Updated October 7, 2016
This Service Guide (“SG”) sets forth a description of the CenturyLink Cloud Service (“CenturyLink Cloud” or “Service”) including technical details and additional requirements or terms, if any. This SG, the Supplemental Terms, and the Service Level Agreement (SLA) are subject to and incorporated into the governing agreement and Service Schedule between the parties. The specific details of the Service ordered by Customer will be set forth on the relevant Service Order.
CenturyLink Cloud is a suite of cloud services which includes use of virtual servers, orchestration, network, and application services in a multi-tenant service data center environment. CenturyLink provides the infrastructure—including space and power, compute resources, storage resources, virtualization operating system, networking resources—and use of the Control portal and API for provisioning and management.
CenturyLink Cloud Services are available in several regional markets globally, including North America, EMEA, and Asia Pacific. Pricing details and any price variances between regions can be found on the CenturyLink Cloud website: https://www.ctl.io/pricing.
Customers have the ability to purchase virtual servers throughout the Term of the Service.
Each virtual machine is a portion of the larger pool of pre-installed and integrated compute, storage, and network functionality. The customer can define the size of the virtual machine from 1 to 16 vCPUs and 1 GB to 128 GB of memory. The CenturyLink provided operating system templates include CentOS, Debian, RedHat Enterprise Linux, Ubuntu, and Windows Server.
Three types of cloud servers are available: Standard, Hyperscale, and Bare Metal.
Standard Cloud Servers use persistent SAN based block storage with an optional Simple Backup Service for file-based backup & recovery.
Hyperscale Cloud Servers use persistent SSD based local storage. Hyperscale servers are designed for workloads that require high performance - IOPS minimum 15,000 and storage up to 1 TB per server.
Dedicated physical, non-virtualized nodes that provide workload isolation with very predictable performance. Bare Metal Servers also provide an option for hosting software, which does not have licensing options conducive to virtual machines.
Unlike Standard Cloud Servers and Hyperscale servers, which are virtualized and can dynamically scale, Bare Metal Servers have fixed CPU, RAM and storage configurations. Windows Server, RHEL, CentOS, and Ubuntu operating systems templates are available for Bare Metal Servers. Bare Metal Servers deploy in less than one hour and are accessed via Control portal or APIs. Customers control Bare Metal Servers via Control portal and the API, but do not have access to the IPMI (Intelligent Platform Management Interface) console directly. In the event that a customer inhibits CenturyLink access to the IPMI, network connectivity may be disabled.
All local non-SSD storage associated with Bare Metal Servers are capable of being fully encrypted by Customer, and all SSD storage supports Instant Secure Erase (ISE) or is zeroed out after releasing a server. For storage supporting encryption by default, new encryption keys are automatically generated for Customer to use with each newly provisioned server. Encryption is controlled exclusively by the disk array controller and not within the OS or elsewhere. CenturyLink controls the encryption keys and each key is tied directly to the logical volume on the array controller. When the logical volume is deleted there is no recovery path as the associated key is destroyed at the same time by the array controller. Thus, the data is rendered unrecoverable as part of a routine rediscovery and provisioning process for servers being decommissioned.
There are seven operations that can be performed against a virtual cloud server within the server page. Applicable operations for Bare Metal Servers are “On”, “Off”, and “Reset”.
When a server is created as part of the Create Server process which is set forth in the Control portal, the pricing information is provided within the Control portal as the configuration is adjusted by the user. Users can specify networking details including DNS information, network connectivity, or vLAN attachment. The user can also specify a server lifespan to delete the server at a user specified time.
Servers are organized within a “Server Group(s)” which are based on their resident data center, and can have resource limits, default server settings and access permissions set for individual users. Server Group resource limits are defined by the maximum number of CPUs, memory and storage. Reports and alert monitors can be created for servers within Server Groups which include ping, CPU utilization and disk utilization monitors. Users added to alerts will receive an email in the event a specified monitor metric exceed the user specified condition which includes the interval, trigger and alert limit. Schedules can also be set for Server Groups to perform regular tasks such as server archive, delete, shutdown, reboot, power on, create snapshot, and delete snapshot based on a user specified time and frequency. Scheduled tasks set on a Server Group will not be run on Bare Metal servers in the Group. Maintenance windows can also be specified by Server Group which will disable all monitoring and alerts during this time.
Resource Limits in the Control portal can also be applied to all Server Groups within a specified data center for total CPU, memory and storage as well as specific user rights to resources within that data center.
The Server Archive lists the Standard and Hyperscale servers that have been powered down but have retained the server image. Archived servers can be restored into service or deleted from the archive. Archive storage is charged at the archived storage rate. This feature is not available with Bare Metal servers.
For Standard and Hyperscale servers only, templates are provided by CenturyLink for many popular operating systems but private server templates can also be created or uploaded by customers. These private server templates are added to the Server Templates catalog where the template size is provided along with total storage required. Customer can use CenturyLink provided templates as a baseline to configure the operating system, install and configure applications and data, and use the Convert to Template function, which will create a template from the selected server. The server admin or root password must be provided to create a template from the VM. Templates are available for specific datacenters. Customers who wish to copy templates to multiple datacenters should open a trouble ticket with the NOC. Template storage is billed on a GB basis at the Standard Storage rate.
Customers can also upload their own templates for an additional fee. Customers initiate the process by opening a NOC ticket, and then FTP the server template to a provided FTP site. The OVF image format is recommended. Once uploaded, the NOC with ingest the server template into the platform and it will be listed in the Server Template catalogue. Server templates can be converted into a server, used to create a new server, or deleted from within the Template catalogue.
For Standard and Hyperscale servers only, Customer may purchase at an additional cost Data Protect Backup for use with the Services (“Managed Backup”). Managed Backup enables customizable rolling backups stored locally and at a secondary regional data center. This feature may be added or removed after the server is created.
Product specific terms and technical specifications for Managed Backup are set for in the Data Protect Backup Service Guide located at http://service-guides.centurylinktechnology.com/Default.aspx. Managed Backup pricing is usage based and available for subscription within the Control portal; however, such pricing does not contribute to any applicable Service commitment or discount.
CenturyLink Cloud offers a comprehensive portfolio of Managed Operating Systems (“Managed OS”) and Managed Application Services (including web, middleware, database and business applications), as defined below, for Standard and Hyperscale servers. Both Managed OS and Managed Application Services are usage-based services, charged on an hourly basis, and designed to maximize Customer’s business availability and performance. The managed and unmanaged servers can coexist on the same network.
Managed service availability can be found at CenturyLink Cloud Data Centers.
Managed OS Service provides fully managed operating system (“OS”) services for the Customer. User creates a managed server on a self-service basis through the Create Server process from the Control portal.
The standard features of the Managed OS Service consist of the licensing, installation, configuration, administration, monitoring, maintenance and support for the CenturyLink-provided software components. The Managed OS includes Microsoft Windows Server and Red Hat Enterprise Linux.
Applicable fees for Managed OS Services do not apply to VMs that are "parked" or otherwise not in use.
The following table describes the Managed OS Service activities and tasks provided by CenturyLink. Note: Customer is fully responsible for reporting Managed OS disruptions or changes to CenturyLink, and for requesting new OS-level user creation/access.
|Configuration & Administration||
Managed Application Services may be purchased by launching a Managed Application Blueprint on a Managed OS. On a successful deployment, Customer will have all necessary credentials to interact with their managed environments just like any other instance in CenturyLink Cloud.
CenturyLink and imbedded automated processes take over the end-to-end process of installing, configuring, managing, monitoring, maintaining (patching, hotfixes, change management) Customer managed application(s) and provides 24x7 support.
|Managed Application Service||Available on CenturyLink Cloud Managed Windows||Available on CenturyLink Managed Red Hat Enterprise Linux|
|Database||Microsoft SQL 2008||MySQL|
|Directory Service||Active Directory 2008|
Customer can increase MySQL database availability by purchasing the CenturyLink Cloud Managed MySQL Replication Service that can be added on to the standard Managed MySQL service for an additional fee and all Customers who purchase the Managed MySQL Service acknowledge and agree that they do so subject to the any applicable terms and conditions. MySQL Replication includes replication setup (master-master, master-slave), enabling replication session monitoring, and managing failover and fail-back.
The following table describes the typical operational support services and requests that may arise for Managed OS and Managed Applications provisioned on the CenturyLink Cloud platform. In the event Customer initiates a service request for tasks that are not described in the tables below, CenturyLink reserves the right to charge the customer on an hourly basis for a requested task. Please contact your CenturyLink account executive for service charge details.
|Maintenance and support||
|Support Offerings Provided for Managed Applications Services||Notes|
|24x7x365 health monitoring and incident resolution of the managed applications (i.e., IIS restarts, MySQL error)||Does not include application performance issues within managed application services.|
|Application hardening via security policies||Implements application hardening per CenturyLink security policies. Any additional settings, not included in CenturyLink’s security policies, may incur an additional hourly billable charge.|
|Planned application maintenance||Generates email notifications of scheduled maintenance to Customer in time to provide 48-hours (two business days) notice.|
|Troubleshooting managed application performance||CenturyLink will investigate any Service interruptions for the managed application upon request. Any troubleshooting that impacts non-managed services (e.g. Customer’s VPN, co-location hardware etc.) is an additional billable support engagement.|
|Updates to managed applications via hot-fix or patch||Hot-fix installation is available upon request.|
Except for Bare Metal servers, the Import Server page in the Control Portal allows Customers to import their existing Windows or Red Hat virtual servers into the CenturyLink Cloud. Servers can be uploaded into any cloud data center. Customers can choose the account, group, server type (standard or Hyperscale), storage level, and VLAN for the imported server.
The Policies page in the Control portal allows customers to create unique rules or parameters to help manage server operations. For example, policies can alert users to usage peaks or CPU memory and disk utilization thresholds. Users can be notified to take action or the policies can auto-correct server settings based on preferences established by users.
Alert policies can be set up by Customer to allow for notification via email, webhooks, and the Control portal based on customized threshold criteria. Customers can apply alert policies to entire server groups or individual servers, excluding Bare Metal servers.
CenturyLink Cloud supports both Vertical Autoscale and Horizontal Autoscale which can be applied to both Standard and Hyperscale server instances.
Vertical Autoscale policies can be set by users to scale CPU allocation up and down based on CPU utilization. Users can specify the CPU range for the Vertical Autoscale policy, threshold period of time, and increment of CPUs to scale up or down. A scale down time window can also be specified as scale down events require a reboot to complete. This policy cannot be applied to Bare Metal servers.
Horizontal Autoscale can be set by users, allowing for groups of virtual servers that meet a user-defined CPU and/or RAM utilization threshold to be scaled out/in by powering on or off one (1) or more additional virtual servers in the group.
Note: A server that has a Vertical Autoscale policy set cannot be part of a horizontally autoscaled group.
Anti-affinity groups can be created for Hyperscale servers to provide an even distribution of virtual machines across different physical hosts. These policies are applied when servers are added to an existing anti-affinity pool.
CenturyLink Cloud Blueprints (“Blueprints”) are executable templates that can create servers, install software, and execute scripts for Standard and Hyperscale servers only. Most major operations within the CenturyLink Cloud Service are executed as Blueprints and customers can also define their own Blueprints to assist in DevOps, deployment and standardized use of the cloud.
The Blueprints Queue shows the status of all Blueprints running within a specific datacenter. CenturyLink provides publicly available Blueprints and users can create private Blueprints to be shared within their account.
The Blueprints Library lists available Blueprints that can be searched by keyword and filtered by author, solution type, operating system, and company size. A library listing show the name of the Blueprint, the configured compute and storage resources within the Blueprint, cost of deploying the Blueprint, version, visibility, tags, community rating and user reviews. The tabs within the Blueprint show the individual servers contained within the Blueprint and their individual configuration along with the number of packaged scripts and software, the sequence of operations within the Blueprint itself and bundled software. Users can click the Deploy Blueprint button to launch the Blueprint or be presented with the required user input to launch a Blueprint.
The Blueprint Designer provides a four-step process to create a Blueprint. First the user specifies basics about the Blueprint including the name, version, visibility, and description. Servers are added to the Blueprint with user specified quantities, template, and configuration and associated software and scripts. Next, tasks are created and the order of the tasks specified. Blueprints can also be nested within Blueprints as a specified task. Lastly the Blueprint is reviewed and the cost of the Blueprint is provided. The user can submit the Blueprint for publishing.
The open source and public domain Scripts and Software catalogues allows users to browse and create script and software packages. These packages are configured to run scripts, run executables, and install software. Packages are zip file which contain a package XML based manifest, executable and resources. Users can upload both script and software packages via the control interface and provide metadata describing the package and supported OS types.
This Control portal allows users to create an FTP account and credentials for an FTP site used to assist in uploading software and scripts with the platform.
SafeHaven provides a suite of IT disaster recovery and inter-site migration services. SafeHaven is deployed by CenturyLink Cloud for its customers to deliver DRaaS. SafeHaven system components follow a structural hierarchy in the following order:
Each SafeHaven cluster can service up to 64 data centers. The data centers may be any combination of dedicated data centers and Cloud virtual data centers. Each data center within the cluster can include both active Protection Groups and replica instances of remote Protection Groups. Each subscriber organization is provisioned with a distinct SafeHaven cluster.
The SafeHaven console is a rich Java client application which should be installed on all desktop or laptop computers that will be used for SafeHaven administration. All communication between the SafeHaven console and the CMS are encrypted over SSL. Administrators can perform point-and-click recovery operations upon individual virtual machines, groups of servers and data drives, or entire data centers. Recovery operations include:
Central Management Server (CMS)
Each SafeHaven cluster includes a single active CMS. The CMS is a SafeHaven virtual appliance that:
Data Center Layer
The data center layer includes the set of data centers provisioned within the SafeHaven cluster.
SafeHaven classifies data centers based on the API used for orchestration of recovery operations and recognizes three data center types:
This layer includes all SRNs provisioned within the SafeHaven cluster. Each SRN is associated with a parent data center as shown in the SafeHaven hierarchy. A given data center may include an arbitrary number of SRNs. The SRN virtual appliance is responsible to:
SRNs replicate at the LUN level transmitting updated blocks for each Protection Group to a peered SRN in a remote data center. Although each active Protection Group has a replica in only one other site, an SRN may support a set of Protection Groups that each have replica instances in distinct remote data centers.
Additional storage requirements:
A Protection Group is set of servers and hard disks grouped by SafeHaven that failover, failback, and rollback together to the same instant in time and are shutdown and brought-up according to a prescribed recovery plan. Each Protection Group corresponds to a distinct set of servers and hard disks replicated to a remote site by a parent SRN. When protecting a multi-tiered application, administrators should provision a Protection Group that includes the set of all servers and hard disks that participate in the multi-tiered application. SafeHaven is set up to allow the applicable systems to recover via a remote data center with mutually consistent data images as they were at specific instances in time.
Write traffic for each protected VM and hard disk is locally and synchronously mirrored within the production data center so that it is written both to the primary data store and also to a local SRN. For Windows Server Operating Systems 2003 and later, the SafeHaven local replication agent is employed and in Linux Operating Systems, Logical Volume Manager 2 is employed.
SafeHaven checkpoints correspond to LUN-level Copy on Write snapshots and are block-consistent representations of a Protection Group at an instant in time. For many users, CenturyLink recommends that the storage allocated to the checkpoints be approximately thirty percent (30%) of the storage allocated to the Protection Group itself.
The Service provides the ability to create complex network topologies to securely segment application tiers or entire systems. Using the Control portal, customer can provision private VLANs and delete unused ones. Each customer gets an initial private VLAN to use, and can add more VLANs (for a fee) up to a total of 3 VLANs per account.
The Service provides optional external IP addresses (for a fee). Customers can use Public IP addresses provided by the Service through Network Address Translation (NAT).
By default, all external network access to servers in the Service is turned off by firewall policy. Users may open external access to servers by creating the appropriate firewall policy. Users are responsible for the security implications of the firewall rules they create.
Firewall policies may be created enabling network connections within a data center (“Intra Data Center”) and/or network connections across data centers (“Cross Data Center”). Users may specify the Source and Destination accounts in the Control portal, networks/subnets, specific IP address ranges and ports exposed by firewall policies.
A firewall Change Log displaying recent activity is also available on the Firewalls portal page.
The Service uses a data transfer billing methodology for internet bandwidth usage. Outbound network traffic from CenturyLink Cloud to the Internet is metered on a gigabyte transfer basis and there is a gigabyte charge for internet bandwidth. Inbound traffic from the Internet to CenturyLink Cloud is free of charge and not metered. Intra Data Center and Cross Data Center traffic is not charged for or metered at this time.
Each data center with CenturyLink Cloud Services is connected to the Internet via redundant, high-speed connections. In addition, each location is connected using multiple providers, with multiple major Internet backbones into each facility. This approach decreases the likelihood of customer downtime during carrier outages and helps ensure more reliable connectivity.
Standard Client-to-Site VPN
Each customer gets a dedicated VPN server for establishing client access to their cloud network. Users can set up standard client-to-site VPN connections by installing the Open VPN client for Windows or Apple OS X as directed in the portal and in the Knowledge Base.
VPN certificates may be created, downloaded and deleted. VPN settings are editable. VPN servers can be restarted through the Control portal. The maximum number of client VPN connections is 19.
The CenturyLink Cloud platform offers self-service support for configuring gateway-to-gateway, persistent IPsec VPN Tunnels. This model protects communications between two specific networks, such as an organization’s main office network and a branch office network, or two business partner’s networks. The Control portal supports creating and deleting IPsec VPN Tunnels, but not editing. Users can delete and create IPsec VPN tunnels when a change is needed.
The Services section of the CenturyLink Cloud Control portal provides both platform services and higher level functions that leverage and compliment servers, networks and blueprints. These services include AppFog, object storage, DNS, site redirect, SMTP relay, load balancer, and backup.
AppFog is a public multi-tenant Platform as a Service (PaaS) offering based on Cloud Foundry that enables developers to focus on writing applications, without having to worry about managing the underlying infrastructure. The result is increased agility and productivity, more efficient use of resources, and low operational overhead.
Instead of spending time provisioning servers, setting up databases, configuring web servers or updating firewalls, users simply deploy their Node.js, Java, Ruby, PHP, Python, Go or static website applications to AppFog. AppFog also provides a marketplace where third parties can provide AppFog Services. The marketplace specifies the commercial terms of these services between Customers and these third parties. CenturyLink provides services to AppFog users such as Orchestrate and MySQL.
CenturyLink also offers an Orchestrate AppFog Service which provides a NoSQL database service. This AppFog Service is separate and distinct from the Orchestrate service available at orchestrate.io.
Relational DB Service is a Database as a Service (DBaaS) offering powered by CenturyLink Cloud Hyperscale Cloud Servers. Relational DB Service provides immediate access to a MySQL-compatible database instance and includes daily backups. Users have the option to purchase in-datacenter replication for high availability.
Relational DB Service includes:
Relational DB Customers can initiate the following tasks via automation:
Relational DB Customers can use any MySQL client to manage the following:
Object Storage is a storage service for digital assets stored in “buckets.” The object storage service replicates a single object three times within the selected region. User accounts are created for object storage and given an access key and secret access key. Users can also define bucket access permissions per group and user. The Object Storage service is Amazon S3 compatible so users can use Amazon S3 compliant tools and API commands to access the objects.
The DNS service allows users to purchase a DNS zone and specify time to live. Once the DNS zone is created, resource records can be created, modified and deleted covering A, AAAA, CNAME, KEY, LOC, MX, NS, SOA, SRV and TXT resource record types. This service can be used to create geo-load balancing traffic distribution based on rule set and weighted or geo-targeted definitions. Users can map multiple host names to a single service in order to service multiple websites or map a single host name to multiple machines leveraging simple DNS provided load balancing.
Site Redirect is an option that enables the ability to do a HTTP based redirect of a web site domain name to any URL. Once configured in the Control portal, Site Redirect can take up to 1 hour to replicate the redirection settings.
The CenturyLink Cloud Intrusion Prevention Service (“IPS”) is a critical security component for helping to prevent business disruption, securing a cloud environment, and satisfying certain compliance standards. IPS leverages industry-leading technology from Trend Micro. A host-based IPS agent is deployed on a Customer’s VM to provide enhanced security protection for customer critical data. The agent uses vendor defined signatures combined with host operating system details to create a unique host-specific configuration policy designed to proactively mitigate potential attacks on the host.
A default policy is implemented on each VM that is then automatically tuned based on the host operating system and installed applications. If a vulnerability is identified, the system will log it, take appropriate action, and report on it based on the IPS policy. IPS is provisioned via Blueprints through the Control portal.
The CenturyLink Cloud Service offers both dedicated and shared load balancers. This service is delivered via highly available devices. Shared load balancers are managed through the Control portal, while dedicated load balancers are managed outside the Control portal. The table below provides performance specifications for the load balancing options. Shared load balancers are used by multiple clients within a given data center, so client specific performance may vary.
|Availability||Highly Available pair||Single Instance or Highly Available pair options available|
|Load Balancing VIP Ports||TCP/80 & TCP/443||Any|
|Load Balancing Algorithms||
|Citrix Complete Listing|
|Costing model||per VIP (NLB Group)||Per Device: VPX-200 or VPX-1000 available in both Standard or Enterprise Edition|
|Responsibility for Support & Management||CenturyLink Cloud||Customer via CLI or Web based UI|
HTTP throughput: up to 400 Mbps
Performance is shared among all clients
HTTP throughput: Up to 400 Mbps
SSL encrypted throughput: Up to 400 Mbps
HTTP compression throughput: Up to 350 Mbps
SSL VPN/ICA Proxy Concurrent Users: Up to 1500
New SSL requests/second: Up to 750
|SSL Offloading||No||Yes, Customer Configured|
|Health Checks||Yes, TCP and PING||Yes, Customer Configured|
When creating a load balancer group on the shared load balancer, the user can specify the group name, description, port, method, persistence and IP address assignment. Upon creating a load balancer configuration, a Virtual IP (VIP) is assigned and shown to the user.
Available options include:
A log of recent activity, billing summary and bandwidth history is available on the load balancer Overview page in the portal.
The CenturyLink Cloud Simple Backup Service (“SBS”) provides secure, file-level backup and restore of your important data. A host-based backup agent is deployed on a Customer’s VM to provide enhanced backup/restore protection for customer critical data. The agent applies policies defined by the customer to data on the VM, backs it up to a customer specified storage region over the internet, and retains the data according to the policy.
Runner is a hybrid IT management tool capable of automating infrastructure and providing control of devices in data centers on on-premises. It can also scale infrastructure in any cloud environment.
Powered by Ansible
Simple Control Panel
Focused on Reuse
The CenturyLink Cloud Network Exchange provides a secure, high-speed, redundant, private network using CenturyLink Cloud Network Service (“CNS”) to connect CenturyLink Cloud environments to other CenturyLink provided environments, such as Dedicated Cloud Compute (“DCC”), so long as both environments are within the same CenturyLink data center. Both the CNS and the DCC Services require Customer to execute the Managed Hosting Schedule and each have separate Service Guides, SLAs and ordering processes. Network Exchange is ideal for hybrid environments and applications as well as storage and backups. Network Exchange utilizes the Control portal for setup and management, coupled with CenturyLink Cloud network automation and pre-deployed network infrastructure. The Cloud Network Exchange Service will be provided at no charge until January 1, 2017 and thereafter CenturyLink will commence billing for usage charges. CenturyLink does not charge for CNS when ordered with the CenturyLink Cloud Service.
The Account section of the Control portal user interface provides overall account management functions including governance, user access billing, user interface customization and activity history.
The Information page displays overall customer information including business name, address, contact information and time zone.
The Billing tab provides billing summary information including month to date billing, and the estimate of the current month. The billing history tab shows specific credits and debits against the account. The payment method tab allows customers to update or change payment options and details. The Billing Details tab shows the global discount applied toward the account, purchase order details, monthly commit details if applicable, payment terms and contract expiration date if applicable.
Sub accounts allow separate accounts to be created but maintain a hierarchical relationship between parent and child accounts. This can be useful for control and governance features where different legal entities or lines of business within an enterprise may want their own chargeback information, billing detail and different pools of users for access. This feature is also useful for customers reselling CenturyLink Cloud or using it to deliver SaaS or System Integration activity where customer specific billing history must be maintained.
Multiple subaccounts can be created and there can be multiple subaccounts under subaccounts for businesses with complex resale, governance or access requirements. Parent networks can be shared with subaccounts as well as branding and data preferences passed from the parent to the subaccount. When the subaccount is created, a primary datacenter is also declared as part of the subaccount definition. This primary data center is the default datacenter selected when new resources are created.
The users tab allows Customers to add additional users to their account. Name, email address, and username are required. Additional optional information can also be provided (e.g., title, phone numbers, etc.). CenturyLink Cloud supports Security Assertion Markup Language 2.0 (“SAML”) based on Single Sign-On (“SSO”) to the Control portal, which provides Customers with control over the authentication of their hosted user accounts and who can access the Control portal. Using the SAML model, CenturyLink Cloud acts as the service provider and Customer acts as the identity provider controlling usernames, passwords and other information used to identify and authenticate users for the Control portal. Customers who wish to integrate CenturyLink Cloud with a single sign-on solution using a SAML based server may do so by clicking the Authentication sub tab and specifying SAML Authentication details including SSO IdP URL, Signing Certificate Key and Encryption Certificate Key.
The CenturyLink Cloud user security model has eight roles that map to unique personas within an organization and help customers apply a least-privilege approach to their cloud environment. The user security model cascades throughout the user interface and v2 API. A user can be part of multiple roles, and the Control portal user interface recognizes which role(s) a customer has and adjusts accordingly. Below is a brief description of each role:
Once a user is created, Area permissions can be applied to the specific user account including Account Admin permissions which give the user full access to all resources and settings on the account, Billing Admin, Domain Admin and Premium Server Admin permissions.
Administrators also have the option to require all users to login via SAML. If enabled, this feature will automatically forward users, who attempt to login via Control portal, to the specified SAML login page. This “forced path” offers greater compliance with enterprise policies. In addition, administrator can toggle this feature to all subaccounts.
The notification page allows the customer to specify specific users as Primary, Secondary, Billing and Billing carbon copy points of contact for CenturyLink.
When user accounts are created, they do not by default have access to the API. An API user account must be created within this page by providing an Email address. The system then generates the API key and password within the portal for API authentication. Webhooks send push notifications to a user specified HTTP endpoint. This prevents a developer from having to constantly poll the API to check status as the CenturyLink Cloud webhook will tell the customer provided URL that a specific event occurred. Webhooks are available for many events including account, server and user creation/deletion/update.
The API is available via both a SOAP (XML) and HTTP (XML/JSON) web services. Software development kits are available for both Java and .Net environments. The API is documented online via the CenturyLink Cloud Knowledge Base.
The Tickets page allows a customer to view open tickets and their status along with create new tickets. Customers can also send an Email to [email protected] to create a new trouble ticket.
The activity history page allows users to pull complete activity history across the account based on date range, specified accounts and subaccounts, or keyword. Users may also download a comma delimited file from the portal to review and parse the account history.
The Settings page allows users to customize the Control user experience by adjusting branding, colors, site footers, DNS, customer support details, legal details, create custom fields, customize Email based notifications and adjust account access to specific data centers. This capability enables customers to make the user experience their own. This is useful for Enterprise customers who want brand the service with their own branding and direct end users to internal IT support teams to be the first point of contact before contacting CenturyLink Cloud support. Reseller and wholesalers can provide create their user experience and hide the CenturyLink Cloud details and branding.
There are three support tiers to choose from: Developer, Professional and Enterprise. Each support tier provides break fix level of support via web tickets to resolve Customer platform related issues. The Professional and Enterprise Support service tiers add phone and chat based support. The response time service level objective for Professional support is one hour while the Enterprise response time is 30 minutes.
Enterprise support requires at least 160 hours of CenturyLink Cloud Service Engineering.
Customers selecting the Enterprise support tier must purchase a minimum of 160 hours or up to 640 hours per month in support of their account. The work shift for each designated resource is 36 hours per week.
Support Tier Comparison:
|Access to forums, white papers, and providing access to the CenturyLink Cloud knowledge base||Yes||Yes||Yes|
|Response SLA||< 8 hours||< 1 hour||< 30 minutes|
|Service management support||N/A||Available||Available|
The following table describes list of operational support activities and requests offered across CenturyLink Cloud support tiers that may arise for virtual machines (VMs) provisioned on the CenturyLink Cloud platform.
Support Activities provided for Services and Systems Hosted on the CenturyLink Cloud Platform:
|24x7x365 health monitoring and incident resolution of the CenturyLink Cloud platform’s systems (i.e., physical servers, orchestration systems, virtualization management systems, data center hosting services, network architecture, and storage systems)||Does not include operating systems and/or application performance issues within a Customer’s virtual machine (VM).|
|Data backup||Backups utilizing single node/non-replicated storage and the number of days are determined by the class of storage provisioned.|
|Data/Server restores from backup||Until this is exposed as a self-service feature it will be provided at no cost to Customers.|
|Network latency/interruption within the CenturyLink Cloud platform (e.g., between servers)||CenturyLink will investigate any network latency and/or service interruptions within the Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.|
|Troubleshooting client-based OpenVPN issues||CenturyLink will investigate any network latency and/or service interruptions within the CenturyLink Cloud Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.|
|Troubleshooting point-to-point VPN issues||CenturyLink will investigate any network latency and/or service interruptions within the CenturyLink Cloud Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.|
|DDOS investigation||Commercially reasonable efforts are employed to mitigate, investigate, and resolve DDOS attacks and/or other security intrusions that affect the shared platform.|
|Troubleshooting SafeHaven Performance||CenturyLink will investigate any performance issues for the SafeHaven software inclusive of SRN, CMS and Console.|
|SafeHaven Software updates||Will require re-installation at the current SafeHaven Installation Service task price.|
The Developer support tier is provided at no cost. Professional and Enterprise support are fee-based with a graduated scale based on total platform usage, including services like SW licenses, managed operating systems and managed application services.
The scaled model for support fees is as follows:
The following table provides a sample calculation for Profession or Enterprise support fees based on a monthly invoice totaling $130k. Using the tiered structure above, the support fees would be $8,400.
|Usage Tier||Actual Usage||Rate||Support Charges|
The CenturyLink Cloud Service Engineering function provides personalized support services including:
Service Engineering is available in 20, 40, 60, 80, 160 and multiples of 160 hour blocks per month. In order for Customers to achieve the Enterprise SLA, at least 160 hours per month of Service Engineering must be purchased. Customers purchasing 160 hours of Service Engineering are required to commit to a one-year service term for the personalized support. Standard Professional or Enterprise support uplift fees also apply. Service Engineering is not available to customers who choose the Developer level of support. Service Engineering hours must be used on a monthly basis and unused time does not rollover to the following month. In the event a customer requires hours in addition to the block of hours purchased, an hourly Service Engineering fee will be applied for hours used beyond the monthly block.
Customers who purchase Service Engineering in less than 160 hour blocks can submit support requests around the clock to the shared pool of engineering resources, however consultative related requests need to be scheduled in advance. Customers who purchase 160 hours or greater blocks of time are assigned a designated person per 160 hour increment within the Service Engineering team as a primary point of contact. This primary point of contact will works a specified shift based on the Customer’s needs. Consultative requests are performed during that shift. The 160 hour block of time assumes a designated point of contact working 40 hours per week with a four week per month average and Services are performed evenly throughout the month CenturyLink will begin staffing of 160 hour block resources when Customer orders Service Engineering and may take up to two months to hire personnel.
CenturyLink Cloud Service Engineers are CenturyLink Cloud platform oriented and are knowledgeable on cloud solution architectures but are not operating system or application layer experts. Customers who desire expertise for operating systems or applications are encouraged to purchase Service Management Technical Service Engineers where expertise is available for Windows, RedHat, Database and Applications.
CenturyLink can also provide integrated fee-based Service Management for Customers considering Professional or Enterprise Support tiers.
The Service Management Service offers personalized support relationships for Customers of CenturyLink Cloud and other CenturyLink Services. Service Management Client Service Partners assist customers with business lifecycle management and customer experience. Technical Service Engineers provide operating system and application layer expertise across CenturyLink Cloud and traditional managed hosting solutions.
|Feature||Designated TSE and CSP|
|TSE hours allocated||20, 40, 60, 80 or 160 hours per month|
|CSP hours allocated||Minimum 8 hours per month|
|Quarterly reviews||Included (expect travel expenses)|
There are several Service Management tiers to choose from based on designated resources for specific hours per month. Designated resources include a Technical Service Engineer (TSE) and a Client Service Partner (CSP). For pricing, please contact your CenturyLink account executive.
The designated Service Management (TSE and CSP) and CenturyLink Cloud Service Engineering team will work closely with Customer’s staff to proactively assist on deployment, development, and IT issues with CenturyLink Cloud technologies and works to address issues in an effective way.
CenturyLink Cloud offers individual Service tasks to assist with ad hoc requests for technical services like VM Imports, Data Import/Export, Usage Reporting, Disaster Recovery Testing, and more. Service tasks can be purchased on an hourly basis. A complete list of available Service tasks and pricing can be found at CenturyLink Cloud Pricing. Service task estimation and duties are performed during business hours, 9am-5pm Pacific Time.
A Technical Account Manager ("TAM") is a customer advocate and lifecycle business partner who is directly accessible as an escalation point and for general support.
Key activities for each TAM include:
TAM support is available to Professional and Enterprise Support customers at no additional cost.
The CenturyLink Cloud Onboarding Services are designed to assist each Customer with transition to CenturyLink Cloud. There are six (6) fee-based Onboarding packages to choose from: QuickStart Express, QuickStart Advanced, QuickStart Advanced Plus, Quickstart Enterprise, and QuickStart SafeHaven. These Onboarding Services are intended to help Customers through their initial usage period and must be completed within the first thirty (30) days from date of purchase.
The QuickStart Express On-boarding Service is best suited for Customers with a small system footprint and/or their staff consists of engineers who have a strong background in virtualization technologies and only require a little help. The QuickStart Express sessions include a kick-off, platform training, one or two implementation meetings, and a closure meeting to discuss support. During this course of meetings, customers will get a detailed training and guidance on how to build and manage cloud servers, storage resources, and network services (e.g., load balancers, firewalls, etc.) using CenturyLink Cloud’s Control portal. Additionally, the training services also entail: user and account management, understanding of Customer’s charges/invoices, detailed introduction to reporting and monitoring services. In tandem, customers can leverage our expertise and have our Onboarding Engineers provide assistance with deploying a site-to-site VPN and/or the building of Customer’s first four VMs on CenturyLink Cloud platform.
The QuickStart Advanced On-boarding Service is best suited for Customers who need a high-level of support over the first thirty days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This On-boarding Service includes all the features of the QuickStart Express Service but allows provisioning of up to ten VMs and, if needed, import of up to two servers/templates into the CenturyLink Cloud. Moreover, the QuickStart Advanced Service provides more opportunity to be tailored and includes additional advanced topics such as reviewing recommended implementation practices, system optimization, and suggestions to maximize return on investment.
QuickStart Advanced Plus
The QuickStart Advanced Plus Onboarding Service is best suited for Customers who need a high-level of support over the first thirty days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This Onboarding Service includes all the features of the QuickStart Advanced Service but allows provisioning assistance of up to fifteen (15) VMs and, if needed, import of up to five (5) servers/appliances/templates into the Customer’s CenturyLink Cloud environment plus the selection of one module from the following:
QuickStart Advanced Plus Modules
Automation Consult – Training and consultation to assist customers creating their own automation within CenturyLink Cloud
Load Balancer Service – Architecture review, training, installation and configuration of load balancers within CenturyLink Cloud
Identity Management Service – Provide training, design review and implementation assistance of identity management options within CenturyLink Cloud
QuickStart Enterprise is tailored for strategic and/or enterprise organizations that require complex onboarding with extended requirements. QuickStart Enterprise onboarding includes:
QuickStart Enterprise is limited to 180 hours of services. If additional hours are required, a time and materials statement of work can be executed to extend services which may include additional cost and terms.
The QuickStart SafeHaven On-boarding Service is for Customers who need a high-level of support over the first thirty (30) days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This On-boarding Service includes provisioning of up to six VMs to be configured with SafeHaven and, if needed, import of up to two (2) servers/templates into the CenturyLink Cloud. Moreover, the QuickStart SafeHaven Service provides tailored DRaaS topics such as how to operate the SafeHaven software, system optimization, and suggestions to maximize the service.
To order custom Onboarding Services specific to your organization, like onsite workshops/training, extended VM imports/builds etc., please contact your CenturyLink account executive.
In the event Customer initiates a service request not described in the Support Activities table in the support section the request will be considered as a professional services request and CenturyLink reserves the right to charge the customer for such requested Services at then current rates or as identified in Customer’s applicable support contract.
CenturyLink Private Cloud (“Private Cloud”) is a managed, private and physically isolated deployment of a CenturyLink Cloud datacenter for a specific Customer. As a result, the Private Cloud datacenters are single tenant and exclusively managed by the Customer. CenturyLink provides the infrastructure including space, power, standard compute resources, storage resources, network switching infrastructure, access to the Internet, cloud automation and orchestration software, virtualization licensing, management and monitoring of the infrastructure and use of the CenturyLink Cloud Control portal and API. The Private Cloud Service is covered by the CenturyLink Cloud Enterprise level SLA.
The Private Cloud Service operates identical to the CenturyLink Cloud public service where users use Control portal and the API to interact with the Service. When Customers log into Control portal, the Private Cloud data center is visible along with all the CenturyLink Cloud public data centers so customers have total access to both the public and private datacenters via a uniform user interface and API. Consistent with the public cloud, customers that want to restrict access to any datacenter to all or a subset of their users may do so via Control portal settings. This enables Customer to limit users to only the private cloud datacenter(s) should they desire.
Private Cloud is hosted in a CenturyLink datacenter in a colocation space only accessible by CenturyLink employees. Colocation power is also included as part of the Service. CenturyLink provides full monitoring and maintenance of all the equipment used to deliver the Private Cloud solution. The Private Cloud solution is designed for redundancy to achieve the Enterprise level SLA. The CenturyLink Cloud platform software is updated by CenturyLink consistent with the public cloud which is generally done once a month. Private Cloud Customers get all the updates and new features added to Control portal and the APIs over time. Connectivity to the CenturyLink Internet backbone is provided as part of the solution. Consistent with the CenturyLink Cloud public service, Customers are responsible for the OS and application layer, including licensing, management, and monitoring, of the virtual machines; however, software licensing, Managed Operating System and Application services are available for purchase for Customers as an option.
CenturyLink Private Cloud includes the following:
Note: Private Cloud Customers must purchase at a minimum the Basic service tier of Service Management for eight hours per month of Client Service Partner resources and 160 hours of CenturyLink Cloud Service Engineering.
Additional functionality or capacity is available with the CenturyLink Private Cloud expansion modules:
Private Cloud can be deployed in CenturyLink data centers across North America, Europe and Asia. Private Cloud supports up to 2,000 VLANs and can sustain up to 9 Gbps of Internet connectivity. Private Cloud does not support object storage as a service. Customers needing object storage services may purchase that via the CenturyLink Cloud public service. Customers do not have physical access to the Private Cloud equipment within the Colocation space. The Private Cloud Service may take up to four months to deploy from the date Customer executes the Service Order to Customer acceptance in North America and EMEA. Asia based deployments may take a longer period of time. CenturyLink selects the equipment used in the delivery of the Service.
CenturyLink Cloud will provide Private Cloud Customers feedback with regard to overall capacity management of the Service (e.g. if provisioned capacity exceeds recommended utilization levels). Customers are responsible for adding additional expansion modules so that the necessary capacity is in place based on the Customer’s use of the platform. Storage and Compute availability SLAs are voided should the storage or compute capacity exceed virtual capacity limits which are:
The Private Cloud infrastructure elements are charged on a fixed monthly recurring basis. Private Cloud is available in three to five year term commitments. Private Cloud expansion modules are available in three through five year term commitments. Internet bandwidth, software licensing, managed operating systems, managed application services and additional Service Engineering time is available on a usage fee basis identical to the public cloud.
Internal VIP: A VIP on a dedicated load balancer. This will always be an internal IP.
IP: The IP used for the Virtual Server. A VIP includes both an IP and a port. Separate VIP's are required for multiple ports used with the same IP.
LUN Copy on Write: Logical Unit Number (LUN) is a unique identifier used to designate individual or collections of hard disk devices for address by a protocol associated with an iSCSI interface. A snapshot of a storage volume is created using the pre-designated space for the snapshot. When the snapshot is first created, only the meta-data about where original data is stored is copied. No physical copy of the data is done at the time the snapshot is created. Therefore, the creation of the snapshot is almost instantaneous. The snapshot copy then tracks the changing blocks on the original volume as writes to the original volume are performed. The original data that is being written to is copied into the designated storage pool that is set aside for the snapshot before original data is overwritten, hence the name "copy-on-write".back to top