Lumen Private Cloud for VMware Cloud on AWS

Service Guide

Updated November 2, 2020

This Service Guide (“SG”) sets forth a description of the Lumen Private Cloud for VMware Cloud product, a Lumen Managed VMware Cloud (“VMC”) on Amazon Web Services (“AWS”) solution (the “Service” or “VMware Cloud”). All or part of these Services are provided by or through Lumen’s vendor, VMware. This SG is subject to and incorporated into the Agreement, Lumen TS Service Exhibit and Hosting Service Schedule between the parties. The specific details of the Service ordered by Customer will be set forth on the relevant Service Order.

Service Description

Lumen’s Private Cloud for VMware Cloud on AWS is a managed Infrastructure-as-a-Service (“IaaS”). Service may be purchased on a 12 or 36-month term basis. Notwithstanding any auto renew provisions in the Lumen TS Service Exhibit, the VMware Cloud solution does automatically renews month to month unless renewed or terminated in accordance with the applicable Schedule.

The Service provides access to a virtual server(s) deployed in an AWS data center that includes a suite of software collectively called a Software-Defined Data Center (“SDDSC”). The software components that Customer has access to as part of the Service includes:

  • VMware vSphere® running on elastic bare metal hosts deployed in AWS
  • VMware vCenter Server® appliance
  • VMware NSX® Data Center to enable software defined networking
  • VMware vSAN™ aggregating host-based storage into a shared datastore
  • VMware HCX® enabling app mobility and infrastructure hybridity

Service includes automatic maintenance, patching, and upgrades of the SDDC, performed by VMware.

Service consoles provide Customer with an interface that provides the ability to (i) self-serve provision of the SDDC; (ii) access and manage workloads and the compute, storage, and network components of the SDDC; and (iii) view status.

Optional Add-on Services – all subject to separate terms and conditions and pricing

  • Integration with Lumen Managed Services Anywhere. Lumen Managed Services Anywhere allow Customer to utilize the Application Lifecycle Management and multi-cloud management options for OS and applications. Lumen Advanced Management Services may be utilized for building out Customer’s environment and configuring moves, adds, and changes as requested by the Customer.
  • Lumen Dynamic Connections or Cloud Connect for required connectivity to Customer’s SDDC

Customer has the ability to install Guest Operating Systems (“Guest OS”), software or appliances as long as it supports being installed on a VMware Hypervisor Platform and the version of Vsphere implemented. Customer is solely responsible for ensuring that any Guest OS or virtual appliance is and remains compatible with the Lumen Private Cloud for VMware Cloud Infrastructure. Guest OS licenses may be provided by the Customer or purchased through the AWS Marketplace.

Amazon Web Services Account

To access or use the Service, Customer must utilize either an existing AWS account previously acquired through Lumen or obtain a new AWS account provided by Lumen. Prior to provisioning an SDDC, Lumen requires Customers to connect to their AWS account. This process establishes identity and access management policies in the AWS account that enables communication between resources provisioned in Customer’s AWS account and the SDDC.

Service Operations

Service Provisioning

Customers can provision and resize their SDDCs on demand, using the interface noted above. An SDDC includes a minimum of one cluster with a single host. Customers can add hosts and clusters, up to the provisioning maximum for their organization. Customers can select the available AWS region where their SDDCs will be provisioned.

Incident and Problem Management

The Service includes incident and problem management (e.g., detection, severity classification, recording, escalation, and return to service) pertaining to availability of the Service.

Customer is responsible for incident and problem management (e.g., detection, severity classification, recording, escalation, and return to service) pertaining to all virtual machines deployed in Customer’s SDDC.

Data Recovery

The Service includes automatic backup and restore services for the Management infrastructure, including VMware vCenter Server®, VMware NSX® Manager™, VMware NSX® Controller™, and VMware NSX® Edge™.

Customer is responsible for backup and restoration of all content and configurations created by Customer in the SDDC, including virtual machines, content libraries, datastores, and port groups.

Change Management

The Service includes the following change management services: (i) processes and procedures to maintain the availability of the Service; and (ii) processes and procedures to release new code versions, hot fixes, and service packs related to the Service.

Updates to the SDDC software are necessary to maintain the availability of the Service and are mandatory. These updates will be applied to Customer’s SDDC, subject to the processes set forth in this section. A Customer may not, in the normal course, skip or delay application of these updates. Support may not be provided, and SLAs will not apply if Customer is not on the most current version of the SDDC software.

Lumen will provide notification of scheduled maintenance at least 24 hours in advance for any changes that may impact use of an SDDC. Changes related to maintenance may require maintenance downtime of up to 40 hours per year for each SDDC. Maintenance downtime is excluded from eligible downtime towards SLA credits.

Security

The Service includes the following security components which are provided on a commercially reasonable efforts basis:

Information Security: Designed to protect the information systems used to deliver the Service (as between Lumen, VMware, and Customer) over which VMWare has sole administrative level control.

Security Monitoring: Designed to monitor for security events involving the underlying infrastructure servers, storage, networks, and information systems used in the delivery of the Service over which VMware has sole administrative level control. This responsibility stops at any point where Customer has some control, permission, or access to modify an aspect of the Service.

Patching and Vulnerability Management: Designed to maintain the systems used to deliver the Service, including the application of patches deemed critical for the target systems.

Customer is responsible for the following:

Information Security: Customer is responsible for ensuring adequate protection of the content deployed and/or accessed with the Service. This includes, but is not limited to, any level of virtual machine patching, security fixes, data encryption, access controls, roles and permissions granted to Customer’s internal, external, or third-party users, etc.

Network Security: Customer is responsible for the security of the networks over which Customer has administrative level control. This includes, but is not limited to, maintaining effective firewall rules in all SDDCs deployed.

Security Monitoring: Customer is responsible for the detection, classification, and remediation of all security events that are (i) isolated within Customer’s deployed SDDCs, (ii) associated with virtual machines, operating systems, applications, data, or content surfaced through vulnerability scanning tools, or (iii) required for a compliance or certification program in which Customer is required to participate.

Capacity Management

Customers are responsible for capacity management of their SDDCs, including maintaining 30% unused space (“slack space”) for the vSAN datastore within the Service, to support operation of the SDDC. Adequate slack space is required for use of the vSAN datastore.

If storage free space reaches (or falls below) 25%, Customer could lose the ability to utilize the SDDC, and the environment could become inoperable. If unused space in an SDDC vSAN datastore drops reaches (or falls below) 25%, hosts will automatically be added to the SDDC to prevent damage to the SDDC.

If a host is added, both Customer and Customer’s Lumen account team will be notified and Lumen will process a new order with charges for adding additional hosts. Customers can use the VMware Cloud sizer tool, found at https://vmcsizer.vmware.com/home, for guidance on the appropriate number of hosts needed to support anticipated workloads.

Additional Information

Usage Data

The Service collects data directly from the machines and/or devices involved in the use of the Service, such as configuration, performance, and usage data. The data is limited to the Hypervisor layer and does not include Customer’s application or content.

Use of FullStory

The Service uses FullStory functionality to collect data directly from any browsers used to access and use the Service. FullStory collects data regarding use of the Service, including user interaction and behavior, to enable session replay. To opt out of session recording, FullStory makes the following website available: https://www.fullstory.com/optout/.

Use of Google Analytics

The Service utilizes Google Analytics to collect data directly from any browsers used to access and use the Service Offering. To opt out of Google Analytics, Google makes the following browser add-on available: https://tools.google.com/dlpage/gaoptout.

Customer agrees to provide the information, above, regarding Usage Data, FullStory, and Google Analytics usage to all users of the Service.

Customer Responsibilities

Customer acknowledges and agrees that its failure to perform its obligations herein may result in Lumen’s inability to perform the Services and Lumen shall not be liable for any failure to perform, including any SLAs in the event of Customer’s failure. In addition, Lumen is not responsible for any loss or corruption of Customer Data, content or information. Lumen’s obligations related to Customer Data are exclusively governed by the Security and Compliance section of the applicable Service Exhibit.

  1. Customer acknowledges that all third-party components of the Service are subject to the applicable vendor’s decision to (i) not continue to provide or renew its services and/or products with Lumen and/or (ii) modify or end of life a component(s). If any of the foregoing occurs, Lumen will use commercially reasonable efforts to migrate Customer to another comparable Lumen service at any time. Such migration will occur without regard to Customer’s current term.
  2. Bandwidth: To avoid degradation of the Service, Customer must not have sustained bandwidth exceeding rated capacity of the device. Lumen will provide the device information as part of the installation process.
  3. Third Party: The Customer will not instruct or permit any other party to take any actions that would reduce the effectiveness of the Service. The Customer shall not attempt (nor instruct or allow others to attempt) any testing, assessment, circumvention or other evaluation or interference with any Service without the prior written consent of Lumen. Credentialed scans from firewalls are not allowed.
  4. Unauthorized Testing: Customer shall not attempt, permit or instruct any party to take any action that would reduce the effectiveness of Service or any devices used to deliver Lumen services. Without limiting the foregoing, Customer is specifically prohibited from conducting unannounced or unscheduled test firewall attacks, penetration testing or external network scans on Lumen’s network and infrastructure without the prior written consent of Lumen.
  5. Provide Contact: Designate and maintain a Customer Contact during the service term and any applicable renewal term (including current contact information). “Customer Contact” means a technical point of contact with sufficient knowledge, authority and access to address configuration issues, event notifications, system or infrastructure modifications and authentication of applicable systems.
  6. Provide Technical Support. Customer agrees to provide technical support during implementation and on-going support. Customer shall ensure environments are provisioned with servers, local incremental and replica storage, network connectivity, CPU and memory resources, and other infrastructure components; and replication is operational.
  7. Neither Customer nor its representatives shall attempt in any way to circumvent or otherwise interfere with any security precautions or measures of Lumen or VmWare relating to the Service.
  8. Customer acknowledges and agrees that it is solely responsible for selecting and ensuring its software and systems are up to date and supportable.
  9. Customer further acknowledges it is solely responsible for ensuring all devices and hardware are upgraded to meet vendor configurations and agrees that Lumen’s SLA only applies to currently supported configurations (including but not limited to related devices, software, and operating systems) at the time SLA support requests are triggered. If any configuration or version is identified as “unsupported” by a vendor, the Services are subject to all of the following conditions and/or requirements: (i) a service level objective (“SLO”) referring to Lumen’s reasonable effort to provide support will apply in lieu of any other applicable SLA and will automatically apply from the time Lumen receives notice from the vendor of such unsupported service; (ii) Lumen, in its reasonable discretion may elect to charge the Customer for any support or additional tasks/work incurred by Lumen resulting from Customer’s continued use of unsupported configuration until Customer purchases the required and supported upgrades or extended support at an additional cost from the vendor. The requirement to purchase upgrades or extended support from vendor shall apply at any time, regardless of any contract term, term commitments, or renewal periods. Customer’s failure to do so may result in Lumen’s inability to provide the Services and Lumen shall have no liability therefrom.
  10. Lumen is not responsible for the service or the SLA if any changes by Customer affect the infrastructure or monitoring capability of Lumen.
  11. Customer consents to Lumen collecting and compiling system and security event log data to determine trends and threat intelligence. Lumen may associate this security event log data with similar data of other Customers so long as such data is merged in a manner that will not in any way reveal the data as being attributable to any specific Customer.
  12. Customer is responsible for ensuring the security of credentials to the consoles consistent with that of portals.

Definitions

NSX: A virtual networking and security software product family created from VMware's vCloud Networking and Security (vCNS) and Nicira Network Virtualization Platform (NVP) intellectual property.

Software-Defined Data Center (SDDC): A data center facility where the elements of the infrastructure are virtualized and delivered as a service and where the provisioning and operation is abstracted from the hardware and fully implemented through software.

Solid-State Drive (SSD): A solid-state storage device that uses integrated circuit assemblies as memory to store data persistently.

VMware Software Bundle: The VMware Software bundle is the software that is included with the base Lumen on Private Cloud for VMC Base Product – includes VCenter Standard, Vsphere, Software Defined Data Center, NSX and VSAN.

VMware Hypervisor Platform: The physical servers are configured with the VMware Vsphere Hypervisor software the creates the Virtualization layer between the physical hosts and the Guest Operating Systems that are installed.

VMware Cloud Infrastructure: The Amazon Web Services (AWS) physical Servers, the hardware, and the VMware Software Bundle that together comprise the VMC on AWS Infrastructure

VSAN: VMware Inc.’s Virtual Storage Area Network, which is a software-defined storage offering from VMware that enables enterprises to pool their storage capabilities and to instantly and automatically provision virtual machine storage via simple policies that are driven by the virtual machine. Lumen is not responsible for unauthorized access if Customer does not take its own steps to maintain security, including encryption.

back to top