Service Guide

Updated October 7, 2016

This Service Guide (“SG”) sets forth a description of the CenturyLink Cloud Service (“CenturyLink Cloud” or “Service”) including technical details and additional requirements or terms, if any. This SG, the Supplemental Terms, and the Service Level Agreement (SLA) are subject to and incorporated into the governing agreement and Service Schedule between the parties. The specific details of the Service ordered by Customer will be set forth on the relevant Service Order.

Service Description

CenturyLink Cloud is a suite of cloud services which includes use of virtual servers, orchestration, network, and application services in a multi-tenant service data center environment. CenturyLink provides the infrastructure—including space and power, compute resources, storage resources, virtualization operating system, networking resources—and use of the Control portal and API for provisioning and management.

CenturyLink Cloud Services are available in several regional markets globally, including North America, EMEA, and Asia Pacific. Pricing details and any price variances between regions can be found on the CenturyLink Cloud website:

Service Elements


Servers & Create Server

Customers have the ability to purchase virtual servers throughout the Term of the Service.

Each virtual machine is a portion of the larger pool of pre-installed and integrated compute, storage, and network functionality. The customer can define the size of the virtual machine from 1 to 16 vCPUs and 1 GB to 128 GB of memory. The CenturyLink provided operating system templates include CentOS, Debian, RedHat Enterprise Linux, Ubuntu, and Windows Server.

Three types of cloud servers are available: Standard, Hyperscale, and Bare Metal.

  1. Standard Cloud Servers

    Standard Cloud Servers use persistent SAN based block storage with an optional Simple Backup Service for file-based backup & recovery.

  2. Hyperscale Cloud Servers

    Hyperscale Cloud Servers use persistent SSD based local storage. Hyperscale servers are designed for workloads that require high performance - IOPS minimum 15,000 and storage up to 1 TB per server.

  3. Bare Metal Servers

    Dedicated physical, non-virtualized nodes that provide workload isolation with very predictable performance. Bare Metal Servers also provide an option for hosting software, which does not have licensing options conducive to virtual machines.

    Unlike Standard Cloud Servers and Hyperscale servers, which are virtualized and can dynamically scale, Bare Metal Servers have fixed CPU, RAM and storage configurations. Windows Server, RHEL, CentOS, and Ubuntu operating systems templates are available for Bare Metal Servers. Bare Metal Servers deploy in less than one hour and are accessed via Control portal or APIs. Customers control Bare Metal Servers via Control portal and the API, but do not have access to the IPMI (Intelligent Platform Management Interface) console directly. In the event that a customer inhibits CenturyLink access to the IPMI, network connectivity may be disabled.

    All local non-SSD storage associated with Bare Metal Servers are capable of being fully encrypted by Customer, and all SSD storage supports Instant Secure Erase (ISE) or is zeroed out after releasing a server. For storage supporting encryption by default, new encryption keys are automatically generated for Customer to use with each newly provisioned server. Encryption is controlled exclusively by the disk array controller and not within the OS or elsewhere. CenturyLink controls the encryption keys and each key is tied directly to the logical volume on the array controller. When the logical volume is deleted there is no recovery path as the associated key is destroyed at the same time by the array controller. Thus, the data is rendered unrecoverable as part of a routine rediscovery and provisioning process for servers being decommissioned.

    There are seven operations that can be performed against a virtual cloud server within the server page. Applicable operations for Bare Metal Servers are “On”, “Off”, and “Reset”.

    • On. Applies to cloud servers that are powered off. Initiates the operating system boot sequence. Billing charges for memory, CPU, and operating system (if applicable) start accruing, and monitors are re-enabled.
    • Off. This is a forced shutdown of a server. It is the equivalent to unplugging a physical machine. All memory and CPU charges stop accruing, monitors are disabled, and the machine ends up in a powered off state. Any operating system charges (if applicable) and storage charges continue accruing. If the server is moved to archive storage, then any applicable operating system charges cease.
    • Pause. When a virtual machine is paused, its state is frozen (e.g. memory, open applications) and monitoring ceases. Billing charges for CPU and memory stop. A paused machine can be quickly brought back to life by issuing the “On” power command. Any applicable operating system charges continue to accrue while a machine is paused.
    • Reset. Similar to the relationship between “Off” and “Stop OS”, the reset command is a forced power off + power on combination. It is equivalent to the reset button on a physical computer.
    • Stop OS. Initiates a graceful shutdown of the corresponding server or servers. Like the “off” power command, all memory and CPU charges cease, monitors are disabled, and the machine is left in a powered off state.
    • Reboot OS. Executes a graceful reboot of the target server or servers. Unlike the forced “reset” power command, this instructs the operating system to initiate a proper stop and restart.
    • Maintenance. This command puts a server or servers into maintenance mode which means that monitors are disabled.

When a server is created as part of the Create Server process which is set forth in the Control portal, the pricing information is provided within the Control portal as the configuration is adjusted by the user. Users can specify networking details including DNS information, network connectivity, or vLAN attachment. The user can also specify a server lifespan to delete the server at a user specified time.

Servers are organized within a “Server Group(s)” which are based on their resident data center, and can have resource limits, default server settings and access permissions set for individual users. Server Group resource limits are defined by the maximum number of CPUs, memory and storage. Reports and alert monitors can be created for servers within Server Groups which include ping, CPU utilization and disk utilization monitors. Users added to alerts will receive an email in the event a specified monitor metric exceed the user specified condition which includes the interval, trigger and alert limit. Schedules can also be set for Server Groups to perform regular tasks such as server archive, delete, shutdown, reboot, power on, create snapshot, and delete snapshot based on a user specified time and frequency. Scheduled tasks set on a Server Group will not be run on Bare Metal servers in the Group. Maintenance windows can also be specified by Server Group which will disable all monitoring and alerts during this time.

Resource Limits in the Control portal can also be applied to all Server Groups within a specified data center for total CPU, memory and storage as well as specific user rights to resources within that data center.

Server Archive
The Server Archive lists the Standard and Hyperscale servers that have been powered down but have retained the server image. Archived servers can be restored into service or deleted from the archive. Archive storage is charged at the archived storage rate. This feature is not available with Bare Metal servers.

For Standard and Hyperscale servers only, templates are provided by CenturyLink for many popular operating systems but private server templates can also be created or uploaded by customers. These private server templates are added to the Server Templates catalog where the template size is provided along with total storage required. Customer can use CenturyLink provided templates as a baseline to configure the operating system, install and configure applications and data, and use the Convert to Template function, which will create a template from the selected server. The server admin or root password must be provided to create a template from the VM. Templates are available for specific datacenters. Customers who wish to copy templates to multiple datacenters should open a trouble ticket with the NOC. Template storage is billed on a GB basis at the Standard Storage rate.

Customers can also upload their own templates for an additional fee. Customers initiate the process by opening a NOC ticket, and then FTP the server template to a provided FTP site. The OVF image format is recommended. Once uploaded, the NOC with ingest the server template into the platform and it will be listed in the Server Template catalogue. Server templates can be converted into a server, used to create a new server, or deleted from within the Template catalogue.

Managed Backup
For Standard and Hyperscale servers only, Customer may purchase at an additional cost Data Protect Backup for use with the Services (“Managed Backup”). Managed Backup enables customizable rolling backups stored locally and at a secondary regional data center. This feature may be added or removed after the server is created.

Product specific terms and technical specifications for Managed Backup are set for in the Data Protect Backup Service Guide located at Managed Backup pricing is usage based and available for subscription within the Control portal; however, such pricing does not contribute to any applicable Service commitment or discount.

Managed Services

CenturyLink Cloud offers a comprehensive portfolio of Managed Operating Systems (“Managed OS”) and Managed Application Services (including web, middleware, database and business applications), as defined below, for Standard and Hyperscale servers. Both Managed OS and Managed Application Services are usage-based services, charged on an hourly basis, and designed to maximize Customer’s business availability and performance. The managed and unmanaged servers can coexist on the same network.

Managed service availability can be found at CenturyLink Cloud Data Centers.

Managed Operating Systems (“Managed OS”)

Managed OS Service provides fully managed operating system (“OS”) services for the Customer. User creates a managed server on a self-service basis through the Create Server process from the Control portal.

The standard features of the Managed OS Service consist of the licensing, installation, configuration, administration, monitoring, maintenance and support for the CenturyLink-provided software components. The Managed OS includes Microsoft Windows Server and Red Hat Enterprise Linux.

Applicable fees for Managed OS Services do not apply to VMs that are "parked" or otherwise not in use.

The following table describes the Managed OS Service activities and tasks provided by CenturyLink. Note: Customer is fully responsible for reporting Managed OS disruptions or changes to CenturyLink, and for requesting new OS-level user creation/access.

Activity Task
  • Manages OS license keys
  • Manages SPLA licenses with OS vendor
  • Purchases and owns software license
  • Validates OS installation
  • Confirms OS functionality
  • Provides anti-virus software for Windows only servers
  • Completes break/fix services to repair/replace OS
  • Provides ongoing virus signature updates from anti-virus software vendor services
  • Monitors OS on an ongoing basis for continued operation
  • Notifies and engages Customer contact to work with confirmed OS issues through resolution
Configuration & Administration
  • Defines user administration and password policy for ongoing user access requests
  • Maintains sole administrator access to OS-level software
  • Administers/executes all requests for new OS-level users

Managed Application Services

Managed Application Services may be purchased by launching a Managed Application Blueprint on a Managed OS. On a successful deployment, Customer will have all necessary credentials to interact with their managed environments just like any other instance in CenturyLink Cloud.

CenturyLink and imbedded automated processes take over the end-to-end process of installing, configuring, managing, monitoring, maintaining (patching, hotfixes, change management) Customer managed application(s) and provides 24x7 support.

Managed Application Service Available on CenturyLink Cloud Managed Windows Available on CenturyLink Managed Red Hat Enterprise Linux
Web Server IIS Apache
Middleware Tomcat
Database Microsoft SQL 2008 MySQL
Directory Service Active Directory 2008
Hadoop Cloudera Express-Unmanaged
Cloudera Express-Managed
Cloudera Basic
Cloudera Basic with HBase
Cloudera Enterprise Data Hub
Kerberos for Cloudera

Managed Cloudera

CenturyLink Cloud not only provides potentially unlimited resources for your high-performance computing cluster, but makes it easy to manage with Cloudera Managed Hadoop. The solution provides storage, processing and management components deployed on CenturyLink Cloud. All Customers who purchase the Service acknowledge and agree that they do so subject to the applicable terms and conditions of the license agreements.

Cloudera Express - Unmanaged: This is a free, unlicensed, and unmanaged version of the distribution based on Cloudera's Distribution of Hadoop. The only charge incurred by the user is for the underlying infrastructure. All of the typical Hadoop features are available for customer use. The blueprint will set up a four-node cluster with each node having a 1 TB sorage capability (which can be increased to 4 TB). The available memory and processing (CPU) may also be increased. This is an unmanaged instance, so there is no built in CLC support for customer usage. The Add Node blueprint may be used to add worker (data) nodes to the cluster.

Cloudera Express - Managed: This is a managed version of the unlicensed Hadoop distribution. Since it is unlicensed, the support provided by CenturyLink is on a best effort basis. Systems will be monitored and the user may contact the CenturyLink help desk with questions. The same basic four-node cluster is created with the blueprint and it can be expanded with the Add Node blueprint to expand the cluster to meet the customer’s needs.

Cloudera Basic: This is a managed four-node clustered solution that includes all of the components of Cloudera Express including CenturyLink support of the Hadoop Distributed File System (“HDFS”) system and the projects listed in the Supported Services section below. This is a fully licensed version of Cloudera’s distribution of Hadoop which means, in addition to the CTL management of the cluster, Cloudera’s experts are available for escalation of cases that might require additional insight or a bug fix in future versions of the software.

Cloudera Basic with HBase: As the description indicates, this package includes the components of Cloudera Basic along with support for HBase.

Cloudera Enterprise Data Hub: This is the complete version of the Cloudera distribution of Hadoop with support for all of the underlying projects including HBase, Spark, Impala, Navigator and Search.

Supported Services: The following is a list of software that is available for use with Cloudera Managed Hadoop and is supported by CenturyLink.

  • Apache Hadoop: Reliable, scalable, distributed storage and computing.
  • Avro: A serialization system for storing and transmitting data over a network. Avro supports rich data structures, a compact binary encoding, and a container file for sequences of Avro data.
  • Cloudera Manager: An end-to-end management application for Apache Hadoop.
  • Cloudera Navigator (with EDH Option): The first fully integrated data management tool for the Apache Hadoop platform, Cloudera Navigator provides auditing and meta-data management features.
  • Hue: Apache-licensed browser-based desktop interface for Hadoop.
  • Impala (with EDH Option): A service that enables real-time querying of data stored in HDFS or HBase. It supports the same metadata and ODBC and JDBC drivers as Hive and a query language based on the Hive Standard Query Language.
  • Flume: Distributed framework for collecting and aggregating log and event data, and streaming it into HDFS or HBase in real-time.
  • HBase (with HBase and EDH Options): Scalable record and table storage with real-time read/write access.
  • Hive: Metadata repository with SQL-like interface and ODBC/JDBC drivers for connecting BI applications to Hadoop.
  • Kerberos: A network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. It can be run in stand-alone mode or in conjunction with Active Directory.
  • MapReduce: Distributed computing framework for Apache Hadoop.
  • Oozie: Workflow engine to coordinate Hadoop activities.
  • Search (with EDH Option): The first fully integrated search tool for the Apache Hadoop platform, Cloudera Search integrates Apache Solr, including Apache Lucene, Apache SolrCloud, and Apache Tika.
  • Spark (with EDH Option): A general framework for distributed computing that offers exceptional performance for both iterative and interactive processing. Spark exposes user-friendly APIs for Java, Scala, and Python.
  • Sqoop: Data transport engine for integrating Hadoop with relational databases.
  • Yarn: The next generation of MapReduce framework.
  • Zookeeper: Highly reliable distributed coordination service.
  • Add Node Blueprints: Allows the user to add capacity as needed for each deployment configuration.

MySQL Database Replication

Customer can increase MySQL database availability by purchasing the CenturyLink Cloud Managed MySQL Replication Service that can be added on to the standard Managed MySQL service for an additional fee and all Customers who purchase the Managed MySQL Service acknowledge and agree that they do so subject to the any applicable terms and conditions. MySQL Replication includes replication setup (master-master, master-slave), enabling replication session monitoring, and managing failover and fail-back.

Managed OS and Managed Application Support Services

The following table describes the typical operational support services and requests that may arise for Managed OS and Managed Applications provisioned on the CenturyLink Cloud platform. In the event Customer initiates a service request for tasks that are not described in the tables below, CenturyLink reserves the right to charge the customer on an hourly basis for a requested task. Please contact your CenturyLink account executive for service charge details.

Managed OS Task
Maintenance and support
  • Monitors and tests ongoing OS patches posted by OS software vendors, creating hardened image available for installation
  • Implements requests for OS patches
  • Coordinates with Customer a mutually agreeable maintenance window to apply requested patches
  • Defines user policy and administration
  • Responds to notification of Managed OS Service interruptions
  • Generates email notifications of scheduled maintenance to technical contacts in time to provide 48-hours (two business days) notice
  • Provides access to live OS support (24 hours per day, 7 days per week, and 365 days per year)
Support Offerings Provided for Managed Applications Services Notes
24x7x365 health monitoring and incident resolution of the managed applications (i.e., IIS restarts, MySQL error) Does not include application performance issues within managed application services.
Application hardening via security policies Implements application hardening per CenturyLink security policies. Any additional settings, not included in CenturyLink’s security policies, may incur an additional hourly billable charge.
Planned application maintenance Generates email notifications of scheduled maintenance to Customer in time to provide 48-hours (two business days) notice.
Troubleshooting managed application performance CenturyLink will investigate any Service interruptions for the managed application upon request. Any troubleshooting that impacts non-managed services (e.g. Customer’s VPN, co-location hardware etc.) is an additional billable support engagement.
Updates to managed applications via hot-fix or patch Hot-fix installation is available upon request.

Import Server

Except for Bare Metal servers, the Import Server page in the Control Portal allows Customers to import their existing Windows or Red Hat virtual servers into the CenturyLink Cloud. Servers can be uploaded into any cloud data center. Customers can choose the account, group, server type (standard or Hyperscale), storage level, and VLAN for the imported server.


The Policies page in the Control portal allows customers to create unique rules or parameters to help manage server operations. For example, policies can alert users to usage peaks or CPU memory and disk utilization thresholds. Users can be notified to take action or the policies can auto-correct server settings based on preferences established by users.

Alert policies can be set up by Customer to allow for notification via email, webhooks, and the Control portal based on customized threshold criteria. Customers can apply alert policies to entire server groups or individual servers, excluding Bare Metal servers.

CenturyLink Cloud supports both Vertical Autoscale and Horizontal Autoscale which can be applied to both Standard and Hyperscale server instances.

Vertical Autoscale policies can be set by users to scale CPU allocation up and down based on CPU utilization. Users can specify the CPU range for the Vertical Autoscale policy, threshold period of time, and increment of CPUs to scale up or down. A scale down time window can also be specified as scale down events require a reboot to complete. This policy cannot be applied to Bare Metal servers.

Horizontal Autoscale can be set by users, allowing for groups of virtual servers that meet a user-defined CPU and/or RAM utilization threshold to be scaled out/in by powering on or off one (1) or more additional virtual servers in the group.

Note: A server that has a Vertical Autoscale policy set cannot be part of a horizontally autoscaled group.

Anti-affinity groups can be created for Hyperscale servers to provide an even distribution of virtual machines across different physical hosts. These policies are applied when servers are added to an existing anti-affinity pool.


CenturyLink Cloud Blueprints (“Blueprints”) are executable templates that can create servers, install software, and execute scripts for Standard and Hyperscale servers only. Most major operations within the CenturyLink Cloud Service are executed as Blueprints and customers can also define their own Blueprints to assist in DevOps, deployment and standardized use of the cloud.

Blueprints Queue

The Blueprints Queue shows the status of all Blueprints running within a specific datacenter. CenturyLink provides publicly available Blueprints and users can create private Blueprints to be shared within their account.

Blueprints Library

The Blueprints Library lists available Blueprints that can be searched by keyword and filtered by author, solution type, operating system, and company size. A library listing show the name of the Blueprint, the configured compute and storage resources within the Blueprint, cost of deploying the Blueprint, version, visibility, tags, community rating and user reviews. The tabs within the Blueprint show the individual servers contained within the Blueprint and their individual configuration along with the number of packaged scripts and software, the sequence of operations within the Blueprint itself and bundled software. Users can click the Deploy Blueprint button to launch the Blueprint or be presented with the required user input to launch a Blueprint.

Design Blueprint

The Blueprint Designer provides a four-step process to create a Blueprint. First the user specifies basics about the Blueprint including the name, version, visibility, and description. Servers are added to the Blueprint with user specified quantities, template, and configuration and associated software and scripts. Next, tasks are created and the order of the tasks specified. Blueprints can also be nested within Blueprints as a specified task. Lastly the Blueprint is reviewed and the cost of the Blueprint is provided. The user can submit the Blueprint for publishing.

Scripts & Software

The open source and public domain Scripts and Software catalogues allows users to browse and create script and software packages. These packages are configured to run scripts, run executables, and install software. Packages are zip file which contain a package XML based manifest, executable and resources. Users can upload both script and software packages via the control interface and provide metadata describing the package and supported OS types.

FTP Users

This Control portal allows users to create an FTP account and credentials for an FTP site used to assist in uploading software and scripts with the platform.

SafeHaven Disaster Recovery as a Service (DRaaS)

SafeHaven provides a suite of IT disaster recovery and inter-site migration services. SafeHaven is deployed by CenturyLink Cloud for its customers to deliver DRaaS. SafeHaven system components follow a structural hierarchy in the following order:

  • Cluster Layer
  • Data Center Layer
  • SafeHaven Replication Node (SRN) Layer
  • Protection Group
  • Protected VM/Disk

Cluster Layer
Each SafeHaven cluster can service up to 64 data centers. The data centers may be any combination of dedicated data centers and Cloud virtual data centers. Each data center within the cluster can include both active Protection Groups and replica instances of remote Protection Groups. Each subscriber organization is provisioned with a distinct SafeHaven cluster.

SafeHaven Console
The SafeHaven console is a rich Java client application which should be installed on all desktop or laptop computers that will be used for SafeHaven administration. All communication between the SafeHaven console and the CMS are encrypted over SSL. Administrators can perform point-and-click recovery operations upon individual virtual machines, groups of servers and data drives, or entire data centers. Recovery operations include:

  • Lossless migration
  • Failover
  • Failback
  • Rollback
  • Automatic detection and reporting of data center outages

Central Management Server (CMS)
Each SafeHaven cluster includes a single active CMS. The CMS is a SafeHaven virtual appliance that:

  • Receives commands from the SafeHaven console and relays them to the appropriate SRN in the appropriate data center
  • Monitors heartbeats from the SRNs
  • Receives state information from SRNs and relays it to the SafeHaven console

Data Center Layer
The data center layer includes the set of data centers provisioned within the SafeHaven cluster.

SafeHaven classifies data centers based on the API used for orchestration of recovery operations and recognizes three data center types:

  • Dedicated data center: Disaster Recovery (“DR”) orchestration is through VMware vSphere 4.0 (or later release) via API calls to VMware vCenter Server. This data center type can also be used to provide DR protection for physical servers, stand-alone data drives, and servers virtualized with non-VMware hypervisors. However, in these cases, no automated DR orchestration is available (i.e., manual shut-down and power-on is required).
  • vCloud Director cloud VDC: DR orchestration through the API for VMware vCloud Director (release 1.5 or later).
  • CenturyLink Cloud virtual data center: DR orchestration is through the CenturyLink Cloud API.

SRN Layer
This layer includes all SRNs provisioned within the SafeHaven cluster. Each SRN is associated with a parent data center as shown in the SafeHaven hierarchy. A given data center may include an arbitrary number of SRNs. The SRN virtual appliance is responsible to:

  • Provision and delete Protection Groups
  • Generate and maintain a replica image of each Protection Group in a remote data center
  • Generate and maintain a scrolling log of up to 2048 checkpoints for each Protection Group
  • Relay SafeHaven commands from the CMS to the cloud management layer and/or IT infrastructure control plane
  • Transmit a heartbeat to other SRNs and the CMS
  • Relay state information to the CMS

SRNs replicate at the LUN level transmitting updated blocks for each Protection Group to a peered SRN in a remote data center. Although each active Protection Group has a replica in only one other site, an SRN may support a set of Protection Groups that each have replica instances in distinct remote data centers.

Additional storage requirements:

  • The production SRN must be provided with a storage pool of sufficient size to mirror the protected VMs.
  • The recovery SRN must be provided with a storage pool of sufficient size to host the protected VM disks inside the recovery site.
  • oth SRNs must also have enough storage for Protection Group checkpoints. The amount of storage allocated determines how many checkpoints will be retained in the checkpoint history. While each user’s needs will be different, CenturyLink requires hat storage for the checkpoint history for a given Protection Group to be approximately 30% of the size of the aggregate data image for all protected VMs and hard drives within the group.

Protection Groups
A Protection Group is set of servers and hard disks grouped by SafeHaven that failover, failback, and rollback together to the same instant in time and are shutdown and brought-up according to a prescribed recovery plan. Each Protection Group corresponds to a distinct set of servers and hard disks replicated to a remote site by a parent SRN. When protecting a multi-tiered application, administrators should provision a Protection Group that includes the set of all servers and hard disks that participate in the multi-tiered application. SafeHaven is set up to allow the applicable systems to recover via a remote data center with mutually consistent data images as they were at specific instances in time.

Protected VM/Disk
Write traffic for each protected VM and hard disk is locally and synchronously mirrored within the production data center so that it is written both to the primary data store and also to a local SRN. For Windows Server Operating Systems 2003 and later, the SafeHaven local replication agent is employed and in Linux Operating Systems, Logical Volume Manager 2 is employed.

SafeHaven checkpoints correspond to LUN-level Copy on Write snapshots and are block-consistent representations of a Protection Group at an instant in time. For many users, CenturyLink recommends that the storage allocated to the checkpoints be approximately thirty percent (30%) of the storage allocated to the Protection Group itself.



The Service provides the ability to create complex network topologies to securely segment application tiers or entire systems. Using the Control portal, customer can provision private VLANs and delete unused ones. Each customer gets an initial private VLAN to use, and can add more VLANs (for a fee) up to a total of 3 VLANs per account.

External Public IP Addresses

The Service provides optional external IP addresses (for a fee). Customers can use Public IP addresses provided by the Service through Network Address Translation (NAT).


By default, all external network access to servers in the Service is turned off by firewall policy. Users may open external access to servers by creating the appropriate firewall policy. Users are responsible for the security implications of the firewall rules they create.

Firewall policies may be created enabling network connections within a data center (“Intra Data Center”) and/or network connections across data centers (“Cross Data Center”). Users may specify the Source and Destination accounts in the Control portal, networks/subnets, specific IP address ranges and ports exposed by firewall policies.

A firewall Change Log displaying recent activity is also available on the Firewalls portal page.

Internet Bandwidth Billing

The Service uses a data transfer billing methodology for internet bandwidth usage. Outbound network traffic from CenturyLink Cloud to the Internet is metered on a gigabyte transfer basis and there is a gigabyte charge for internet bandwidth. Inbound traffic from the Internet to CenturyLink Cloud is free of charge and not metered. Intra Data Center and Cross Data Center traffic is not charged for or metered at this time.

Each data center with CenturyLink Cloud Services is connected to the Internet via redundant, high-speed connections. In addition, each location is connected using multiple providers, with multiple major Internet backbones into each facility. This approach decreases the likelihood of customer downtime during carrier outages and helps ensure more reliable connectivity.


Standard Client-to-Site VPN
Each customer gets a dedicated VPN server for establishing client access to their cloud network. Users can set up standard client-to-site VPN connections by installing the Open VPN client for Windows or Apple OS X as directed in the portal and in the Knowledge Base.

VPN certificates may be created, downloaded and deleted. VPN settings are editable. VPN servers can be restarted through the Control portal. The maximum number of client VPN connections is 19.

Site-to-Site VPN
The CenturyLink Cloud platform offers self-service support for configuring gateway-to-gateway, persistent IPsec VPN Tunnels. This model protects communications between two specific networks, such as an organization’s main office network and a branch office network, or two business partner’s networks. The Control portal supports creating and deleting IPsec VPN Tunnels, but not editing. Users can delete and create IPsec VPN tunnels when a change is needed.


The Services section of the CenturyLink Cloud Control portal provides both platform services and higher level functions that leverage and compliment servers, networks and blueprints. These services include AppFog, object storage, DNS, site redirect, SMTP relay, load balancer, and backup.


AppFog is a public multi-tenant Platform as a Service (PaaS) offering based on Cloud Foundry that enables developers to focus on writing applications, without having to worry about managing the underlying infrastructure. The result is increased agility and productivity, more efficient use of resources, and low operational overhead.

Instead of spending time provisioning servers, setting up databases, configuring web servers or updating firewalls, users simply deploy their Node.js, Java, Ruby, PHP, Python, Go or static website applications to AppFog. AppFog also provides a marketplace where third parties can provide AppFog Services. The marketplace specifies the commercial terms of these services between Customers and these third parties. CenturyLink provides services to AppFog users such as Orchestrate and MySQL.

CenturyLink also offers an Orchestrate AppFog Service which provides a NoSQL database service. This AppFog Service is separate and distinct from the Orchestrate service available at

Relational DB Service

Relational DB Service is a Database as a Service (DBaaS) offering powered by CenturyLink Cloud Hyperscale Cloud Servers. Relational DB Service provides immediate access to a MySQL-compatible database instance and includes daily backups. Users have the option to purchase in-datacenter replication for high availability.

Relational DB Service includes:

  • All applicable licensing and software assurance for the database and underlying compute
  • Configuration of database, compute and storage
  • Deployment of a default database
  • Configuration of basic monitoring with optional available notifications
  • Daily Backups with configurable backup time and restore from backup capability
  • Database and OS patches and upgrades
  • Database configuration
  • Replication configuration (if purchased)
  • Auto-failover (if replication is purchased)
  • SSL certificate provided, giving customers the option to encrypt their data in transit

Relational DB Customers can initiate the following tasks via automation:

  • Create and delete database instances
  • Download SSL Certificate
  • View backups
  • Change backup time
  • Manual failover (if replication is purchased)
  • Scale CPU, RAM and storage of the instance
  • Subscribe to notifications for CPU and storage

Relational DB Customers can use any MySQL client to manage the following:

  • User identity and access management
  • Log monitoring and auditing
  • Start/stop/restart Service
  • Database tuning & analysis
  • Implement SSL encryption using CenturyLink provided certificate
  • Manage table and index partitioning

Object Storage

Object Storage is a storage service for digital assets stored in “buckets.” The object storage service replicates a single object three times within the selected region. User accounts are created for object storage and given an access key and secret access key. Users can also define bucket access permissions per group and user. The Object Storage service is Amazon S3 compatible so users can use Amazon S3 compliant tools and API commands to access the objects.


The DNS service allows users to purchase a DNS zone and specify time to live. Once the DNS zone is created, resource records can be created, modified and deleted covering A, AAAA, CNAME, KEY, LOC, MX, NS, SOA, SRV and TXT resource record types. This service can be used to create geo-load balancing traffic distribution based on rule set and weighted or geo-targeted definitions. Users can map multiple host names to a single service in order to service multiple websites or map a single host name to multiple machines leveraging simple DNS provided load balancing.

Site Redirect

Site Redirect is an option that enables the ability to do a HTTP based redirect of a web site domain name to any URL. Once configured in the Control portal, Site Redirect can take up to 1 hour to replicate the redirection settings.

Intrusion Prevention Service

The CenturyLink Cloud Intrusion Prevention Service (“IPS”) is a critical security component for helping to prevent business disruption, securing a cloud environment, and satisfying certain compliance standards. IPS leverages industry-leading technology from Trend Micro. A host-based IPS agent is deployed on a Customer’s VM to provide enhanced security protection for customer critical data. The agent uses vendor defined signatures combined with host operating system details to create a unique host-specific configuration policy designed to proactively mitigate potential attacks on the host.

A default policy is implemented on each VM that is then automatically tuned based on the host operating system and installed applications. If a vulnerability is identified, the system will log it, take appropriate action, and report on it based on the IPS policy. IPS is provisioned via Blueprints through the Control portal.

Load Balancer

The CenturyLink Cloud Service offers both dedicated and shared load balancers. This service is delivered via highly available devices. Shared load balancers are managed through the Control portal, while dedicated load balancers are managed outside the Control portal. The table below provides performance specifications for the load balancing options. Shared load balancers are used by multiple clients within a given data center, so client specific performance may vary.

Feature Shared Dedicated
Control self-service Yes No
Availability Highly Available pair Single Instance or Highly Available pair options available
Load Balancing VIP Ports TCP/80 & TCP/443 Any
Load Balancing Algorithms

Round Robin

Least Connection

Citrix Complete Listing
Costing model per VIP (NLB Group) Per Device: VPX-200 or VPX-1000 available in both Standard or Enterprise Edition
Responsibility for Support & Management CenturyLink Cloud Customer via CLI or Web based UI

HTTP throughput: up to 400 Mbps

Performance is shared among all clients

HTTP throughput: Up to 400 Mbps

SSL encrypted throughput: Up to 400 Mbps

HTTP compression throughput: Up to 350 Mbps

SSL VPN/ICA Proxy Concurrent Users: Up to 1500

New SSL requests/second: Up to 750

SSL Offloading No Yes, Customer Configured
Health Checks Yes, TCP and PING Yes, Customer Configured

When creating a load balancer group on the shared load balancer, the user can specify the group name, description, port, method, persistence and IP address assignment. Upon creating a load balancer configuration, a Virtual IP (VIP) is assigned and shown to the user.

Available options include:

  • Port – 80 – HTTP or 443 HTTPS
  • Method – Round Robin or Least Connection
  • Persistence – Standard or Sticky

A log of recent activity, billing summary and bandwidth history is available on the load balancer Overview page in the portal.

  • Shared load balancers are configurable in a self-service fashion.
  • Customers can log in directly to their dedicated load balancers.
  • With the shared load balancers the external IP sits directly on the load balancer.
  • With a dedicated load balancer the VIP is an internal IP. In order to provide external access a MIP/NAT must be added to the firewall which points to the internal VIP.
  • If Customer wants to use a load balancer to access an internal VIP over their site to site VPN they must use a dedicated load balancer. It is not possible to access an internal VIP on the shared load balancer over a site to site VPN.
  • All shared load balancers are in a High Availability pair. If either node goes down there will be no downtime. Dedicated load balancers can be put in a HA pair by request.
  • Load balancer pools can include parent account servers. “Share parent networks” must be set before user can provide IP addresses of parent servers.
  • MIP's are not accessible from within the datacenter. If you need to reach a public IP from both inside and outside the datacenter, you need to use the shared load balancer.

Simple Backup Service

The CenturyLink Cloud Simple Backup Service (“SBS”) provides secure, file-level backup and restore of your important data. A host-based backup agent is deployed on a Customer’s VM to provide enhanced backup/restore protection for customer critical data. The agent applies policies defined by the customer to data on the VM, backs it up to a customer specified storage region over the internet, and retains the data according to the policy.


Runner is a hybrid IT management tool capable of automating infrastructure and providing control of devices in data centers on on-premises. It can also scale infrastructure in any cloud environment.

Powered by Ansible

  • Leverages the power and functionality of Ansible and exposes it to integrate cloud and on-premise connectivity.
  • State-based, massively parallel and repeatable.

Simple Control Panel

  • Create, schedule and run jobs from either the dashboard or via API.
  • Monitor and report on status, and easily share.

Automated Infrastructure

  • Fast and easy automation of infrastructure in any cloud or data center.
  • Provision, configure and deploy environments with CenturyLink Cloud, third-party cloud providers, and on-premises.

Focused on Reuse

  • Public Shared jobs can be run from within our Marketplace. No Ansible knowledge required.

Network Exchange

The CenturyLink Cloud Network Exchange provides a secure, high-speed, redundant, private network using CenturyLink Cloud Network Service (“CNS”) to connect CenturyLink Cloud environments to other CenturyLink provided environments, such as Dedicated Cloud Compute (“DCC”), so long as both environments are within the same CenturyLink data center. Both the CNS and the DCC Services require Customer to execute the Managed Hosting Schedule and each have separate Service Guides, SLAs and ordering processes. Network Exchange is ideal for hybrid environments and applications as well as storage and backups.  Network Exchange utilizes the Control portal for setup and management, coupled with CenturyLink Cloud network automation and pre-deployed network infrastructure. The Cloud Network Exchange Service will be provided at no charge until January 1, 2017 and thereafter CenturyLink will commence billing for usage charges. CenturyLink does not charge for CNS when ordered with the CenturyLink Cloud Service.


The Account section of the Control portal user interface provides overall account management functions including governance, user access billing, user interface customization and activity history.


The Information page displays overall customer information including business name, address, contact information and time zone.


The Billing tab provides billing summary information including month to date billing, and the estimate of the current month. The billing history tab shows specific credits and debits against the account. The payment method tab allows customers to update or change payment options and details. The Billing Details tab shows the global discount applied toward the account, purchase order details, monthly commit details if applicable, payment terms and contract expiration date if applicable.

Sub Accounts

Sub accounts allow separate accounts to be created but maintain a hierarchical relationship between parent and child accounts. This can be useful for control and governance features where different legal entities or lines of business within an enterprise may want their own chargeback information, billing detail and different pools of users for access. This feature is also useful for customers reselling CenturyLink Cloud or using it to deliver SaaS or System Integration activity where customer specific billing history must be maintained.

Multiple subaccounts can be created and there can be multiple subaccounts under subaccounts for businesses with complex resale, governance or access requirements. Parent networks can be shared with subaccounts as well as branding and data preferences passed from the parent to the subaccount. When the subaccount is created, a primary datacenter is also declared as part of the subaccount definition. This primary data center is the default datacenter selected when new resources are created.


The users tab allows Customers to add additional users to their account. Name, email address, and username are required. Additional optional information can also be provided (e.g., title, phone numbers, etc.). CenturyLink Cloud supports Security Assertion Markup Language 2.0 (“SAML”) based on Single Sign-On (“SSO”) to the Control portal, which provides Customers with control over the authentication of their hosted user accounts and who can access the Control portal. Using the SAML model, CenturyLink Cloud acts as the service provider and Customer acts as the identity provider controlling usernames, passwords and other information used to identify and authenticate users for the Control portal. Customers who wish to integrate CenturyLink Cloud with a single sign-on solution using a SAML based server may do so by clicking the Authentication sub tab and specifying SAML Authentication details including SSO IdP URL, Signing Certificate Key and Encryption Certificate Key.


The CenturyLink Cloud user security model has eight roles that map to unique personas within an organization and help customers apply a least-privilege approach to their cloud environment. The user security model cascades throughout the user interface and v2 API. A user can be part of multiple roles, and the Control portal user interface recognizes which role(s) a customer has and adjusts accordingly. Below is a brief description of each role:

  • Account Administrator can perform any provisioning and management tasks available in the cloud platform
  • Server Administrator cannot change account-level settings or some networking services, but has full permission to create and manage virtual server infrastructure
  • Server Operator has day-to-day management permissions but cannot add public IPs, create load balancer pools, or change policies
  • Security Manager can change account settings, user permissions, and firewall policies, but cannot build or manage virtual resources
  • Network Manager can configure and maintain network settings like DNS, VPNs, vLANs, and firewall policies
  • DNS Manager has permission to manage DNS zones
  • Billing Manager has access to billing history and payment information
  • Account Viewer has read-only access to all aspects of the cloud platform, and cannot initiate changes or create resources

Once a user is created, Area permissions can be applied to the specific user account including Account Admin permissions which give the user full access to all resources and settings on the account, Billing Admin, Domain Admin and Premium Server Admin permissions.

Administrators also have the option to require all users to login via SAML. If enabled, this feature will automatically forward users, who attempt to login via Control portal, to the specified SAML login page. This “forced path” offers greater compliance with enterprise policies. In addition, administrator can toggle this feature to all subaccounts.


The notification page allows the customer to specify specific users as Primary, Secondary, Billing and Billing carbon copy points of contact for CenturyLink.


When user accounts are created, they do not by default have access to the API. An API user account must be created within this page by providing an Email address. The system then generates the API key and password within the portal for API authentication. Webhooks send push notifications to a user specified HTTP endpoint. This prevents a developer from having to constantly poll the API to check status as the CenturyLink Cloud webhook will tell the customer provided URL that a specific event occurred. Webhooks are available for many events including account, server and user creation/deletion/update.

The API is available via both a SOAP (XML) and HTTP (XML/JSON) web services. Software development kits are available for both Java and .Net environments. The API is documented online via the CenturyLink Cloud Knowledge Base.


The Tickets page allows a customer to view open tickets and their status along with create new tickets. Customers can also send an Email to [email protected] to create a new trouble ticket.

Activity History

The activity history page allows users to pull complete activity history across the account based on date range, specified accounts and subaccounts, or keyword. Users may also download a comma delimited file from the portal to review and parse the account history.


The Settings page allows users to customize the Control user experience by adjusting branding, colors, site footers, DNS, customer support details, legal details, create custom fields, customize Email based notifications and adjust account access to specific data centers. This capability enables customers to make the user experience their own. This is useful for Enterprise customers who want brand the service with their own branding and direct end users to internal IT support teams to be the first point of contact before contacting CenturyLink Cloud support. Reseller and wholesalers can provide create their user experience and hide the CenturyLink Cloud details and branding.

Support and Service Management

Support Options

There are three support tiers to choose from: Developer, Professional and Enterprise. Each support tier provides break fix level of support via web tickets to resolve Customer platform related issues. The Professional and Enterprise Support service tiers add phone and chat based support. The response time service level objective for Professional support is one hour while the Enterprise response time is 30 minutes.

Enterprise support requires at least 160 hours of CenturyLink Cloud Service Engineering.

Customers selecting the Enterprise support tier must purchase a minimum of 160 hours or up to 640 hours per month in support of their account. The work shift for each designated resource is 36 hours per week.

Support Tier Comparison:

Feature Developer Professional Enterprise
Access to forums, white papers, and providing access to the CenturyLink Cloud knowledge base Yes Yes Yes
Break/Fixes Yes Yes Yes
Web Tickets Yes Yes Yes
Phone/Chat No Yes Yes
Response SLA < 8 hours < 1 hour < 30 minutes
Service management support N/A Available Available
Price Free Graduated Graduated

The following table describes list of operational support activities and requests offered across CenturyLink Cloud support tiers that may arise for virtual machines (VMs) provisioned on the CenturyLink Cloud platform.

Support Activities provided for Services and Systems Hosted on the CenturyLink Cloud Platform:

Support Activities Notes
24x7x365 health monitoring and incident resolution of the CenturyLink Cloud platform’s systems (i.e., physical servers, orchestration systems, virtualization management systems, data center hosting services, network architecture, and storage systems) Does not include operating systems and/or application performance issues within a Customer’s virtual machine (VM).
Data backup Backups utilizing single node/non-replicated storage and the number of days are determined by the class of storage provisioned.
Data/Server restores from backup Until this is exposed as a self-service feature it will be provided at no cost to Customers.
Network latency/interruption within the CenturyLink Cloud platform (e.g., between servers) CenturyLink will investigate any network latency and/or service interruptions within the Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.
Troubleshooting client-based OpenVPN issues CenturyLink will investigate any network latency and/or service interruptions within the CenturyLink Cloud Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.
Troubleshooting point-to-point VPN issues CenturyLink will investigate any network latency and/or service interruptions within the CenturyLink Cloud Platform and with our ISP vendors. Any upstream troubleshooting request is a separate billable support engagement.
DDOS investigation Commercially reasonable efforts are employed to mitigate, investigate, and resolve DDOS attacks and/or other security intrusions that affect the shared platform.
Troubleshooting SafeHaven Performance CenturyLink will investigate any performance issues for the SafeHaven software inclusive of SRN, CMS and Console.
SafeHaven Software updates Will require re-installation at the current SafeHaven Installation Service task price.

Support Pricing

The Developer support tier is provided at no cost. Professional and Enterprise support are fee-based with a graduated scale based on total platform usage, including services like SW licenses, managed operating systems and managed application services.

The scaled model for support fees is as follows:

  • The first $0-$10k of monthly usage is billed at a rate of 10%.
  • The next $10k-$80k of monthly usage is billed at a rate of 7%.
  • The next $80k-$250k of monthly usage is billed at a rate of 5%
  • Any usage over $250k is billed at a rate of 3%.

The following table provides a sample calculation for Profession or Enterprise support fees based on a monthly invoice totaling $130k. Using the tiered structure above, the support fees would be $8,400.

Usage Tier Actual Usage Rate Support Charges
$0-$10k $10k 10% $1,000
$10k-$80k $70k 7% $4,900
$80k-$250k $50k $5% $2,500
>$250k $0 3% $0

CenturyLink Cloud Service Engineering

The CenturyLink Cloud Service Engineering function provides personalized support services including:

  • Performing CenturyLink Cloud Service tasks
  • Conducting operational support of the CenturyLink Cloud platform
  • Responding to Customer initiated trouble tickets or requests
  • Assisting customers in user account management including user creation, management and maintaining resource limits
  • Network management; crisis / incident management
  • Reporting on overall ticket status; communicating platform change
  • Providing customers recommended implementation guidance for the CenturyLink Cloud platform
  • Platform environment configuration
  • Performance monitoring & analysis using platform capabilities
  • Providing consultative platform solutions design
  • Configuration and service deployment

Service Engineering is available in 20, 40, 60, 80, 160 and multiples of 160 hour blocks per month. In order for Customers to achieve the Enterprise SLA, at least 160 hours per month of Service Engineering must be purchased. Customers purchasing 160 hours of Service Engineering are required to commit to a one-year service term for the personalized support. Standard Professional or Enterprise support uplift fees also apply. Service Engineering is not available to customers who choose the Developer level of support. Service Engineering hours must be used on a monthly basis and unused time does not rollover to the following month. In the event a customer requires hours in addition to the block of hours purchased, an hourly Service Engineering fee will be applied for hours used beyond the monthly block.

Customers who purchase Service Engineering in less than 160 hour blocks can submit support requests around the clock to the shared pool of engineering resources, however consultative related requests need to be scheduled in advance. Customers who purchase 160 hours or greater blocks of time are assigned a designated person per 160 hour increment within the Service Engineering team as a primary point of contact. This primary point of contact will works a specified shift based on the Customer’s needs. Consultative requests are performed during that shift. The 160 hour block of time assumes a designated point of contact working 40 hours per week with a four week per month average and Services are performed evenly throughout the month CenturyLink will begin staffing of 160 hour block resources when Customer orders Service Engineering and may take up to two months to hire personnel.

CenturyLink Cloud Service Engineers are CenturyLink Cloud platform oriented and are knowledgeable on cloud solution architectures but are not operating system or application layer experts. Customers who desire expertise for operating systems or applications are encouraged to purchase Service Management Technical Service Engineers where expertise is available for Windows, RedHat, Database and Applications.

Service Management

CenturyLink can also provide integrated fee-based Service Management for Customers considering Professional or Enterprise Support tiers.

The Service Management Service offers personalized support relationships for Customers of CenturyLink Cloud and other CenturyLink Services. Service Management Client Service Partners assist customers with business lifecycle management and customer experience. Technical Service Engineers provide operating system and application layer expertise across CenturyLink Cloud and traditional managed hosting solutions.

Feature Designated TSE and CSP
Named contact Yes
Contract terms Annual
TSE hours allocated 20, 40, 60, 80 or 160 hours per month
CSP hours allocated Minimum 8 hours per month
Travel costs Additional
Quarterly reviews Included (expect travel expenses)

There are several Service Management tiers to choose from based on designated resources for specific hours per month. Designated resources include a Technical Service Engineer (TSE) and a Client Service Partner (CSP). For pricing, please contact your CenturyLink account executive.

Account Management
The designated Service Management (TSE and CSP) and CenturyLink Cloud Service Engineering team will work closely with Customer’s staff to proactively assist on deployment, development, and IT issues with CenturyLink Cloud technologies and works to address issues in an effective way.

  • Orientation and Planning Session—A meeting between the Service Management resources and designated Customer contacts to outline all service elements and establish expectations
  • Status Meetings—Regularly scheduled calls or customer meetings providing an overall update on all aspects of the contract
  • Resource Facilitation—Coordination of the appropriate resources to help solve/drive Customer’s service requests
  • Escalation Management—the CSP and/or TSE will promptly escalate issues, if any, and involve the appropriate resources to resolve issues

Service Tasks

CenturyLink Cloud offers individual Service tasks to assist with ad hoc requests for technical services like VM Imports, Data Import/Export, Usage Reporting, Disaster Recovery Testing, and more. Service tasks can be purchased on an hourly basis. A complete list of available Service tasks and pricing can be found at CenturyLink Cloud Pricing. Service task estimation and duties are performed during business hours, 9am-5pm Pacific Time.

Technical Account Manager

A Technical Account Manager ("TAM") is a customer advocate and lifecycle business partner who is directly accessible as an escalation point and for general support.

Key activities for each TAM include:

  • Relationship management
  • Support advocate
  • Problem prevention and resolution
  • Promote optimization
  • Collaboration and communication

TAM support is available to Professional and Enterprise Support customers at no additional cost.

Service On Boarding

QuickStart Onboarding Services

The CenturyLink Cloud Onboarding Services are designed to assist each Customer with transition to CenturyLink Cloud. There are six (6) fee-based Onboarding packages to choose from: QuickStart Express, QuickStart Advanced, QuickStart Advanced Plus, Quickstart Enterprise, and QuickStart SafeHaven. These Onboarding Services are intended to help Customers through their initial usage period and must be completed within the first thirty (30) days from date of purchase.

QuickStart Express
The QuickStart Express On-boarding Service is best suited for Customers with a small system footprint and/or their staff consists of engineers who have a strong background in virtualization technologies and only require a little help. The QuickStart Express sessions include a kick-off, platform training, one or two implementation meetings, and a closure meeting to discuss support. During this course of meetings, customers will get a detailed training and guidance on how to build and manage cloud servers, storage resources, and network services (e.g., load balancers, firewalls, etc.) using CenturyLink Cloud’s Control portal. Additionally, the training services also entail: user and account management, understanding of Customer’s charges/invoices, detailed introduction to reporting and monitoring services. In tandem, customers can leverage our expertise and have our Onboarding Engineers provide assistance with deploying a site-to-site VPN and/or the building of Customer’s first four VMs on CenturyLink Cloud platform.

QuickStart Advanced
The QuickStart Advanced On-boarding Service is best suited for Customers who need a high-level of support over the first thirty days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This On-boarding Service includes all the features of the QuickStart Express Service but allows provisioning of up to ten VMs and, if needed, import of up to two servers/templates into the CenturyLink Cloud. Moreover, the QuickStart Advanced Service provides more opportunity to be tailored and includes additional advanced topics such as reviewing recommended implementation practices, system optimization, and suggestions to maximize return on investment.

QuickStart Advanced Plus
The QuickStart Advanced Plus Onboarding Service is best suited for Customers who need a high-level of support over the first thirty days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This Onboarding Service includes all the features of the QuickStart Advanced Service but allows provisioning assistance of up to fifteen (15) VMs and, if needed, import of up to five (5) servers/appliances/templates into the Customer’s CenturyLink Cloud environment plus the selection of one module from the following:

QuickStart Advanced Plus Modules

Automation Consult – Training and consultation to assist customers creating their own automation within CenturyLink Cloud

  • Planning session to determine Blueprints or API focus
  • Training session and hands-on lab on Blueprints or API
  • Provide sample scripts and reference materials
  • Consultative services to assist customers creating their own automation (Q&A, basic script and blueprint/runner creation guidance, 20 hours maximum)

Load Balancer Service – Architecture review, training, installation and configuration of load balancers within CenturyLink Cloud

  • Planning session to review customer architecture and determine load balancer implementation plan
  • Install and configure Netscaler, HAProxy, or F5 Load Balancer (Custom expressions (appexpert)/iRules are outside of the scope of this package)
  • Import virtual load balancer appliance (up to 3) appliances
  • Provide training and best practice guidance

Identity Management Service – Provide training, design review and implementation assistance of identity management options within CenturyLink Cloud

  • Planning session to discuss Identity Management integration options with CenturyLink Cloud (AD, LDAP, etc.)
  • Account Hierarchy/Governance design session
  • Implementation consultancy assistance (AD extension, management, SAML configuration, 8 hours maximum)

QuickStart Enterprise
QuickStart Enterprise is tailored for strategic and/or enterprise organizations that require complex onboarding with extended requirements. QuickStart Enterprise onboarding includes:

  • Three (3) days of CenturyLink Cloud platform deep dive training sessions
  • Detailed whiteboard planning sessions covering topics such as account hierarchy, design/deployment, connectivity options and VLAN policy planning, Cloud infrastructure planning, and leveraging automation with Blueprints and APIs
  • Assisted provisioning services which includes up to 30 VMs, account hierarchy, API scripts, designing blueprints, Security Assertion Markup Language (“SAML”), VLANs, DNS, AD/LDAP, VPN tunnel, firewall rules, monitoring, and backups, deployment debrief & consultation
  • Established detailed operational runbook & long-term support overview

QuickStart Enterprise is limited to 180 hours of services. If additional hours are required, a time and materials statement of work can be executed to extend services which may include additional cost and terms.

QuickStart SafeHaven
The QuickStart SafeHaven On-boarding Service is for Customers who need a high-level of support over the first thirty (30) days of their use of CenturyLink Cloud and/or would benefit from help building their CenturyLink Cloud environment. This On-boarding Service includes provisioning of up to six VMs to be configured with SafeHaven and, if needed, import of up to two (2) servers/templates into the CenturyLink Cloud. Moreover, the QuickStart SafeHaven Service provides tailored DRaaS topics such as how to operate the SafeHaven software, system optimization, and suggestions to maximize the service.

To order custom Onboarding Services specific to your organization, like onsite workshops/training, extended VM imports/builds etc., please contact your CenturyLink account executive.

Professional Services

In the event Customer initiates a service request not described in the Support Activities table in the support section the request will be considered as a professional services request and CenturyLink reserves the right to charge the customer for such requested Services at then current rates or as identified in Customer’s applicable support contract.

CenturyLink Private Cloud

Service Description

CenturyLink Private Cloud (“Private Cloud”) is a managed, private and physically isolated deployment of a CenturyLink Cloud datacenter for a specific Customer. As a result, the Private Cloud datacenters are single tenant and exclusively managed by the Customer. CenturyLink provides the infrastructure including space, power, standard compute resources, storage resources, network switching infrastructure, access to the Internet, cloud automation and orchestration software, virtualization licensing, management and monitoring of the infrastructure and use of the CenturyLink Cloud Control portal and API. The Private Cloud Service is covered by the CenturyLink Cloud Enterprise level SLA.

User Experience

The Private Cloud Service operates identical to the CenturyLink Cloud public service where users use Control portal and the API to interact with the Service. When Customers log into Control portal, the Private Cloud data center is visible along with all the CenturyLink Cloud public data centers so customers have total access to both the public and private datacenters via a uniform user interface and API. Consistent with the public cloud, customers that want to restrict access to any datacenter to all or a subset of their users may do so via Control portal settings. This enables Customer to limit users to only the private cloud datacenter(s) should they desire.

Deployment Details

Private Cloud is hosted in a CenturyLink datacenter in a colocation space only accessible by CenturyLink employees. Colocation power is also included as part of the Service. CenturyLink provides full monitoring and maintenance of all the equipment used to deliver the Private Cloud solution. The Private Cloud solution is designed for redundancy to achieve the Enterprise level SLA. The CenturyLink Cloud platform software is updated by CenturyLink consistent with the public cloud which is generally done once a month. Private Cloud Customers get all the updates and new features added to Control portal and the APIs over time. Connectivity to the CenturyLink Internet backbone is provided as part of the solution. Consistent with the CenturyLink Cloud public service, Customers are responsible for the OS and application layer, including licensing, management, and monitoring, of the virtual machines; however, software licensing, Managed Operating System and Application services are available for purchase for Customers as an option.

CenturyLink Private Cloud includes the following:

  1. Standard cloud server capacity of 3,840 vCPUs and 8,986 GB of RAM
  2. 219 terabytes of block storage
  3. 677 terabytes of backup storage
  4. Management infrastructure necessary for CenturyLink to operate, monitor and manage the solution
  5. Enterprise support level SLA
  6. CenturyLink colocation space, power and physical security

Note: Private Cloud Customers must purchase at a minimum the Basic service tier of Service Management for eight hours per month of Client Service Partner resources and 160 hours of CenturyLink Cloud Service Engineering.

Additional functionality or capacity is available with the CenturyLink Private Cloud expansion modules:

  1. HyperScale—Adds HyperScale capability to CenturyLink Private Cloud. Each expansion module provides 6,144 vCPUs, 11,981 GB of RAM and 102 terabytes of HyperScale block storage.
  2. Compute & Storage—Adds more compute and storage capacity to the initial CenturyLink Private Cloud deployment. Each expansion model provides 3,840 vCPUs, 8,986 GB of RAM and 219 terabytes of storage to support standard virtual servers.
  3. Backup Storage—Adds an additional 610 TB of backup storage.

Private Cloud can be deployed in CenturyLink data centers across North America, Europe and Asia. Private Cloud supports up to 2,000 VLANs and can sustain up to 9 Gbps of Internet connectivity. Private Cloud does not support object storage as a service. Customers needing object storage services may purchase that via the CenturyLink Cloud public service. Customers do not have physical access to the Private Cloud equipment within the Colocation space. The Private Cloud Service may take up to four months to deploy from the date Customer executes the Service Order to Customer acceptance in North America and EMEA. Asia based deployments may take a longer period of time. CenturyLink selects the equipment used in the delivery of the Service.

CenturyLink Cloud will provide Private Cloud Customers feedback with regard to overall capacity management of the Service (e.g. if provisioned capacity exceeds recommended utilization levels). Customers are responsible for adding additional expansion modules so that the necessary capacity is in place based on the Customer’s use of the platform. Storage and Compute availability SLAs are voided should the storage or compute capacity exceed virtual capacity limits which are:

  • CenturyLink Private Cloud: 3,840 Standard Compute vCPUS; 8,986 GB RAM; 219 TB of Standard Storage; and 677 terabytes of Backup Storage
  • HyperScale Expansion Module: 6,144 HyperScale Compute vCPUs; 11,981 GB of RAM; 102 TB of HyperScale Storage
  • Compute and Storage Expansion Module: 3,840 Standard Compute vCPUS; 8,986 GB RAM and 219 TB of Standard Storage
  • Backup Storage Expansion Module: 610 terabytes

Business Terms

The Private Cloud infrastructure elements are charged on a fixed monthly recurring basis. Private Cloud is available in three to five year term commitments. Private Cloud expansion modules are available in three through five year term commitments. Internet bandwidth, software licensing, managed operating systems, managed application services and additional Service Engineering time is available on a usage fee basis identical to the public cloud.


Internal VIP: A VIP on a dedicated load balancer. This will always be an internal IP.

IP: The IP used for the Virtual Server. A VIP includes both an IP and a port. Separate VIP's are required for multiple ports used with the same IP.

LUN Copy on Write: Logical Unit Number (LUN) is a unique identifier used to designate individual or collections of hard disk devices for address by a protocol associated with an iSCSI interface. A snapshot of a storage volume is created using the pre-designated space for the snapshot. When the snapshot is first created, only the meta-data about where original data is stored is copied. No physical copy of the data is done at the time the snapshot is created. Therefore, the creation of the snapshot is almost instantaneous. The snapshot copy then tracks the changing blocks on the original volume as writes to the original volume are performed. The original data that is being written to is copied into the designated storage pool that is set aside for the snapshot before original data is overwritten, hence the name "copy-on-write".

back to top