Updated: April 21, 2020
The following Service Guide details Managed Services Anywhere as part of CenturyLink’s Cloud Application Manager. The complete service description of Cloud Application Manager is available in the Cloud Application Manager Service Guide.
CenturyLink Managed Services Anywhere provides agile application configuration, deployment, patching, monitoring, troubleshooting, and optimization across a variety of hybrid IT environments. These services are provided for a growing list of fully managed technologies in a highly orchestrated manner by a team of CenturyLink Cloud Application Manager power users leveraging automation.
Managed Services Anywhere is currently available for the following platforms, which may be modified or changed from time to time. The below listed platforms are collectively referred to as “Managed Platform(s)”:
A more detailed list of Managed Technologies can be found in Appendix A.
Managed Services Anywhere provides a complete management experience for hybrid IT environments. Managed Services Anywhere is enabled on a Managed Platform Cloud Application Manager.
Customers must have or obtain and maintain all appropriate permissions to enable the installation by CenturyLink of a proprietary management appliance on each Managed Platform for which Managed Services Anywhere is selected in order to enable CenturyLink to perform it obligations. Any changes to the customer network or environment by Customer that results in degradation or disconnection of the connection will result in CenturyLink’s inability to provide Managed Services Anywhere.
CenturyLink will also deploy a remote gateway on the appliance to establish a secure connection between the applicable Managed Platform and CenturyLink to remotely monitor and access the applications within the Customer’s environment that Customer designates to CenturyLink to manage. The connection is monitored and maintained by CenturyLink.
The table below describes the standard operational functions of Managed Services Anywhere. CenturyLink reserves the right to require Advanced Managed Services or other upgrades (subject to additional terms and pricing) for any customer request that is not described in the tables below or otherwise deemed out of scope. Certain support services may be automated or provided by CenturyLink designated personnel.
|Patching and Maintenance||
Support and install available critical and vendor-recommended patches. Customers have full control to define when and if CenturyLink should schedule their patching cycles. CenturyLink’s automated system tracks the change request, performs the patch management and provides reports. This includes:
Change Management activities through risk guidance, testing procedures, tracking metrics throughout progress, roll-back processes and post-deployment validation. Such changes are performed on behalf of the Customer and are available for auditing purposes. Customers are responsible for requesting the implementation of patch releases.
Maintenance Windows: All times listed under Schedule Maintenance Windows are local times and subject to change.
CenturyLink manages user policies, administration and password management enforcement of Managed Platforms configured within Cloud Application Manager.
CenturyLink offers access to industry-recognized anti-virus protection intended to secure the OS, taking into account the guidelines of the Managed Platform providers, regular virus and malware signature updates, and offers OS-level hardening recommendations to mitigate risk on the Managed Platform environments. (See Permissions and Hardening section.) Implementation of other recommended or client-required hardening steps is accomplished via the normal support ticketing process with Managed Services Anywhere.
CenturyLink will provide support for the following license types for the customer environments that are designated for Managed Services Anywhere, subject to the Permissions and Hardening section below:
|Watcher Monitoring and Alerting (limited to AWS
The CenturyLink developed and proprietary monitoring service (Watcher), automatically integrated directly with AWS and Azure monitoring technologies, enables host, service, and application monitoring of Customer’s AWS or Azure cloud environments. The Watcher utilizes an intelligent agent deployed to all managed VMs or physical servers. Monitoring policies are centrally configured and maintained by CenturyLink certified cloud engineers. Watcher is deployed on physical servers, enables hardware and OS monitoring of Customer’s private environment.
CenturyLink’s Watcher uses both agent-based and cloud service provider metrics (for physical servers only an agent is used) to generate alerts on the performance of the applicable record or log flagged for monitoring. Metrics are the result of standard checks that are performed and reported back to the customer and CenturyLink’s support organization.
|Disaster Recovery (DR) Readiness||
Utilizing SafeHaven, a CenturyLink-developed disaster recovery tool (see SafeHaven below for further detail), CenturyLink enables Disaster Recovery (DR) Readiness on Customer’s Azure and AWS infrastructure. Customers may optionally choose to have DR Readiness enabled for VMs that are under the management scope for Managed Services Anywhere at the Azure and AWS layer. The SafeHaven technology employed for DR Readiness utilizes HTTPS over the Internet for certain functions and requires an account and cloud infrastructure consumption with one of the Azure and AWS. Additional fees will apply for both the Azure and AWS consumption and for CenturyLink’s Managed Services Anywhere management fees. Customers are responsible for performing Testing, Failover and Failback operations. Guidance in an advisory capacity for performing these operations is available by contacting Customer’s Technical Account Manager. If Customer requires hands-on assistance with Testing, Failover and Failback operations, Customer may elect to purchase the Disaster Recovery Add On available with Advanced Managed Services for additional fees.
CenturyLink certified cloud engineers provision, configure and administer DR Readiness in the Customer’s Azure and AWS infrastructure for the source (production) and recovery platforms.
All Managed Platform accounts that are identified for Managed Services Anywhere or procured by Customer through Cloud Application Manager (AWS and Azure — in a Greenfield or Brownfield scenario) are required to be configured with the security and permissions identified below in order to accurately process billing as a percentage of Managed Platform spend for CenturyLink support services.
Required level of access for CenturyLink’s resale program can be found in the Permissions and Hardening section of the Cloud Application Manager Service Guide. All Physical Servers that are identified for Managed Services Anywhere are required to be configured with the security and permissions needed to provide management services.
Remote administration categorizes connections to two families, tenant and admin. Tenant connections are those that originate from a management appliance. Admin connections are for those intending to gain access to a tenant’s environment.
Managed Services Anywhere is billed monthly. Fees are calculated as an uplift charge on Customer Managed Platform consumption. These charges are billed two months in arrears.
For Physical Server platforms, Managed Services Anywhere is billed monthly based on a fixed monthly fee.
CenturyLink’s management fees related to Managed Services Anywhere do not apply to the appliance itself. Instead Customer will be charged for the applicable Virtual Machine (VM) instance that the appliance runs on. These charges will be reflected on the Customer’s cloud provider bill. See Remote Administration in the table below for further detail.
CenturyLink’s SafeHaven software (“SafeHaven”) is a distributed software architecture that delivers group consistency and run book automation for multi-tiered applications, automates data center disaster recovery orchestration, enables continuous recovery with group consistency and checkpoints, and provides recovery/redundancy for virtualized IT servers. SafeHaven also includes a graphical user interface and is compatible with multiple server operating systems.
As used herein, “data centers” refers to the infrastructure on which SafeHaven Replication Node (“SRN”) and Central Management Server (“CMS”) are deployed and configured. Customer may designate any supported data center as the production data center, and the remaining supported data centers would thereby be the recovery data center.
The SafeHaven software is comprised of certain open source software. Customers must install the relevant software on all desktop or laptop computers that Customer will use for SafeHaven administration. Please see the Knowledge Base article SafeHaven 5: Open Source Components for additional details.
SafeHaven includes the system components listed below and follows a structural hierarchy in the following order:
A SafeHaven Cluster means the group of data centers and each SafeHaven cluster can service up to 64 virtualized data centers. A Customer may utilize any combination of virtual data centers and dedicated data centers.
A Central Management Server is an Ubuntu 16 based lightweight virtual appliance (virtual machine) in a recovery data center that connects all the data centers/appliances together and provides access to the DR environment via a SafeHaven console (GUI), which is a standalone java client (provided by CenturyLink) utilized to access the SafeHaven cluster.
Each SafeHaven cluster includes a single active Central Management Server (CMS). The CMS utilizes the SafeHaven virtual appliance installed at the recovery site and is part of the SafeHaven architecture that:
The data center layer is the set of data centers Customer chooses to provision as the recovery site(s) within a cluster via the SafeHaven console.
SafeHaven classifies data centers based on the API used for orchestration of recovery operations and recognizes select Managed Platforms as DR target infrastructure. In the case of CenturyLink Private Cloud on VMware Cloud Foundation, virtual machine power on and power off operations are manual, meaning these operations are not automated through SafeHaven.
For Amazon Web Services and Microsoft Azure services Customer may be responsible for configuring their account(s), using the cloud provider services in a manner that provides security and redundancy, including enhanced access controls, encryption and backup, and ensuring CenturyLink has all appropriate permissions, credentials and access in order for CenturyLink to perform installation and configuration of SafeHaven. CenturyLink is not responsible or liable for any losses or damages related to the third party services, (direct or via any indemnity) including any liability, losses or damages related to unauthorized access or content or data loss and any losses or damages arising from or related to the installation and operation of SafeHaven on third party systems.
Any required network or internet connectivity between any of the data center types listed above is solely the responsibility of the Customer. Customer acknowledges that CenturyLink’s responsibility herein is related to enabling production and recovery environments and storage as detailed herein and such responsibility does not extend to any information, data or content that the Customer may send and/or store within such production or recovery sites. Customer is solely responsible for all data or content, in transit and at rest, whether in the DR or Production environment or in the storage space on disc as detailed in the SRN section below. CenturyLink is not liable for any losses or damages direct or via indemnity related to such data or information including any liability, losses or damages related to unauthorized access or content or data loss.
The SRN is an Ubuntu 16 based lightweight virtual appliance (virtual machine) which transfers and retains production data. This includes all SRNs provisioned within the SafeHaven cluster. Each SRN is associated with a data center as shown in the SafeHaven hierarchy. A given data center may include multiple SRNs. SRNs replicate at the LUN level transmitting updated blocks for each Protection Group to a peered SRN in a remote data center. Although each active Protection Group has a replica in only one other site, an SRN may support a set of Protection Groups that each have replica instances in distinct remote data centers.
Customer is responsible for purchasing and providing the following additional storage requirements or CenturyLink may not be able to provide the Service:
A Protection Group is a set of servers and hard disks grouped by SafeHaven that failover and failback together to the same instant in time and are shutdown and brought-up according to a prescribed recovery plan. Each Protection Group corresponds to a distinct set of servers and hard disks replicated to a remote site by SRNs. SafeHaven is set up to allow the applicable systems to recover via a remote data center with mutually consistent data images as they were at specific instances in time.
Each data center within a cluster can include both active Protection Groups and replica instances of remote Protection Groups. Protection Groups are logical mappings between the production and recovery servers. Protection Groups are created from within the SafeHaven console and users have the choice to either include one or multiple servers inside a single protection group. All the recovery operations are initiated from a Protection Group level.
Write traffic for each protected VM and hard disk is locally and synchronously mirrored within the production data center so that it is written both to the primary data store and also to a local SRN. For Windows Server Operating Systems 2008R2 and later, the SafeHaven local replication agent is employed and in Linux Operating Systems, Rsync is employed.
SafeHaven checkpoints correspond to LUN-level Copy on Write snapshots and are block-consistent representations of a Protection Group at an instant in time.
SafeHaven uses software to employ the relevant open source software. Details of the various components can be found in the Knowledge Base article SafeHaven: Open Source Components. All users of the Service are subject to the terms and conditions of any applicable open source license agreements.
Due to the self-service nature of the Service, upon termination of a Service where Customer is using SafeHaven, Customer is responsible for deleting all SafeHaven software, any related cloud infrastructure and components employed to provide the Service and any and all data or content Customer chose to replicate and/or store to an applicable data center while using the Services.
Brownfield: Migrating a customer’s existing 3rd party cloud provider account to CenturyLink for consolidated billing and support (and designating Platform Advisory Support or Managed Services Anywhere) is known as a “Brownfield” account.
Buy-Your-Own-Cloud or BYOC: Buy an AWS or Azure account directly from the provider or another 3rd party (not CenturyLink) to be used with Platform Advisory Support and Managed Services Anywhere is known as “Buy-Your-Own-Cloud” or “BYOC”.
Compatible Cloud Providers: A current list of Compatible Cloud Providers is available in this Knowledge Base article.
Greenfield: The creation of new third-party cloud provider account via CenturyLink for consolidated billing is known as a “Greenfield” account.
Managed Platforms: In support of Managed Services Anywhere, Managed Platforms are currently CenturyLink Cloud, CenturyLink Private Cloud on VMware Cloud Foundation, Microsoft Azure, Amazon Web Services, and Physical Servers.
Physical Servers: Bare metal servers running a single operating system located in a customer premise, colocation environment, or a CenturyLink managed hosting facility.
The various technologies listed below are accurate as of the version date of this Service Guide and are subject to change without notice based on vendor modifications to their technologies and/or offerings. Updates to this list of technologies will be posted as the technologies change.
RDS (MySQL, Oracle, SQL)
Elastic Load Balancing
2. Microsoft Azure
|Managed Technologies||Virtual Machines
Local Network Gateway
3. CenturyLink Private Cloud on VMware Cloud Foundation
|Managed Technologies||Edge Gateway
VMware vCloud Director service features
4. CenturyLink Cloud (CLC)
|Managed Application and OS Technologies||Microsoft Windows Server
Red Hat Enterprise Linux
Amazon AWS-Linux (EC2 deployment)
5. Physical Server
|Managed Technologies||All technologies noted in Section 6, where applicable.|
6. Applications and Databases currently supported for all current Compatible Cloud Providers
The below list of applications is covered under Managed Services Anywhere residing on the Compatible Cloud Provider platforms as long as the application is running on any Compatible Cloud Provider platform.
Microsoft Windows Server
Red Hat Enterprise Linux
Amazon AWS-Linux (EC2 Deployment)
Other Open Source Technologies
Any other tech, app, service, language
* Available only on CenturyLink Private Cloud on VMware Cloud Foundation platform.