whereby we guarantee that the servers at the top in the racks are sufficiently cooled, but at the
same time are used less (your fans have less work) and your servers have a longer life.
For these systems we rely on Minkels, which does not only supply high-quality material to us,
but is also involved in designing our rooms, so that they can make use of their worldwide
expertise in efficiently arranging data center rooms.
The cooling of the air is guaranteed by redundant air-conditioning units. The air conditioning in
our suites has double control units. The cooling takes place outside by a whole battery of
chillers, whereby various chillers may fail without any problems for the datacenter. This
therefore also implies transparent maintenance.
The cooling of the air is guaranteed by redundant chillers. The air conditioning in our suites has
double control units. This therefore also implies transparent maintenance.
The cooling of the rooms guarantees that the inlet temperature of the equipment never
fluctuates very fast and remains below the critical point of the servers (18-28° Celsius). At the
same time the air humidity is normalised (35-65%).
Versie 4.1 (20150401) - Page 17
6.4.
Fire protection and water detection
All suites are equipped with extensive detection and smoke, fire and water combatting systems.
The detectors can be found on top and below the floor.
The necessary alarm systems give an adequate response in order to prevent fire or water
seepage.
6.5.
Network infrastructure & connectivity
We decided to prepare our internal backbone for 10 gigabit Ethernet, so that we can not only
comply with high bandwidth requirements on our fibre network, but also for your switch or
servers.
The Nucleus network is built up on the basis of two connectivity POP’s (Zaventem and
Antwerp). Because of the geographic distribution of both POP’s we offer the guarantee that we
are independent from similar fibre backbones.
The border routers are Juniper MX routers, with a total routing capacity of 480 gigabit/s.
The core and distribution switches consist of Juniper and Cisco equipment.
As a standard all our connections are burstable up to 1000 mbit/s.
Each colocation datacenter is also equipped with redundant Juniper firewalls, which can be
switched on as a shared firewall for those who also want to subcontract the security to Nucleus.
A double redundant dark fibre ring connects the datacenters in Nossegem, Antwerp, Zaventem
and Diegem. The first ring connects Nossegem, Zaventem and Diegem. The second ring
includes Antwerp, Zaventem and Diegem.
All locations have redundant 10 gigabit Ethernet connections on this dark fibre ring, so that our
network forms one logical network throughout the four datacenters.
In InterXion Zaventem and LCL Antwerp our backbone ring is connected with several national
and international uplink providers.
The Nucleus network is also connected with the AMS-IX and NL-IX. The Amsterdam Internet
Exchange (AMS-IX) is the most important internet hub of the Netherlands and the second
largest one in the world.
Versie 4.1 (20150401) - Page 18
7.
Availability
7.1.
Measuring method
For the calculation of the availability, Nucleus applies the following formula
𝑨
∗ 𝟏𝟎𝟎
(𝑻 − 𝑺)
Whereby
A = the actual availability of the service, expressed in minutes, as measured by the Nucleus
monitors
T = total number of minutes in the month in question
S = number of minutes scheduled downtime
Scheduled downtime = each announced maintenance to the service in question. Nucleus always
must announce this maintenance at least 5 working days in advance, unless it is necessary to
intervene at once in order to not interrupt the general service or because security reasons.
7.2.
Quality and availability connectivity
The availability of the Nucleus network is measured both inside and outside the own network.
The network is considered as unsuitable when more than 1.5% packet loss is established from
these contact points.
Nucleus also guarantees that the average latency on its network within Europe will be 90 ms or
less and will be 200 ms or less on the transatlantic part.
Nucleus reserves the right to carry out urgent interventions on the network when required.
Nucleus cannot be held responsible by Denial of Service for attacks from outside its network.
Average latency on the European Nucleus network
Average latency on the transatlantic Nucleus network
Average packet loss on the Nucleus network
7.3.
<= 90 ms
<= 200 ms
<= 1.5%
Availability bandwidth
Nucleus always guarantees sufficient burst capacity on its uplinks.
Every 5 minutes Nucleus measures the average speed on its network. Nucleus guarantees at
least an overcapacity of 30% on the average of the top 5% measurements.
In this way we do not guarantee an extra capacity above the average, but the certainty of extra
peak capacity on top of the already measured peaks.
Availability bandwidth
>= 30% compared to top 5% peaks
Versie 4.1 (20150401) - Page 19
7.4.
Availability of the supplied services
At Nucleus we do not apply complex ULA’s for the various components. You purchase a service
from us and you want to be sure that it is available. What difference does it make that your
server cannot be accessed because of a cooling or a network problem.
The guaranteed availability is laid down for each service in the following way:
shared hosting
DNS
colocation
dedicated server
Open Cloud
VMWare Cloud
7.5.
ULA
best effort
99.95%
99,90%
99.25%
99.50%
99.97%
Max unavailability
per month
not applicable
22'
44’
5hr30
3hr40
13’11”
Availability support
Our support services are available for everybody during office hours (Monday-Friday from
09.00-18.00 hours).
The emergency number is available 24/7 for all clients with a colocation, dedicated server or
Open/VMWare cloud server contract.
Versie 4.1 (20150401) - Page 20
8.
Service Packs
8.1.
Review
24/7 emergency number
Including support
Critical support
Response period
Solution goal
Non-critical support*
Response period
Solution Goal
Operations
Update & patch
management
Server management
Monitoring
Infrastructure
Basic monitoring
Advanced monitoring
Trending graphs & alerts
Trending surveillance
External monitoring
Essentials
þ
Essentials+
þ
Managed
þ
Managed+
þ
Infrastructure
Infrastructure
Unlimited
Unlimited
<2hrs
<4hrs
<30’
<1hr
<15’
<30’
<15’
<30’
NBD
RE
<8hrs
<16hrs
<4hrs
<8hrs
<1hr
<2hrs
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
Alert follow-up
By the client
By Nucleus 24/7
Reports
Traffic use
Resource use
Incidents
RCA
Report analysis &
executive summary
Advanced services**
Security testing
Penetration testing
Stress testing
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
þ
Versie 4.1 (20150401) - Page 21
þ = included
RE = Reasonable Effort
NBD = Next Business Day
* only during office hours
** upon request
Versie 4.1 (20150401) - Page 22
8.2.
Summary
Our Service packs can be divided into two groups:
• Unmanaged servers: Essentials and Essentials+
• Managed servers: Managed and Managed+
With the Essentials service pack you manage your server yourself, but in Essentials+ you can
count on a better response period and extra services.
For Managed and Managed+ clients we manage the servers without any support restrictions.
We provide a total solution. This implies updating and monitoring your server (updates,
patches, monitors, monitoring alerts, security, …) every day as well as supporting our clients
with regard to server management. Advice and DevOps support is also included.
Major changes such as architecture changes or a rearrangement of the structure are not
included in the daily functioning of the server and will be carried out at a remote-hands rate.
Architectural changes may include: change from Apache to Nginx, change of database server,
Varnish installation, structure OTAP environments, …
The Managed and Managed+ packs therefore include all that concerns the correct functioning
of the server. There will not be any additional costs for having your server function normally.
Contacting our support for small adaptations, emergency interventions and daily advice will not
cost anything extra for Managed and Managed+ clients.
8.3.
Critical versus non-critical support
Critical support includes matters that block the corrected functioning of the server and require
attention at once in order to guarantee a sound service and functioning. This is defined by
Nucleus as: defects in the datacenter infrastructure, the Nucleus network, the hardware and the
server services which result in a proved unavailability of the supplied services.
The services which are described in chapter 6, such as network, hardware, cooling, … are
obviously monitored 24/7. Support will be given at once if a failure is established there.
All other questions with regard to matters that do not result in unavailability of the supplied
services are by definition non-critical questions. They include (non-imitatively):
• all questions in the connection with the use of the offered services;
• software support;
• configuration changes (which are not necessary to solve a critical problem);
• orders & deliveries.
Critical support must always be requested by phone (extra information can obviously be
provided by email, such as logs, extra information, …). If critical support is only requested
through email, the baseline measurement for the response period will only start from the
moment that an employee confirms that he has opened the ticket (and therefore not merely
through an automatic acknowledgement of receipt of the ticket).
Versie 4.1 (20150401) - Page 23
Non-critical support can both be requested by phone or by email.
8.4.
Paid or free support?
All work and costs connected to solving failures which are covered by the ULA (see chapter 6
on page 16), are non-paid services.
If a client reports a failure through the emergency number which is not covered by the ULA,
this will be reported to the client and the option will be offered to further handle this ticket as
2nd line support, whether or not this is paid support according to your service pack.
The services which are stated in the summary table (see point 8.1) as included, are non-paid
services or already included in the fixed monthly price.
In brief, it means that Essentials and Essentials+ are unmanaged packets, whereby you
yourself guarantee the management of the server or rely on our services at payment of the
hourly rate that you can find in your contract.
Managed and Managed+ imply that Nucleus will take all actions to manage your server, without
any restrictions under a Fair Use Policy1.
8.5.
24/7 emergency number
As a dedicated server, Open or VMWare server client you also have access to a 24/7 number, to
which you can report critical failures.
The person on the line is a qualified system engineer who has been trained to answer all your
questions. So there are no unnecessary waiting times through a call center and escalation of
tickets.
You can always find your emergency number in your online control panel.
8.6.
Response period
The response period gives you a guarantee about when a qualified employee will answer your
ticket.
These times vary according to the critical/non-critical nature of the ticket and the service pack
that you purchased with your server.
1
For Managed and Managed+ service packs there is no restriction on the number of hours of support
offered by us. However, we reserve the right to restrict the supplied support if you deviate more than
50% from the average use of our support services per service pack. You will be informed about this in
advance.
Versie 4.1 (20150401) - Page 24
Critical support must always be requested by phone (extra information can obviously be
provided by email, such as logs, extra information, …). If critical support is only requested
through email, the baseline measurement for the response period will only start from the
moment that an employee confirms that he has opened the ticket (and therefore not merely
through an automatic acknowledgement of receipt of the ticket).
For non-critical support the measurement only runs during office hours. For critical support the
measurement runs from the correct application of the problem, 24/7.
The measurement of the response period ends as soon as an employee starts to work on the
ticket.
8.7.
Solution Goal
It is difficult to give an absolute guarantee for recovery periods in the IT sector. They greatly
depend on the established problem.
However, the objective is that the recovery period should not exceed the initial response period,
that is to say with regard to offering a work-around solution, except when a restore has to take
place. Since a restore of a backup greatly depends on the amount of data, the moment that the
restore procedure has started is regarded as the point of recovery for a restore of a backup.
The Solution Goal is therefore the guaranteed period that we offer you a solution, which either
concerns a correction of the problem or a solution with which you can continue your work
temporarily.
8.8.
Updates and patches
Every month your server is checked to see whether the Operating System and the software
designated for maintenance and installed by Nucleus have to be updated.
The standard maintenance window for this is every Tuesday morning between 05.00 and 07.00
hours. Critical updates are installed within 24 hours, after informing the client.
Patch management is performed at Nucleus by qualified personnel who log-on into your server
itself and carry out the updates and then check to see whether they were installed successfully.
The correct functioning of the server is also checked. So we do not make use of a one-size-fitsall solution, whereby updates are centrally deployed on all servers in an automatic way.
One week before we plan to place updates on your system you will be informed through an email (technical contact persons). You then have 6 days to postpone these updates to a later
moment, if that suits you better. You will also be informed when we have finished the updates
on your server.
Versie 4.1 (20150401) - Page 25
8.9.
Server management
For Managed and Managed+ clients we manage the servers without any support restrictions.
We provide a total solution. This implies updating and monitoring your server (updates,
patches, monitors, monitoring alerts, security, …) every day as well as supporting our clients
with regard to server management. Advice and DevOps support is also included.
Major changes such as architecture changes or a rearrangement of the structure are not
included in the daily functioning of the server and will be carried out at a remote-hands rate.
The Managed and Managed+ service pack therefore includes all that concerns the correct
functioning of the server. There will not be any additional costs for having your server function
normally. Contacting our support - both for small adaptations, emergency interventions and
daily advice will not cost anything extra for Managed and Managed+ clients.
8.10. Infrastructure monitoring
The entire Nucleus infrastructure is monitored 24/7 by our Network Operating Center. This
includes the work for all common infrastructure, such as datacenter infrastructure (including
power and cooling) and the Nucleus network (including all Nucleus switches, routers and
uplinks).
A failure of one of these components will result in an alarm which will be considered as critical
at once, without informing the client.
Servers and equipment of the client himself are not covered by infrastructure monitoring.
8.11. Basic monitoring
Basic monitoring includes monitoring the functioning of the server of the client. Basic
monitoring is performed agentless, so completely on an external basis.
The following services are tested every 30 seconds, if applicable and if requested by the client:
• ICMP (ping) + packet loss
• POP3, IMAP and SMTP
• http(s)
• SSH/remote desktop
• TCP port checks (indicated by the client)
• RBL Blacklist checking
• Forward/Reverse DNS match on server IP
At most 15 services can be checked for each basic monitoring pack.
The client can offer unlimited email addresses and at most 3 GSM numbers to which an alert
can be sent (through email and SMS).
Versie 4.1 (20150401) - Page 26
If the client has a Managed(+):
• the alerts are monitored 24/7 by Nucleus;
• the alerts which result in critical support are monitored at once, without the requirement
of informing the client. The client will be informed later about the actions taken by
Nucleus;
• if required, the alerts can also be sent to the client.
In other cases the client is responsible for informing Nucleus (considering the provisions
regarding critical/non-critical & paying/non-paying support).
8.12. Advanced monitoring & trending
Advanced monitoring includes basic monitoring plus the following matters (if applicable):
• CPU load (alert > certain load)
• Disk capacity (alert with certain % free space)
• Memory load (alert > certain load)
• Content check of a certain webpage
• Detail-checks per service (for example, MySQL, Apache, Nginx, PHP, Memcached,
Lighttpd, Mailqueues, …)
Advanced Monitoring takes place on the basis of an agent, software which must be installed
your server. If you have a Managed(+) service pack, this will be done by our services and we
guarantee its functioning. For Essential+ service packs the client must install this himself on the
instruction of Nucleus and Nucleus cannot offer a guarantee on the functioning of this agent.
The client can give unlimited email addresses and at most 3 GSM numbers to which an alert
can be sent (through email and SMS).
The client also has a login on the monitoring system whereby diagrams can be consulted of the
monitors, so that the trend over the past months can give a prediction about the required
resources in the future.
For Managed and Managed+ clients it applies that Nucleus will also intervene when the
advanced monitoring indicates a problem with resources, where or not in the near future.
If the client has a Managed(+):
• the alerts are monitored 24/7 by Nucleus;
• the alerts which result in critical support are monitored at once, without it being
necessary to inform the client. The client will be informed later about the actions taken
by Nucleus;
• if required, the alerts can also be sent to the client.
In other cases the client is responsible for informing Nucleus (considering the provisions
regarding critical/non-critical & paying/non-paying support).
Versie 4.1 (20150401) - Page 27
8.13. Trending surveillance
For Managed+ clients a system engineer of Nucleus will examine and interpret the diagrams
and reports every month and offer advice in the medium and long term.
In this way you can be sure that you can plan for further expansions on time. In addition, you
can be sure that if certain reports use may refer to a possible problem, this will be examined by
a system specialist who will take action, if necessary.
8.14. External Monitoring
Upon request Managed+ clients can also make use of the external monitoring of the uptime of
at most 3 services per department.
Nucleus believes in transparency and in the quality of our services and proves this by its
external checks.
This external monitoring agency is appointed by Nucleus as a third party and an independent
party. Nucleus does not have any links with this external monitoring service and does not give
any guarantees regarding their service, but obviously will select a service provider with much
experience and who is worthy of your trust.
8.15. Backup check
This section only applies to the Managed and Managed+ service packs.
This check includes investigating whether the planned backup procedures have worked and the
backups were concluded with a confirmation (an OK).
If there is an error report on the backup routine, this error will be examined. If it concerns a
critical failure, the backup will be carried out again.
If this backup check is not included in the service pack, the client remains fully responsible for
checking the backup and Nucleus does not assume any responsibility for whether a possible
restore correctly or not.
This backup check includes the check on all backups which are offered in the contract, such as
the online backup (data backup) and/or the snapshot backups2.
8.16. Restores
Nucleus can restore a backup upon request of the client or in the event of a serious failure.
2
Snapshot backups are only possible on cloud servers.
Versie 4.1 (20150401) - Page 28
If this is not included in the service pack, this will be done in the form of paid support. If it is
included is in the service pack, the number of restores per month is limited to two. Extra
restores are available as paid support.
Nucleus is not responsible for the correct functioning of the restores when the backup check is
not included in the purchased services (see point 8.15).
8.17. Alert handling
The alerts generated by the monitoring are monitored by:
• the client in case of Essentials+ pack
• Nucleus in case of a Managed and Managed+ pack
Alert handling means that Nucleus for Managed(+) service packs will do all that is necessary to
monitor and solve the problem according to the current response periods and solution goals.
This service applies to Managed(+) service packs 24/7. After establishing the problem a
classification will be made according to the principle of critical or Non-critical support and this
will be handled accordingly.
8.18. Traffic reporting
Through the control panel each client can receive a summary of the incoming and outgoing
traffic for the IP’s allocated to him.
This summary offers a measurement per 5 minutes in the form of a diagram and a table. There
is also a summary of the top 10 per protocol.
These figures only measure the traffic that is actually routed to and from the internet. It does
not measure the internal traffic.
These figures are accepted by all parties as the only correct figures with regard to establishing
the used volume, which may result in additional invoicing if more was used than what was laid
down in the contract.
A summary of these figures is also stated in the monthly report.
8.19. Resource use
Resources are measured with an agent, which is software that must be installed on your server.
If you have a Managed(+) service pack, this will be done by our services and we guarantee its
functioning. For Essential+ service packs the client must install this himself on the instruction of
Nucleus and Nucleus cannot offer a guarantee regarding the functioning of this agent.
The report of the resource use will be published in your monthly report and concerns the
reporting of the advanced monitoring.
Versie 4.1 (20150401) - Page 29
8.20. Incident reporting
In the monthly report you will receive a summary of all support tickets that were opened.
This reporting includes the ticket number, the date, the status and a brief summary.
Details of the tickets can always be consulted online 24/through your control panel.
8.21. Root Cause Analysis
A root cause analysis is carried out in case of serious security incidents.
A first system engineer will describe the problem, together with the steps taken and the
necessary suggestions to solve the problem permanently.
A second system engineer will check these findings and draw the necessary conclusions and, if
required, confirm the steps to be taken.
This entire phase is also included in your monthly report.
8.22. Report analysis and executive summary
Each month a senior system admin will check all tickets and RCA’s.
On the basis of this he draws up an executive summary of what has happened, which steps
have been taken and of the KPI’s of the service pack.
It is even more important that this senior system admin keeps an overview of your project and
seeks improvements proactively on the basis of the reporting and also recommends them in the
executive summary.
8.23. Advanced services
Our Managed+ clients can be guaranteed that our service packs greatly differ from other
service packs.
Upon request and in consultation with the client we can carry out extensive tests, with a
maximum of twice a year. These tests may involve security, penetration testing and load
testing.
These tests are carried out by our own qualified personnel on the spot.
On the basis of these tests an extensive report will be drawn up and the results will be
discussed with you during a conference call, together with the security officer and senior
system engineer involved.
Versie 4.1 (20150401) - Page 30
This security test can be extended to a full OWASP-10 testing & reporting, providing this is
done in the form of a supplement.
Versie 4.1 (20150401) - Page 31
9.
Delivery and installations
9.1.
Delivery server
As a standard a dedicated server is supplied within two weeks and a cloud server within 48
hours. Colocation installations usually take place within one week after the order.
Departures from these normal delivery times cannot be a reason for a breach of contract if this
has been discussed with the client on time.
Nucleus cannot be held responsible for delayed deliveries by its suppliers, but will always
communicate about this as soon as information is available.
9.2.
Software installation
With the delivery Nucleus will install the Operating System as selected by the client, according
to the specifications which were established by mutual consultation. For the installation of a
new server an employee of Nucleus will contact the technical staff-member of the client to
discuss the delivery.
Installations of software, such as a standard LAMP environment or a standard Windows/MSSQL
environment, are also part of the set-up.
The subsequent configuration and/or installation of accompanying software will be done by the
client or upon request by Nucleus under the prevalent support rates or accompanying credits of
the first month.
Versie 4.1 (20150401) - Page 32
10. Acceptable Use Policy
10.1. Access to the systems
Nucleus reserves the right to have access to all systems that are placed in its network without
prior permission. This will only be done for check and maintenance. Nucleus will hereby always
act with due care and diligence and always treat the content of the systems of the client
confidentially, unless a court order forces Nucleus to take other actions.
10.2. Abusing the server
If Nucleus receives reports about any abuses regarding the server of the client, Nucleus is
entitled to block the access of the server to the internet at once and without prior warning, if
there are serious indications that the report is founded. An attempt will first be made contact
the client before proceeding with this action, however if this is not done this cannot result in
suspending this step to be taken in any way whatsoever.
Examples of abuse include:
• Sending spam
• Carrying out attacks on other systems (both within and outside the Nucleus network)
• Hosting phishing sites
• Hosting copyright material without permission of the entitled party/parties.
• Hosting child pornography
• Using the server in illegal actions
• Hosting malicious code
• …
The internet connection will be suspended until the client takes action to stop the challenged
actions.
When the server of the client is under fire of a network attack, Nucleus will also reserve the
right to block the traffic from and to the IP’s of the client on its border routers. However, this
will only be done in special cases if the stability of the Nucleus network is at risk and/or if other
clients are inconvenienced.
All costs caused by abusing the server will be recovered from the client.
Versie 4.1 (20150401) - Page 33
11. Compensations and statutory provisions
11.1. Compensation when not realising the ULA
As stipulated in the general terms and conditions in the contract, Service Levels are calculated
as indicated in point 7.1.
Unless laid down otherwise in the contract, the credit points are calculated as follows:
A = (L – P)
If
A ≤ 0.5%
0.5% < A ≤ 1%
1% < A ≤ 2.5%
2.5% < A ≤ 5%
A > 5%
In this case the penalty is the following percentage of Q
5%
10%
15%
25%
50%
A =departure from the contractually laid-down percentage of availability
L = the contractually laid down percentage of availability
P = the actual percentage of availability
Q = the charges which have been laid down contractually for the service in question according
to which this availability is calculated.
As laid down contractually in the general terms and conditions, the granted credit will never
exceed 50% of the subscription of the service in question.
11.2. Difference between ULA and service pack description
The service pack description shows the guarantees on our service. The ULA shows the uptime
of the product. The guarantees that are given within a service pack description can never be
stricter than the ULA of the underlying product. In other words, when a solution goal of 30’
applies according to the service pack description, but the underlying product has an ULA with a
maximum unavailability of 44’, the calculation will only be based on the lowest guaranteed
figure.
11.3. Submitting the claims
All claims with regard to the given service levels must be sufficiently motivated and sent to the
registered office of Nucleus within 15 days after the occurrence of the failure in a registered
letter.
Versie 4.1 (20150401) - Page 34
11.4. Relationship with general terms and conditions
This document will be read as a technical commercial supplement to the contract and will not
affect the terms which are included in the contract itself. This document contains a general
description of the services supplied by Nucleus.
Departures are only valid if they are accepted by both parties as an addendum to the contract.
Versie 4.1 (20150401) - Page 35

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz