VMware - vSphere 5.5
The CenturyLink Cloud Control Portal provides a high degree of self-service provisioning, management and automation capabilities, allowing customers to take full control of their cloud infrastructure. This unique, proprietary interface allows customers to self-provision capabilities such as: Server Deployment, Resource Management, Scheduling, Grouping, Scripts, Blueprints (automation), Firewall, and Networking.
Additional self-service capabilities are released frequently.
This is a metric we monitor very closely. We tend to operate between 30-40% of available capacity across all dimensions (compute, memory, storage, and bandwidth). This level provides adequate “headroom” to ensure that spikes and bursts of activity don’t impact customers.
Each node is deployed with an architecture that supports the very rapid addition of compute and storage resources. This provides elasticity and simplifies capacity planning.
For CenturyLink Private Node (CPN), Service Engineering staff capacity plan along with customers, to ensure compute and/or storage is added as needed.
All of our nodes are deployed in tier 3 class (or higher) data centers. This means each node is equipped with multiple independent distribution paths, redundant hardware, and N+1 configuration of all critical infrastructure components, including chillers and HVAC systems, UPC backup and generator systems.
More information on our data centers can be found here: https://www.ctl.io/data-centers.
More on compliance can be found here: https://www.ctl.io/compliance.
Since our platform is virtualized, customers are able to perform most “remote hands” functions (i.e. a hard reboot) via our Control Portal. Additional managed services – including OS and applications – are available in selected datacenters. For more information, refer to: https://www.ctl.io/managed-services.
Most of our data centers are deployed in carrier neutral facilities. Additional details regarding specific carrier options in specific locations are available upon request.
Most of our data centers are deployed in carrier neutral facilities. As a result, customers have multiple options for direct connectivity, as well as blended transit across many carriers for reliable, consistent connectivity.
The CenturyLink Cloud supports many operating systems, including open-source and commercial offerings. An updated list can be found in this Knowledge Base Article.
Customers may upload their own customized images, as long as they map back to one of the supported operating systems.
Severs are provisioned through the Control Portal or via API. Depending on the OS template selected, and any post-provisioning tasks added by the user, virtual servers are usually live within minutes.
In a worst-case scenario, all VMs on the affected physical host will be automatically migrated to a running host in the cluster and restarted. Often, we will receive an alert when a physical server is having issues. Then, we are able to use the vMotion tool to move the server to another host and avoid any downtime for the customer.
Yes, we use vMotion and Storage vMotion for these tasks.
CenturyLink has scheduled maintenance windows to perform updates. All VMs would be vacated off of the host prior to performing the updates, using vMotion. With this approach, the customer experiences no disruption.
For virtual servers, there is no user-accessible local storage on any host — all storage is provisioned from SANs. Hyperscale and bare metal instances, however, do have local storage.
Every customer VLAN is logically isolated. CenturyLink also uses a dedicated management network for platform services.
The CenturyLink Cloud platform provides a "utility" billing model, where customers are able to scale resources up or down as they need. Customers are charged on an hourly basis.
For virtual machines, customers may specify the number of virtual CPUs, memory and storage that they need and are charged on an hourly basis for each of those dimensions. Customers are not forced into a pre-cast "instance" sizes.
At any time, customers can scale one or more of those dimensions (adding or removing compute and storage resource as needed). This provides a much more cost-effective and flexible platform. Additional services are available as well, including third-party software licensing, load balancing, DNS management, etc.
Most of our utility-based services (VM compute, memory and storage, and applicable licensing) are calculated on an hourly basis. Stopped or Paused virtual machines are only charged for their allocated storage; they are not charged for CPU or memory while in this state. Other services may have fixed monthly charges or utilization based (for example, public Internet bandwidth is charged on a per GB-out basis) and all customers are billed in monthly cycles.
There are various charges depending on the state of the server.
We do have a nominal charge for physical connections into any of our nodes, and cross-connect fees can apply, depending on the location. More information on this task, as well as our other service tasks, can be found here: https://www.ctl.io/service-tasks.
Yes. Customers can connect to the “meet me” room in each data center, and a cross connect can be arranged from there.
No. However we handle Route Advertisements with the VPN tunnel.
Yes, via our upstream transit providers.
Customers may deploy any database that runs on Windows and Linux platforms.
VMs may be provisioned with up to 16 vCPUs, 128GB RAM, and up to 4 TB of storage (in 1 TB increments). We offer a max of 10 Gbps network connectivity.
All cloud storage is high performance; our standard tier of storage is a hybrid SSD/SATA solution.
CenturyLink Cloud has scheduled maintenance windows to perform updates as described. All VMs would be vacated off of the storage prior to performing the updates, avoiding downtime.
The Snapshotting capability is provided through the Control Portal. Refer to this knowledge base article for details: http://centurylinkcloud.com/knowledge-base/servers/creating-and-managing-server-snapshots/.
Yes, archival services are provided through the Control Portal.
Customers have several options for BC and DR. Some are available from CenturyLink directly, while other options are available from partners. Those services are detailed in this knowledge base article.
All CenturyLink Cloud data centers are connected either by private link or via persistent VPN tunnels used for replication and platform communication.
Our operations team monitors availability, performance and capacity across our physical infrastructure and sub-systems. In addition, we monitor network services, and review log data as needed.
As mentioned previously, our NOC is virtualized with resources located worldwide.
The list of supported monitors may be found here: http://centurylinkcloud.com/knowledge-base/network/monitors-that-are-supported/.
These monitors may be enabled upon request.
Please refer to this knowledge base article for details: http://centurylinkcloud.com/api-docs/v1#overview.
Broadly speaking, users may accomplish the same functions via API that can be completed in the Control Portal UI.
Users may do this to VMs at any time. Some operating systems require a reboot, while others do not.
Yes, customers may choose from our Windows and Linux templates, or create and upload their own.
Our report library is accessible through the Control Portal. Customers may run a series of reports (down to the VM level) that show different performance and utilization metrics over any time period.
Billing data is provided two different ways:
Yes, we have performed these services for a number of customers. Each migration varies greatly, depending on the types of workloads involved and the customer’s internal expertise.
Some customers have simply "re-created" their VMs from scratch on our platform, while others have brought over their existing VM images (in a *.ovf format).
Our Blueprints tool has helped some customers on-board to CenturyLink from other platforms, ultimately alleviating the cost and complexity associated with third-party cloud management products.
This is described in our SLA, online at https://www.ctl.io/legal/sla.
Our support is 24x7.
Within the Control Portal, customers may use reporting tools to examine the performance and availability metrics of a given VM, or Group of VMs.
These reports include data from the Platform, including CPU utilization, memory utilization, and bandwidth. Data for the last 12 months is available.
Customers are usually notified at least 3 business days in advance of planned maintenance activities, via email.
Customers may create an unlimited number of support tickets from within the Control Portal - either via email, live chat, or phone. Each ticket is assigned a unique tracking number for future reference. Additional details on how support tickets are handled are available in our SLA.
Please visit our support page for options.
The NOC is virtualized with resources located in Bellevue, WA; Salt Lake City, UT; and London.
Our operations team is composed of two groups. The Operations Team triages the customer requests specific to their environment. The Platform Team is responsible for the operational management of the overall platform and underlying infrastructure.
Issues not resolved by the Operations Team are escalated to the Platform Team for investigation and resolution.
Each customer is allocated a VLAN with a 10.x.x.x network assignment. Customers may add additional VLANs for a monthly fee. The customer may then configure firewall rules between them, without limits or costs. This knowledge base article describes the process: http://centurylinkcloud.com/knowledge-base/network/connecting-data-center-networks-through-firewall-policies/
Two ways. The first is a client-based VPN that we offer free to all customers. This approach allows them to VPN into their private CenturyLink Cloud network to perform administrative tasks.
Secondly, we can establish a site-to-site VPN between CenturyLink Cloud and the customer’s on-premise resources and users. From there, users may then administer resources via this dedicated VPN.
Yes. Our Open VPN solution is configured to use a certificate. A second factor may be implemented with an additional authentication layer (i.e. LDAP). This knowledge base article describes this capability: http://centurylinkcloud.com/knowledge-base/network/configure-two-factor-authentication/
Yes, the Control Portal allows for role-based permissions controlled at three levels: Area, Resource, and Entity.
Read this knowledge base article for more details. http://ctl.io/knowledge-base/accounts-&-users/user-permissions/
We have several options, including IPSEC VPN, MPLS, or direct connect. This article explains in more detail: http://ctl.io/knowledge-base/network/network-access-options-for-connecting-to-centurylink-clouds-platform
Logical access to CenturyLink's cloud systems, applications, and data is limited to properly authorized individuals, and user rights are kept to a minimum.
The CenturyLink Cloud Platform Team controls network and server passwords. Security engineers assign all system passwords. The Platform Team is responsible for maintaining data integrity and determining end-user access rights.
All access granted to systems, applications, and data is password protected using role-based security. Auditing is implemented on all systems, where possible, to track a variety of events, including but not limited to, security access violations, application, and database access.
Read more at our cloud security page, https://www.ctl.io/cloud-platform/cloud-security.
We employ our unique defense-in-depth approach. This spans from IDS and IDP services provided at the edge, all the way through to isolation and security policies and protocols based on industry best practices.
CenturyLink maintains a SSAE 16 audit certification, most recently completed in June of 2013. The auditor’s opinion is available upon request. What security-related services do you provide?
The CenturyLink Cloud platform leverages carrier-class Juniper SRX firewalls with VLAN tagging, IDP and IDS. We are also able to provide full Nessus security vulnerability scans of every customer environment, then collaborate as needed to fix any identified vulnerabilities.
Only CenturyLink employees have physical access to our private cages within any of our data centers. Customers are able to "visit" these facilities as part of an escorted tour.
Each datacenter is protected by carrier-class firewalls providing IDS and IPS services. We mitigate any DDOS attacks with these tools, as well as those provided by our upstream network providers.