Updated: February 21, 2019
Cloud Application Manager is a software-defined managed services orchestration platform that enables the configuration, deployment and management of applications within public, private and hybrid IT environments.
CenturyLink Managed Services Anywhere provides agile application configuration, deployment, patching, monitoring, troubleshooting, and optimization across a variety of private and public cloud platforms. These services are provided for a growing list of fully managed technologies in a highly orchestrated manner by a team of CenturyLink Cloud Application Manager power users leveraging automation. Advisory support is provided for other technologies. Services are accessible through the Century Global Operations Center.
Platform Advisory Support is only available outside of Managed Services Anywhere as a stand-alone option for customers who want to self-service manage some of their applications on certain cloud provider accounts via the Cloud Application Manager platform.
Cloud Application Manager currently has the following two commercial versions available. Cloud Application Manager is not available for any public sector (e.g. federal, state, local or education) customer who requires FISMA or any other higher level security or regulatory requirements.
The Cloud Application Manager base features are described in the section below.
Users can integrate with their existing Authentication systems with the following authentication protocols:
Once logged into Cloud Application Manager, users can seamlessly navigate between Application Lifecycle Management, Cloud Optimization and Analytics, Monitoring and Ticketing portal sites using single sign-on. Cloud Application Manager users can access the entire functionality via API as well as User Interface at cam.ctl.io. Users can create a permanent or a short- term authentication token that can be used to perform API calls.
|Application Lifecycle Management||
Application Lifecycle Management provides an orchestration environment for users to deploy and manage multiple environments across public and private cloud environments. This module allows for the modeling of infrastructure and applications in Cloud Application Manager once and deployment to any of the Compatible Cloud Provider environments. Users can choose to model applications in a cloud agnostic fashion or use one of the Compatible Cloud Provider’s native modeling templates like AWS Cloud Formation Template or Azure Resource Manager template. Once applications are deployed using the templates, users can manage the lifecycle of the application, auto-scale the infrastructure, update/patch applications without down-time and replicate them across environments.
Application Lifecycle Management also has a Continuous Integration and Continuous Deployment (CI/CD) plugin that can be configured to invoke policies in Cloud Application Manager and update applications and infrastructure residing in the underlying Compatible Cloud Provider platforms, on every code release. Customers can choose to use this functionality even without having to run the bill through Cloud Application Manager.
Application Lifecycle Management Compatible Providers
A current list of Compatible Cloud Providers is available in the KB article “Providers”.
The Auto-Discovery feature for instances running on AWS, Azure and CenturyLink Cloud infrastructure enables visibility of resources that have been previously running. Once a provider is configured, Cloud Application Manager discovers all of the virtual machine instances in that environment and lists them for the user. At that time, a virtual machine instance can be selected and imported. Users register an existing instance so the lifecycle can be managed within the Cloud Application Manager environment.
Additional features include:
|Cloud Optimization & Analytics
exclusively for AWS and Azure Brownfield or Greenfield
Best Practices checks include more than 350 automated checks evaluated against Supported Providers, AWS and Azure:
CenturyLink provides consolidated billing, cost optimization, spend analytics, chargeback and best practice recommendations. Certain restrictions and limitations apply
|Value Added Reseller Program (AWS and Azure)||
Users can setup new AWS and Azure accounts or shift existing AWS and Azure accounts to CenturyLink Cloud Application Manager. There are three distinct options:
Authorized Brownfield or Greenfield resale requires additional terms and conditions as a condition precedent to the Supported Provider setup process.
All AWS and Azure accounts are required to be fully hardened per the CenturyLink guidelines (see Permissions and Hardening Policy section)
|Technical Account Management (“TAM”)||
Both support tiers provide customers with a technical expert and program governance agent(s) available on a next available basis. Technical Account Managers by way of example, support inquiries regarding Application Lifecycle Management, Cloud Optimization & Analytics, AWS and Azure services. The Technical Account Management responsibilities also consist of providing proactive service delivery plans based on the customer strategies, management of support escalations, answering advisory questions related to any of the three core Cloud Application Manager capabilities, addresses billing inquiries and coordinates more extensive architectural and design services from CenturyLink managed services experts.
TAM tasks provided under Platform Advisory Support
TAM tasks provide under Managed Services Anywhere
Guidance in an advisory capacity is the baseline support tier of Cloud Application Manager and is automatically applied unless Customer designates Managed Services Anywhere against each Supported Cloud Provider account. Supported Cloud Providers for Platform Advisory Support are AWS and Microsoft Azure. This advisory tier includes all the Global Operations Support activities (see section D below) in addition to enabling CenturyLink to lead support responsibilities for Azure and AWS (when procured in a Brownfield or Greenfield scenario). For avoidance of doubt, all technology within the environment is treated as advisory only; CenturyLink does not perform or execute any tasks on behalf of the Customer.
The base Cloud Application Manager features identified in Section A above are further described below as it relates to Platform Advisory support:
Activities for AWS and Azure Advisory Technologies
The Managed Services Anywhere support tier provides a complete management experience for hybrid IT environments. Managed Services Anywhere is designated at the Supported Provider account layer.
Customers must have or obtain and maintain all appropriate permissions to enable the installation by CenturyLink of a proprietary management appliance on each Managed Cloud Provider environment for which Managed Services Anywhere is selected in order to enable CenturyLink to perform it obligations. CenturyLink will also deploy a remote gateway on the appliance to establish a secure connection between the applicable customer environment (e.g. a Managed Cloud Provider environment) and CenturyLink to remotely monitor and access the managed applications within the Customer’s enviroment. The connection is monitored and maintained by CenturyLink.
Any changes to the customer network or environment by Customer that results in degradation or disconnection of the connection will result in CenturyLink’s inability to provide the Managed Services Anywhere service. CenturyLink’s management fees related to Managed Services Anywhere do not apply to the appliance itself. Instead Customer will be charged for the applicable Virtual Machine (VM) instance that the appliance runs on. See Remote Administration in the table below for further detail. Managed Cloud Provider charges for the VM usage related to the remote appliance will be reflected on the Customer’s cloud provider bill (e.g. either on the bill with the Managed Cloud Provider directly or via CenturyLink for Greenfield or Brownfield).
In addition to all of the base features of Cloud Application Manager listed in Section A above, the table below describes the standard operational functions of Managed Services Anywhere. CenturyLink reserves the right to require Advanced Managed Services or other upgrades (subject to additional terms and pricing) for any customer request that is not described in the tables below or otherwise deemed out of scope. Certain support services may be automated or provided by CenturyLink designated personnel as designated by Customer.
|Patching and Maintenance
AWS and Azure Resale via CenturyLink only
Support and install available critical and vendor-recommended patches. Customers have full control to define when and if CenturyLink should schedule their patching cycles. CenturyLink’s automated system tracks the change request, performs the patch management and provides reports. This includes:
Change Management activities through risk assessments, testing procedures, tracking metrics throughout progress, roll-back processes and post-deployment validation. Such changes are performed on behalf of the Customer and are available for auditing purposes. Customers are responsible for requesting the implementation of patch releases.
Maintenance Windows: All times listed under Schedule Maintenance Windows are local times and subject to change.
CenturyLink manages user policies, administration and password management enforcement of Managed Cloud Provider accounts configured within Cloud Application Manager.
CenturyLink uses industry-standard anti-virus protection intended to secure the OS, taking into account the guidelines of the Managed Cloud Providers, regular virus and malware signature updates, and additional OS-level hardening to mitigate risk on the Managed Cloud Provider environment. This also includes permissions and hardening policies (see Permissions and Hardening section).
CenturyLink will provide support for the following license types for the customer environments that are designated for Managed Services Anywhere, subject to the Permissions and Hardening section below:
|Watcher Monitoring and Alerting (limited to AWS and Azure)||
The CenturyLink developed and proprietary monitoring service (Watcher), automatically integrated directly with AWS and Azure monitoring technologies, enables host, service, and application monitoring of Customer’s AWS or Azure cloud environments. The Watcher utilizes an intelligent agent deployed to all managed VMs. Monitoring policies are centrally configured and maintained by CenturyLink certified cloud engineers.
CenturyLink’s Watcher uses both agent based and cloud service provider integrations to collect metrics and generate alerts on the performance of the applicable record or log flagged for monitoring. Metrics are the result of standard checks that are performed and reported back to the customer and CenturyLink’s support organization.
Managed Services Anywhere is currently available for the following cloud service provider accounts, which may be modified or changed from time to time. The below listed cloud service providers are collectively referred to as “Managed Cloud Provider(s)”. This support tier must be selected for each individual subscription account:
A more detailed list of Managed Cloud Provider Managed Technologies can be found in Appendix B.
Each of the support tiers (Platform Advisory Support and Managed Services Anywhere) is billed monthly based on the spend of the Supported Provider and consumed CenturyLink services.
All Managed Cloud Provider accounts that are identified for Managed Services Anywhere or procured via CenturyLink’s Value Added Reseller program (AWS and Azure — in a Greenfield or Brownfield scenario) are required to be configured with the security and permissions identified below in order to accurately process billing as a percentage of Supported Provider spend for CenturyLink support services. Below are the required levels of access:
Operational Access for Brownfield scenarios only
In order to complete migration of existing accounts to CenturyLink, Customer must give access to CenturyLink’s Global Operations Support personnel on their existing subscription(s) and designate CenturyLink the “owner role” so that resources can be transferred. This is a meta-data change and causes no downtime and does not affect connectivity. This meta-data change allows the Global Operations Support staff to review configurations within the account but does not permit adding, changing, or deleting resources. All support inquiries or tickets for accounts with Managed Services Anywhere must be opened via CenturyLink Global Operations Support and not directly with the underlying provider if the underlying provider is not CenturyLink. CenturyLink will take action designed to ensure permission and all policies and roles (collectively, “IAM Policies”) are enabled continuously or until the end of the applicable service term. Upon expiration or termination of the underlying agreement for services and migration to a successor account, Customer will continue to retain access to IAM Policies. Customer is responsible for ensuring that CenturyLink is removed as an administrator of the account(s) and that all root acces rights have been disabled when the account is migrated.
AWS Account Security Configurations
Fully hardened, Customer AWS accounts created within or migrated into CenturyLink’s Value Added Reseller program must comply with the security best practices and operational access designated by AWS. When accounts are created or on-boarded, CenturyLink must initially be given programmatic access to accounts to enable the AWS designated security-related configuration and to permit appropriately-permissioned CenturyLink employee access to the activities described in the operational access section above. All credentials provided by the Customer (if part of the Value Added Reseller program) will be encrypted by CenturyLink. The following steps will be taken during the set up or technical enablement of an account:
Metrics and account information related to security events will be stored within the customer account and will be retained for the duration of the applicable service term.
For all Brownfield and Greenfield accounts, CenturyLink complies with the Managed Cloud Providers’ requirements to restrict the cost and spend information and other accounting/billing information in the Managed Cloud Provider portal account. Instead, this account and billing information is available within Cloud Application Manager and is provided at no additional cost through Cloud Application Manager’s Cloud Optimization and Analytics module.
Break/Fix: Break/fix refers to the fee-for-service method of providing information technology repairs to businesses, in which a customer calls up a service provider to do an upgrade of a computer program, software product, computer, or a repair of something computer-related like a printer or drive array that is broken, the IT provider offers a solution or repair.
Brownfield: Migrating a customer’s existing 3rd party cloud provider account to CenturyLink for consolidated billing and support (and designating Platform Advisory Support or Managed Services Anywhere) is know as a “Brownfield” account.
Buy-Your-Own-Cloud or BYOC: Buy an AWS or Azure account directly from the provider or another 3rd party (not CenturyLink) to be used with Platform Advisory Support and Managed Services Anywhere is know as “Buy-Your-Own-Cloud” or “BYOC”.
Compatible Cloud Providers: A current list of Compatible Cloud Providers supporting Application Lifecycle Management is available in this Knowledge Base article.
Cumulative Update: A grouping of Hotfixes or quick fix engineering updates that have not been fully regression tested by Microsoft but are designed to resolve specific issues with Microsoft SQL Server.
Domain Name System (DNS) Proxy: is a network system of servers that translates numeric IP addresses into readable, hierarchical Internet addresses, and vice versa.
Greenfield: The creation of new third party cloud provider account via CenturyLink for consolidated billing is known as a “Greenfield” account.
Hardened OS: Hardened OS means that all non-essential services and testing patched bundled in a standard operating system are disabled and functionality has been confirmed.
Hotfix: A hotfix or quick fix engineering update is a single cumulative package that includes information that is used to address a problem in a software product.
Hypertext Transfer Protocol (HTTP) Proxy: Provides port access to the Internet.
Major Release: Major Releases (X.y.z) are vehicles for delivering major and minor feature development and enhancements to existing features. They incorporate all applicable error corrections made in prior Major Releases, Minor Releases, and Patch Releases. Software Provider typically has one Major Release per year.
Managed Cloud Providers: In support of Managed Services Anywhere, Managed Cloud Providers are currently CenturyLink Cloud, CenturyLink Private Cloud on VMware Cloud Foundation, Microsoft Azure, and Amazon Web Services (AWS).
Minor Release: Minor Releases (x.Y.z) are vehicles for delivering minor feature developments, enhancements to existing features, and defect corrections. They incorporate all applicable error corrections made in prior Minor Releases, and Patch Releases.
Network Time Protocol (NTP) Service: Synchronize all server times to a common system time.
Patch Release: Patch Releases (x.y.Z) are vehicles for delivering security fixes, feature developments, enhancements to existing features, and defect corrections. They incorporate all applicable error corrections made in prior Patch Releases.
Custom Patch Requirements: Customer selection of specific patches versus accepting all recommended patches, custom reporting to meet regulatory requirements versus standard reporting, variable patch schedule versus defined Maintenance Windows (see Definitions) and support for maintaining multiple patch levels versus having all patches applied (i.e. patches applied differ based on Production or Non-Production Environment).
Data Center: The facility in which the Systems are located.
Supported Cloud Providers: Supported Cloud Providers for the Platform Advisory Service only are currently Microsoft Azure and Amazon Web Services (AWS).
Systems: The computer equipment and software that is approved by CenturyLink and utilized by the Customer in connection with the provision of Service by CenturyLink.
The various technologies listed below are accurate as of the version date of this Service Guide and are subject to change without notice based on vendor modifications to their technologies and/or offerings. Updates to this list of technologies will be posted as the technologies change.
RDS (MySQL, Oracle, SQL)
Elastic Load Balancing
|Advisory Technologies||All native AWS services excluding AWS Marketplace|
2. Microsoft Azure
|Managed Technologies||Virtual Machines
Local Network Gateway
|Advisory Technologies||All native Microsoft Azure services excluding Microsoft Azure Marketplace|
3. CenturyLink Private Cloud on VMware Cloud Foundation
|Managed Technologies||Edge Gateway
VMware vCloud Director service features
|Advisory Technologies||All native CenturyLink Private Cloud on VMware Cloud Foundation services.|
4. CenturyLink Cloud (CLC)
|Managed Technologies||Microsoft Windows Server
Red Hat Enterprise Linux
Amazon AWS-Linux (EC2 deployment)
|Advisory Technologies||All native CenturyLink Cloud services excluding CenturyLink Cloud Marketplace.|
5. Applications and Databases currently supported for all current Compatible Cloud Providers
The below list of applications is covered under Managed Services Anywhere residing on the Compatible Cloud Provider platforms as long as the application is running on any Compatible Cloud Provider platform.
|Advisory Technologies||Oracle SAP Containers
Other Open Source Technologies
Any other tech, app, service, language