Updated: March 13, 2018
Developer, operations and IT finance teams have different tools and priorities, which can sometimes lead to losing sight of the business benefits of different cloud platform options.
Cloud Application Manager allows organizations to do more with their clouds by driving collaboration between the spheres of influence within enterprise IT – Developers, IT Operations and Finance into a common team workspace, where they focus on modeling workloads, managing them through their lifecycle, and optimizing costs against each business initiatives.
From one interface, you can purchase and deploy Public Cloud services, as well as manage your Private Cloud deployments. The entire team can track the lifecycle costs of your cloud deployments, from one common interface. Our model-driven architecture can automatically configure, deploy, scale, or update new and existing applications. Users can leverage the experts at CenturyLink to monitor and manage the health and stability of your workloads.
The primary capabilities of Cloud Application Manager focus on:
Cloud Application Manager is available in one of two commercial models – the Cloud Edition (SaaS) or the Data Center Edition (a virtual appliance that runs on-premises in the customer's data center or any other location including public cloud environments).
Cloud Application Manager allows users to integrate with their existing Authentication systems. Cloud Application Manager support the following authentication mechanisms:
|Application Lifecycle Management||
|Managed Services Anywhere||
|Cloud Optimization & Analytics
AWS and Azure Resale
The Application Lifecycle Management capability allows customers to model their infrastructure and applications in Cloud Application Manager once and deploy to any of the supported environments. Customers can choose to model their application in a cloud agnostic fashion or use one of the cloud provider’s native modeling templates like AWS Cloud Formation Template or Azure Resource Manager template. Once applications are deployed using the templates, customers can manage the lifecycle of the application, auto-scale the infrastructure, update/patch their applications without down-time and replicate them across environments.
Application Lifecycle Management also has a Continuous Integration and Continuous Deployment (CI/CD) plugin that can be configured to invoke policies in Cloud Application Manager and update their applications and infrastructure residing in the underlying provider platforms, on every code release. Customers can choose to use this functionality even without having to run the bill through Cloud Application Manager.
The Auto-Discovery feature for instances running on AWS, Azure and CenturyLink Cloud infrastructure provider(s) enables visibility of resources that have been previously running. Once a provider is configured, Cloud Application Manger discovers all of the virtual machine instances in that environment and lists them for the user. At that time, a virtual machine instance can be selected and imported. Users register an existing instance so that the lifecycle can be managed within the Cloud Application Manager platform.
Managed Services Anywhere (MSA) allows customers the ability to delegate management of devices, applications and cloud environments with a click of a button to CenturyLink’s highly trained and experienced support teams. MSA provides tools and automation which allow our support teams to manage customers’ infrastructure, applications and cloud provider services on AWS, Azure, CenturyLink Cloud (CLC), CenturyLink Dedicated Cloud Compute (DCC) and CenturyLink Dedicated Cloud Compute Foundation (DCC-F). Customers can choose to have CenturyLink manage their workloads which includes monitoring, patching and remote administration. CenturyLink offers managed services for the operating system and white-labeled applications running on CenturyLink Cloud, AWS, Azure, CenturyLink DCC and CenturyLink DCC-F.
MSA is enabled within the Cloud Application Manager once a user delegates management to CenturyLink. The standard features of MSA includes deployment, configuration, administration, monitoring, maintenance and support for the CenturyLink-supported operating systems, applications and cloud provider native features. By selecting the MSA service, the customer agrees to a CenturyLink management appliance that is a managed server which runs within the environment being managed (CLC, AWS or Azure). There may be associated usage fees applied from the cloud provider of choice.
The table below describes the typical operational support definition. When the customer initiates a service request for tasks that are not described in the tables below, CenturyLink reserves the right to charge the customer on an hourly basis for a requested task. Please contact your CenturyLink account executive for service charge details.
CenturyLink will provide support for the following license types for instances that are designated for MSA:
The Managed Services Anywhere is available when a workload is deployed on the following platforms:
|Monitoring and Alerting||
The CenturyLink developed monitoring service (Watcher) enables host, service, and application monitoring of customer environments. The Watcher service utilizes an intelligent agent deployed to all managed VMs including the CenturyLink Management Appliances. Monitoring policies are centrally configured and maintained by CenturyLink certified cloud engineers.
CenturyLink’s Watcher uses both agent based and provider integrations to collect metrics and generate alerts.
Upon detection of any alerts, CenturyLink will immediately initiate automated or manual remediation through our 24x7x365 support desk. CenturyLink will retain primary notification and resolution responsibilities for all automated environment alerts. Where required, a Customer technical contact will be notified.
CenturyLink provides 365x24x7 support to perform systems administration tasks on the customer’s behalf.
CenturyLink will maintain administrator-level access to all managed VM instances.
CenturyLink Management Appliance is deployed within customer’s cloud environment (AWS - VPC or Azure - Virtual Network)
For public sector scenarios, CenturyLink has the ability ensure that US persons-only with restricted access are assigned to an account. This request needs to be made at the time of order and account setup. Contact your CenturyLink account exec for more details.
|Maintenance and Support||
CenturyLink provides access to live support for managed services (24 hours per day, 7 days per week, and 365 days per year) and will respond to notifications of service interruptions.
Patch and Update Management: With support available for all critical and vendor-recommended patches, CenturyLink ensures only such patches are installed. Customers have full control to define when and if CenturyLink should schedule their patching cycles. CenturyLink’s automated system tracks the change request, performs the patch management and provides reports.
Patch Releases: CenturyLink certifies, approves, bundles and delivers Service Packs, Cumulative Updates and Hotfixes for installation in Customer’s environment.
Amazon Web Services (AWS) and Microsoft Azure Patch Releases: CenturyLink delivers provider Service Packs, Cumulative Updates and Hotfixes for installation in Customer’s environment. Customers have full control to define when and if CenturyLink should schedule their patching cycles. CenturyLink’s automated systems tracks the change request, performs the patch management and provides reports.
Change Management: All changes to the operating systems are subject to CenturyLink’s change management process. This process ensures that work is reviewed for completeness (risk assessment, completed test procedure, metrics for measuring progress, back out procedure, etc.) and accuracy prior to scheduling and implementation.
Access is provided to operating system-level change data performed by CenturyLink personnel, along with robust ITIL-based internal change control. CenturyLink will perform changes on behalf of the customer on the defined instances and tracks all the changes for auditing purposes. Customer is responsible for contacting CenturyLink support and requesting the installation of patch releases.
Maintenance Windows: All times listed under Schedule Maintenance Windows are local times and subject to change. CenturyLink will use commercially reasonable efforts to perform routine maintenance only during off-peak maintenance windows.
CenturyLink takes full responsibility for vendor licenses on CenturyLink Cloud (CLC), CenturyLink Dedicated Cloud Compute and CenturyLink DCC Foundation.
CenturyLink takes full responsibility for the user policies, administration and password management enforcement of cloud provider accounts configured within Cloud Application Manager.
CenturyLink secures the OS with industry-standard anti-virus protection, regular virus and malware signature updates, and additional OS-level hardening to mitigate risk on CenturyLink Cloud (CLC).
CenturyLink will also ensure that it is within the guidelines of various cloud providers.
* Managed services delivered by CenturyLink do not support the underlying Hyper-V virtualization host features of Windows Server 2012 Datacenter or Windows Server 2016 Datacenter. Hyper-V hosts that are provisioned up on the Windows 2012 R2 Datacenter or Windows 2016 Datacenter instance will not be monitored or supported under standard CenturyLink’s Managed Services Anywhere services. Contact your sales team to discuss alternatives for support of Windows Hyper-V host implementations.
Cloud optimization reduces overhead cost via automation while centralizing billing across public cloud platforms. CenturyLink is an authorized Reseller of Amazon Web Services (AWS) and Microsoft Azure (Azure). For customers who procure AWS and Azure through CenturyLink, CenturyLink provides consolidated billing, cost optimization, spend analytics, chargeback and best practice recommendations.
CenturyLink provides Consolidated Billing of Amazon Web Services (AWS) and Microsoft Azure (Azure) services for customers who bought those services from CenturyLink.
CenturyLink provides Platform Support on Amazon Web Services and Microsoft Azure for customers who bought those services from CenturyLink. The scope of the Cloud Application Manager Platform Support model can be found here.
Cloud Application Manager Customers who bought Amazon Web Services through CenturyLink can use the Optimization and Analytics service. As part of Optimization and Analytics service, customers get the following reports on their AWS accounts.
Cloud Application Manager customers can migrate their existing AWS accounts to CenturyLink or setup new AWS accounts. Customers can add a new “Provider” and select Amazon Web Services as the provider type. Customers are then presented with three different options:
Once customers choose to migrate an existing account (option “2”) or create a new account (option “3”), customers will be presented with AWS Reseller Terms and Conditions. After accepting the Terms and Conditions, the customer’s existing account is migrated or a new account is created based on the selected option.
Additionally, customers who choose to migrate an existing account (option “2”) are required to be fully hardened per the CenturyLink guidelines. This level of service also includes consolidated billing, cost analytics, account security configurations, platform support and operational access for CenturyLink experts.
Customers who select option "3" will always receive full hardening, described above.
Once the AWS account is configured and setup, customers can then deploy infrastructure and manage their applications and infrastructure using the Application Lifecycle Management module within Cloud Application Manager.
Fully hardened, customer AWS accounts created within or migrated into CenturyLink’s reseller program must comply with security best practices and allow operational access. When accounts are created or on-boarded, CenturyLink must initially be given programmatic access to accounts to enable security-related configuration and to permit appropriately-permissioned, CenturyLink employee access. Any credentials provided by the customer to CenturyLink for this purpose will be deleted by CenturyLink after account creation or onboarding. The following steps will be taken during onboarding:
Customer-owned data about security events will be stored within the customer account and will be retained for the duration of the contract.
Per AWS recommendations, the customer access to cost and spend data via the account will be restricted. This data will be provided at no additional cost through Cloud Application Manager’s Cloud Optimization and Analytics module.
CenturyLink will take all the steps necessary to prevent unauthorized access to the customer’s account. Operations staff will have permission to review configurations within the account but will not have permission to add, change, or delete resources. Service Management staff will be enabled to act on the customer’s behalf as an administrator but will not do so unless specifically designated as a part of a Service Management agreement. CenturyLink development will maintain the ability to make changes to the account as best practices change or the configurations are in conflict with Customer’s business. CenturyLink will take all the necessary steps to ensure these roles are enabled continuously or until the end of the contract. Should the customer leave CenturyLink’s care, Customer will be able to remove these policies and roles. Customer will retain access to migrated accounts that existed prior to the migration.
Cloud Application Manager customers can migrate their existing Azure accounts to CenturyLink or setup new Azure accounts. Customers can add a new “Provider” and select Microsoft Azure as the provider type. Customers are then presented with three different options:
Once customers select between migrating an existing account (option “2”) or creating a new account (option “3”), they will be presented with Azure Reseller Terms and Conditions. After accepting the Terms and Conditions, the customer’s existing account is migrated or a new account is created based on the selected option.
Once the Azure account is configured and setup, customers can then deploy infrastructure and manage their applications and infrastructure using the Application Lifecycle Management module within Cloud Application Manager.
CenturyLink will take all the steps necessary to prevent unauthorized access to the customer’s account. In order to complete migration of existing Azure accounts to CenturyLink, Customer must give access to a CenturyLink user on their existing subscription(s) and provide that user the Owner role so that resources can be transferred. This is a meta-data change and causes no downtime and does not affect connectivity. Once the change has been made, CenturyLink Operations staff will have access to review configurations of the resources in the account and create tickets on the customer’s behalf. Customer will not be able to create tickets directly with Microsoft, but Microsoft may be able to reach out to Customer as a result of the ticket.
The following service description applies to SafeHaven version 5.0. The service description for SafeHaven version 4.0 can be found at SafeHaven Disaster Recovery as a Service 4.0.
SafeHaven system components follow a structural hierarchy in the following order:
Each SafeHaven cluster can service up to 64 data centers. The data centers may be any combination of dedicated data centers and Cloud virtual data centers. Each data center within the cluster can include both active Protection Groups and replica instances of remote Protection Groups.
The SafeHaven console is a rich Java client application which should be installed on all desktop or laptop computers that will be used for SafeHaven administration. All communication between the SafeHaven console and the CMS are encrypted over SSL. Administrators can perform point-and-click recovery operations upon individual virtual machines, groups of servers and data drives, or entire data centers. Recovery operations include:
Central Management Server (CMS)
Each SafeHaven cluster includes a single active CMS. The CMS is a SafeHaven virtual appliance that:
Data Center Layer
The data center layer includes the set of data centers provisioned within the SafeHaven cluster.
SafeHaven classifies data centers based on the API used for orchestration of recovery operations and recognizes the following four data center types:
This layer includes all SRNs provisioned within the SafeHaven cluster. Each SRN is associated with a parent data center as shown in the SafeHaven hierarchy. A given data center may include an arbitrary number of SRNs. The SRN virtual appliance is responsible to:
SRNs replicate at the LUN level transmitting updated blocks for each Protection Group to a peered SRN in a remote data center. Although each active Protection Group has a replica in only one other site, an SRN may support a set of Protection Groups that each have replica instances in distinct remote data centers.
Additional storage requirements:
A Protection Group is a set of servers and hard disks grouped by SafeHaven that failover and failback, together to the same instant in time and are shutdown and brought-up according to a prescribed recovery plan. Each Protection Group corresponds to a distinct set of servers and hard disks replicated to a remote site by a parent SRN. When protecting a multi-tiered application, administrators should provision a Protection Group that includes the set of all servers and hard disks that participate in the multi-tiered application. SafeHaven is set up to allow the applicable systems to recover via a remote data center with mutually consistent data images as they were at specific instances in time.
Write traffic for each protected VM and hard disk is locally and synchronously mirrored within the production data center so that it is written both to the primary data store and also to a local SRN. For Windows Server Operating Systems 2008R2 and later, the SafeHaven local replication agent is employed and in Linux Operating Systems, Rsync is employed.
SafeHaven checkpoints correspond to LUN-level Copy on Write snapshots and are block-consistent representations of a Protection Group at an instant in time.
Cloud Application Manager usage will be a metered on an hourly consumption that is billed monthly. Each of the three primary services will be billed at varying rates rolled up under the Cloud Application Manager and consolidated on a single CenturyLink bill (including the Azure and AWS usage). The customer will contract with CenturyLink on a single schedule that covers each of the services below.
Virtual Appliance (Data Center Edition only)
Fixed charge per month for unlimited usage.
|Application Lifecycle Management
(Cloud) Edition only)
Per hour per instance deployed on the Cloud Application Manager platform.
|Managed Services Anywhere||
Per hour per instance managed.
|Cloud Optimization & Analytics for AWS||
Based on usage. The most recent usage update from AWS is collected at 10am GMT on the last day of the month and an invoice is generated on the first day of the following month. The remaining usage between 10am GMT and Midnight GMT on the last day of the month is charged in arrears in the following month’s invoice.
Example: January usage is collected up to 10am GMT on Jan 31st and an invoice is generated on Feb 1. Charges for the last 14 hours of January 31st will appear on the March 1st invoice as arrears.
|Cloud Optimization & Analytics for Azure||
Based on usage. Microsoft Azure charges are billed in arrears.
Example: January usage is collected up to the end of the month but the charges appear on the March 1st invoice.
The Cloud Application Manager Onboarding Services are designed to assist Customers with implementation and setup of services in Cloud Application Manager. There are two fee-based Onboarding packages to choose from: Cloud Application Manager Onboarding Standard and Cloud Application Manager Onboarding Advanced. These Onboarding Services are intended to help Customers through their initial usage period and will be initiated within 30 days of account activation and be completed as set out in the Service Guide, below.
The Cloud Application Manager Onboarding Standard Service is best suited for Customers interested in Cloud Optimization and/or Managed Services Anywhere. Sessions include a kickoff, deep dive training, assisted configuration of customer space within Cloud Application Manager, Managed Services Anywhere hands-on work sessions, and suggested practices with a long-term support overview. The Cloud Application Manager Onboarding Service also includes up to five hours of assistance with either AWS or Azure IaaS workshops detailed below.
The IaaS Workshop shall not exceed a combined total of 5 hours or the assisted deployment quantities listed, whichever comes first. This will include services from one of the Cloud Service Providers via the native CSP portal and for the purposes of enabling customers to use the product.
The Cloud Application Manager Onboarding Standard Service is provided within 30 calendar days starting from the QuickStart kickoff date. Extensions can be considered on a case by case basis.
Assisting the customer with deployment and provisioning:
The Service does not include:
Assisting the customer with deployment and provisioning:
The Service does not include:
The Cloud Application Manager Onboarding Advanced Service is targeted for customers who wish to use ALM. It includes everything in the standard onboarding, plus ALM hands-on work sessions. These ALM sessions include:
To order custom Onboarding Services specific to your organization, which may include onsite workshops/training, extended VM imports/builds etc., please contact your CenturyLink account executive.
The Cloud Application Manager Onboarding Advanced Service is provided within 60 calendar days starting from the QuickStart kickoff date. Extensions can be considered on a case by case basis.
The QuickStart SafeHaven On-boarding Service is for Customers who need a high-level of support over the first thirty (30) days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This On-boarding Service includes provisioning of up to six VMs to be configured with SafeHaven and, if needed, import of up to two (2) servers/templates into the CenturyLink Cloud. Moreover, the QuickStart SafeHaven Service provides tailored disaster recovery as a service topics such as how to operate the SafeHaven software, system optimization, and suggestions to maximize the service. The service includes a test infrastructure failover. Additional source VMs can be added to the service for an additional fee.
Support for the Cloud Application Manager is provided by CenturyLink Global Operations Center. Global Operations Center facilitates the appropriate team for support on the various services within the platform. Customers can engage CenturyLink Global Operations Center 365x24x7 via phone, email or by opening a ticket. Links are provided within the platform to connect directly with CenturyLink support.
The scope of the Cloud Application Manager Platform Support model can be found here.
Customers can use the following mechanisms to report or escalate issues to the CenturyLink Global Operations Center.
|incident@CenturyLink.com||Response: less than 6 hours|
|Phone||United States: 1-888-638-6771
EMEA: 00800 72884743
Asia Pacific: +65 6768 8099
|Response: 1-5 minutes|
|Ticket||Cloud Application Manager portal||Response: less than 1 hour|
Cloud Application Manager provides easy access to customers to manage their interaction with CenturyLink Global Operations Center. Once logged into Cloud Application Manager, customers can launch the Support Center and view existing tickets or open new tickets. When opening a new ticket, the Support Center will navigate the user based on the selections.
CenturyLink Global Operations Center team members will log into the Cloud Application Manager using their credentials to manage customer services, handle support calls and troubleshoot issues.
Within Cloud Application Manager, CenturyLink’s Global Operations Center personnel will have access to the customers’ instances in the workspaces belonging to Customer organizations when authorized by the customer to help manage workloads, workspaces and cost centers. As part of initial setup, every customer organization within Cloud Application Manager is configured to add CenturyLink support group as an administrator within the Organization.
When a CenturyLink Operations team member looks up an instance for management activities, the following information is available about the instance:
|User Account Administration
|(add, deleted, change, disable, lock)|
|Sudo File Support||(add/delete/update - user/group/services)|
|Network Administration||Add/Delete/Change in static routes|
|Filesystem Support||EXT4 & XFS|
|AWS S3 Bucket Mount||Filesystem – s3fs|
|Filesystem Expansion||Supported Filesystems Types: EXT4/ XFS|
|Shrinking File System||All Filesystem types|
|Software RAID Support||RAID1 (mirror volume)|
|OS Patching using Cloud Providers’ Supported Repos||amzn-main.repo & amzn-updates.repo|
|RSYSLOG Configuration||Configure basic remote logging options|
|NTP Service||Client setup|
|NFS Service||Client Setup / Mount the Amazon EFS File System|
|SAMBA Service||Client Setup|
|Postfix Services||Configure SMTP Relay|
CenturyLink manages the various types of customer data according to the following practices.Production data related to the applications and infrastructure
This type of data is not managed within the CenturyLink Cloud Application Manager as this platform serves solely as an orchestration engine. CenturyLink does not have access to the proprietary data what resides within the native platforms.Scripts related to activities performed on the applications and infrastructures
This type of data is limited to the organizations and workspaces that are dedicated to the customer account. CenturyLink only accesses these environments when the customer requests support and/or Managed Services Anywhere. Once the service and/or accounts are terminated, the associated scripts are also terminated. CenturyLink does not continue to access or retain proprietary customer script information.Customer ‘Personally Identifiable Information’ (PII) data
This type of data is managed in accordance with the confidentiality agreements within the Master Services Agreements or the CenturyLink Terms and Agreement (CTA). All customer name, address, phone number and account information follows this policy.
As a part of the Managed Services Anywhere and Platform Support for Cloud Application Manager, CenturyLink receives and analyzes customer logs as needed. Logs are managed according to the policies of the CenturyLink Global Operations Center. The details of the log policy can be found here.
Break/Fix: Break/fix refers to the fee-for-service method of providing information technology repairs to businesses, in which a customer calls up a service provider to do an upgrade of a computer program, software product, computer, or a repair of something computer-related like a printer or drive array that is broken, the IT provider offers a solution or repair.
Cumulative Update: A grouping of Hotfixes or quick fix engineering updates that have not been fully regression tested by Microsoft but are designed to resolve specific issues with Microsoft SQL Server.
Domain Name System (DNS) Proxy: is a network system of servers that translates numeric IP addresses into readable, hierarchical Internet addresses, and vice versa
Hardened OS: Hardened OS means that all non-essential services and testing patched bundled in a standard operating system are disabled and functionality has been confirmed.
Hotfix: A hotfix or quick fix engineering update is a single cumulative package that includes information that is used to address a problem in a software product.
Hypertext Transfer Protocol (HTTP) Proxy: Provides port access to the Internet.
Major Release: Major Releases (X.y.z) are vehicles for delivering major and minor feature development and enhancements to existing features. They incorporate all applicable error corrections made in prior Major Releases, Minor Releases, and Patch Releases. Software Provider typically has one Major Release per year.
Minor Release: Minor Releases (x.Y.z) are vehicles for delivering minor feature developments, enhancements to existing features, and defect corrections. They incorporate all applicable error corrections made in prior Minor Releases, and Patch Releases.
Network Time Protocol (NTP) Service: Synchronize all server times to a common system time.
Patch Release: Patch Releases (x.y.Z) are vehicles for delivering security fixes, feature developments, enhancements to existing features, and defect corrections. They incorporate all applicable error corrections made in prior Patch Releases
Custom Patch Requirements: Customer selection of specific patches versus accepting all recommended patches, custom reporting to meet regulatory requirements versus standard reporting, variable patch schedule versus defined Maintenance Windows (see Definitions) and support for maintaining multiple patch levels versus having all patches applied (i.e. patches applied differ based on Production or Non-Production Environment).
Data Center: The facility in which the Systems are located. Managed Hosting: The set of CenturyLink managed server services that include Foundation Hosting, Intelligent Hosting and Utility Compute.
Release Management Team: CenturyLink operational team with primary responsibility for the patching and other maintenance activities performed on Managed Servers.
Systems: The computer equipment and software that is approved by CenturyLink and utilized by the customer in connection with the provision of Service by CenturyLink.