Managed Services
Public cloud services are complex. There are myriad offerings, each of which have security, operational and financial challenges. These services change regularly as service providers rapidly innovate and evolve their offerings. cloudstep® managed services provide organisations with comprehensive management of services deployed in the public cloud. This allows you to focus on your applications and services with peace of mind that the public cloud services in Microsoft Azure or Amazon Web Services underpinning them are properly managed.
If you’re in the market for a new managed services provider to look after your cloud estate then reach out. We can come up with a package that meets a range of budgets and requirements.
What we deliver as part of our managed services:
- Provisioning. We provision services in a repeatable, manageable way so that services are up and running as soon as you ask for them.
- Decommissioning. We ensure that services are properly terminated and disposed of so that you don’t get billed for things you don’t need anymore.
- Evergreen Risk. Cloud providers change their practices and systems regularly. We ensure that your public cloud deployments keep up with these changes and compatibility, security and cost-effectiveness are maintained.
- Monitoring. Public cloud providers have many ways to monitor infrastructure and platform services. We manage alerting and metrics, ensuring that aberrant behaviour is noticed, captured and managed as an issue.
- Bill Management and Cost Control. We capture the whole billing picture from the public cloud provider, incorporating this into the Cloudstep® financial model you already have.
- Security. We believe security should be baked in at every level. We make sure all services deployed in the cloud are securely deployed.
- Performance and Availability. We make sure cloud services are deployed for the highest resiliency and performance levels available.
Above the Line and Below the Line
We consider that there are two components of support required by our customers:
- Below the line. This is management of the cloud. It covers ensuring that your application or workload is available in the cloud provider using best practice deployment and management techniques. Below the line activities are included with the service charge.
- Above the line. This is management of applications in the cloud. It covers assisting your organisation in managing the deployed application. The application itself is your organisation’s responsibility but we will provide assistance to resolve issues encountered. Above the line activities are charged on a time & materials basis. We consider above the line activities as a collective responsibility.
Our managed services products have a fixed component for provisioning and management. The scope of management Is defined for these products. This is helpful in budgeting and delivering predictable services. It does not reflect the complex nature of ICT services in hybrid on-premises and public cloud environments. cloudstep® managed services are intended to be collaborative and reactive, not adversarial. This means that assistance will be provided beyond general service management.
To make budgeting managed services predictable, Above-the-line Support is charged in advance in bundles of hours per month. These hours can be drawn down on as needed. Any hours not consumed each month carry forward to the next month. If the number of hours consumed in a month is more than the available hours, then the difference will be billed in arrears in the next Billing Cycle.
Transitioning
In
Services deployed through our managed services have no transition in cost. The deployment of a Service includes the transition in services during the commissioning of the service. Additional managed services setup activities may require additional effort, and this would be considered an Above-the-line Service. This might include:
- Documentation. Preparation of specific documentation that is in excess of what is provided as part of deployment of cloudstep® products.
- Integration. Deeper integration into existing service desk systems to allow for escalations.
Out
Services can be de-commissioned individually without any fees. Transitioning all services away from our managed services to a different service provider will require hand-over and preparation. The Service Delivery Manager will manage the process. Transition out is an Above-the-line Service.
Service Offerings
All our products offer a common set of service standards. Individual products have specific management activities. The service offerings can be modified for use in an environment if needed.
| Administration (Business Hours) | Monitoring (All Hours) | |
| Access Control. Granting rights over services in the cloud as required. Provide access logs as required.(Re-)Provisioning. Create and test appropriate objects in the public cloud provider to deliver a service. Decommissioning. Removing all objects relating to a service in such a way that the service can be re-provisioned if necessary. Moves & Changes. Changes to cloud services and the scheduling, management of these changes. Fault Management. Detection and management of faults including restoration efforts. | Health Monitoring. Setup cloud-provider monitoring with appropriate thresholds for alert generation. Capacity Events. Examine public cloud provider capacity planning tools and examine performance against baselines. Adjust as required or escalate for decision making. This includes optimization for cost. Availability Monitoring. Monitor key service metrics contributing to overall service availability. Cloud Provider Monitoring. Monitor and respond to cloud service provider outages, assessing impact on customer services. | |
| Service Management | ||
| Examine impacts of changes in public cloud provider services to workloads provisioned in cloudstep®.Closely monitor public cloud provider costs and provide advice on cost-optimization strategies.Work with clients to determine the best course of action for service management, optimizing for cost, risk or service availability.Integration into cloudstep® modelling tool.All moves/changes/faults and alerts managed through a ticket system with monthly reporting. | ||
Foundation Components
These are foundational components needed to cloud-enable an organisation. They are pre-requisites for workload migrations.
| Product | Setup | Monthly |
| Cloud Datacenter Build out an AWS or Azure virtual network with VPN service connected to on-premises environment. Manage firewall configurations, VPN connectivity. | $21,000 | $1500 |
| Domain Controllers Deploy a pair of domain controllers and ensure that Windows workloads can be incorporated. Manage the cloud services underneath these servers deployed in a Cloud Datacentre. | $6,000 | $100 |
| Cloud Identities To prepare for Software as a Service it is necessary to extend identities to the public cloud. This includes running an audit of AD identities and the installation of a synchronization server into a Cloud Datacentre. Manage synchronization services with Azure Active Directory. | $5,000 | $200 |
| Federated Identities Deploy Active Directory Federation servers in a Cloud Datacentre to enable single sign-on with enterprise Active Directory domains. | $5,000 | $200 |
| Direct Connectivity Manage the installation and configuration of direct connectivity between corporate Datacentre/network and public cloud providers. Work with carriers, interconnect providers and cloud service providers to commission and manage the service. | $15,000 | $500 |
| Tenant Administration Deploy and configure tenant administration in AWS, Azure or Google with best practice security, bill management and access control. | $10,000 | $1500 |
| Cloudstep® Advisory Service Technical, operational, strategic and organisational advice and consulting for cloud services. | From $19000 | From $2500 |
Cloud Datacentre
- Deploy an AWS Virtual Private Cloud or Azure Virtual Network within a RFC1918 address space.
- Configuration of front, middle & back subnets along with services subnets
- ACL Security settings allowing East/West and North/South access as appropriate.
- Setup of network monitoring on subnets to allow for network forensics.
- Setup appropriate services for allowing services within the Cloud Datacenter to access the Internet (on approved ports).
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| ACL Changes. Network changes to security groups, Network ACLs or other Layer 4 network filtering facilities. Add/Remove/Change Subnets. Extend the Cloud Datacentre to add or remove subnets. Peering Changes. Configuration of peering connections between Cloud Datacentres or other separate services. | ACL exceptions. Monitor and alert on repeated violation of ACL rules.Traffic flows. Monitor traffic flows, alerting when flows in and out of subnets or to servers is abnormal. |
| Service Management | Pre-Requisite Products |
| Broader integration. Align address space and security policies with customer policies.Failover. Build mechanisms for failover between two or more Cloud Datacenters. | Tenant Administration |
| Cloud Providers | |
| AWSAzureGoogle Cloud Platform |
Domain Controllers
- Deploy a pair of appropriately sized servers into a Cloud Datacenter and promote servers to be Active Directory Domain Controllers.
- Work with customer ICT staff to configure domain Sites appropriately.
- Configure firewalling and Direct Connectivity setups to allow specific traffic to/from domain controller service subnets.
- Ensure that domain controllers are deployed in a highly available way to ensure service continuity.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Connectivity Issues. Resolve connectivity and replication issues. Backup/Restore. Perform periodic backups of servers with restoration as needed. Patching. The server will be patched according to agreed schedules. | Vitals. Check CPU, disk, memory and network stats, alerting on abnormal behaviour.Storage. Ensure backups, storage and encryption are operating correctly. |
| Service Management | Pre-Requisite Products |
| No additional service management activities | Cloud DatacentreDirect Connectivity |
| Cloud Providers | |
| AWSAzureGoogle Cloud Platform |
Cloud Identities
- Configuration of Azure Active Directory tenant as part of Office 365 or separately.
- Install and configure Azure Active Directory Synchronization tools on a Windows virtual server.
- Analyse Active Directory users and objects, preparing a report for remediation of objects for synchronization.
- Configure password policies as required.
- Configure additional services such as Multi-Factor Authentication, two-way password syncing and dynamic groups.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Synchronization Issues. Work with ICT service desk staff to resolve issues with synchronization. Application Association. Associate applications (third party or internally developed) with groups and users. Conditional Access. Configure policies for MFA and other access controls. | Authentication. Ensure that reference users can be authenticated.Security breaches. Monitor safety controls and raise issues of suspect authentication or unauthorized user access. |
| Service Management | Pre-Requisite Products |
| Provide assistance with managing Single-Credential and SSO solutions for applications.Provide assistance in selecting application vendors based on their ability to support federated identities. | Domain Controllers |
| Cloud Providers | |
Federated Identities
- Configure Active Directory Federation Services in an Azure or AWS Datacenter.
- Setup appropriate controls for DMZ/external access to federation proxies and internal access to SAML federation servers.
- Integrate federated identities with internal Active Directory Domain Services.
- Deploy resources with high availability and fault tolerance.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Application Association. Associate applications (third party or internally developed) with groups and users. | Authentication. Ensure that reference users can be authenticated.Accessibility. Manage and monitor accessibility of federation services. |
| Service Management | Pre-Requisite Products |
| No additional service management activities. | Domain Controllers |
| Cloud Providers | |
| AWSAzureGoogle Cloud Platform |
Direct Connectivity
- Provide designs, planning and budgeting for connectivity to public cloud services.
- Assist with the co-ordination between carriers, cloud providers, cloud-based routing points to achieve connectivity
- Assist customer ICT teams with definition of firewall rules.
- Configure failover to VPN via Internet connection.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Peering Associations. Work through connecting direct connectivity end-points to new Cloud Datacenters or other components of the public cloud provider.Upgrades and changes. Changes to capacity, carrier and topology. | Link status. Monitor peering points, public cloud provider connections, carrier connections and customer edge points.Performance. Monitor link utilization and latency of reference connections alerting on thresholds or abnormal performance. |
| Service Management | Pre-Requisite Products |
| Assist with network changes at the core and edge to understand the impact on cloud direct connectivity.Continuous advice on more cost-effective ways to increase reliability or capacity. | Cloud Datacentre |
| Cloud Providers | |
| AWSAzureGoogle Cloud Platform |
Tenant Administration
Each public cloud provider has its own mechanism for managing services. Each public cloud provider managed in the environment requires tenant administration. This
- Configure and manage public cloud provider tenancy for security, access control, cost control, billing and reporting.
- Provide support to ICT staff in the operation and configuration of objects in the cloud provider using the public cloud provider portal.
- Configuration of SSO between on-premises identities and public cloud providers.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Access Control. Managing access to the portal. | Service Health. Monitoring of cloud provider service health events and management of the impact of outages or service degradations. Security. Examine warnings and alerts Alerting. Work with ICT staff to configure alerting thresholds for public cloud providers and to ensure routing of notifications is handled. |
| Service Management | Pre-Requisite Products |
| Training and Support. Assist ICT staff with the operation and navigation of public cloud provider portals. Best practice analyser. Work through recommendations from public cloud provider portals to ensure security, cost management and reliability are maintained. Billing and Licensing. Reporting and analysis of bills and assignment of purchased licenses. | Cloudstep®.io Advisory Services |
| Cloud Providers | |
| AWS AzureGoogle Cloud Platform Office 365 |
Cloudstep Advisory Services
Our managed services are generally purchased in conjunction with the Cloudstep® Planning and Advisory Service. An ongoing subscription to the Cloudstep® Advisory Service is a pre-requisite for service management of any specific cloud products. The Cloudstep® Advisory Service provides an overarching advisory and architecture service to ICT and business units.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Cloudstep® Cost Modelling. Enterprise licenses access to cloudstep® modelling tool to explore, schedule, plan and budget for cloud migration services. | No monitoring with this product. |
| Service Management | Pre-Requisite Products |
| Architecture Advisory. Work with ICT staff to best understand public cloud services and how they can solve problems in the business. Vendor and Product Selection. Work with ICT and business units to assist with vendor selection and to incorporate new services into the existing environment. | None |
| Cloud Providers | |
| AWS Azure Google Cloud Platform |
Application / Workload Components
Once foundation components are in place individual workloads can be migrated to the cloud service.
| Product | Setup | Monthly |
| Application Environment Configure, deploy and manage server environments ready for bespoke or legacy applications to be deployed. Manage high availability, server patching, billing and security integration with a Cloud Datacentre. | $10,000 | $1000 |
| Database Migration Migrate databases from on-premises to cloud IaaS/PaaS databases in a lift/shift scenario. Can be used to migrate from SQL Server, MySQL and PostgreSQL into equivalent database platforms in Azure and AWS. | $10,000 | $1500 |
| Server Migration Cold migrate a server, storage and configuration into a pre-prepared server in a Cloud Datacentre in either AWS, Azure or Google Cloud Platform. Manage the server including backups and security in a Cloud Datacentre. Excludes management inside the server. | $1500 | $50 |
| Server Provisioning Deploy a server into a pre-prepared server in a Cloud Datacentre in either AWS, Azure or Google Cloud Platform. Manage the server including backups and security in a Cloud Datacentre. Excludes management inside the server. | $1000 | $50 |
Application Environment
An Application Environment is a self-contained group of services, servers and platform capabilities that work together to support the running of an application. It can include several different components:
- Virtual Machines. Software and applications running on Windows or Linux Servers which require patching, backups and routine administration.
- Network Configurations. A set of network security groups that allow access within the Application Environment and between it and other services.
- Storage. Storage for servers, BLOBs and backups including encryption and key management.
- High Availability. A series of configurations that allow auto-scaling for load or redundancy of critical components that facilitate continued service in the event of failure.
There are several different types of Application Environment that can be managed through cloudstep®. These range from generic application environments through to customized deployments of specific applications. They are all managed in the same way and for a similar price. Application Environments can also be customized for a specific need as described in 3.1 Cloudstep product customization.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Backup/Restore. Perform periodic backups of servers with restoration as needed. Patching. The server will be patched according to agreed schedules. Cloning. The preparation of a clone of an Application Environment that is a copy of the existing one. | Vitals. Check CPU, disk, memory and network stats, alerting on abnormal behaviour.Availability Events. Failure or scaling events with respect to virtual servers. Service health checks for external access to services. |
| Service Management | Pre-Requisite Products |
| Review. Review of implementation of Application Environment to ensure that it meets current best-practice for the relevant public cloud provider. | Tenant Administration |
| Cloud Providers | |
| AWSAzureGoogle Cloud Platform |
Database Migration and Management
Underpinning most application environments will be a database of some kind. Public cloud providers offer many different types of databases. This product covers the migration of data from on-premises database services across to an appropriate public cloud database service and its subsequent management. This includes the following:
- Deployment. Selection and commissioning of an appropriate database platform service in a public cloud provider.
- Migration. The migration of data from the on-premises database across to the public cloud service.
- Management. Ongoing management of database service including patching, backups, encryption and key management.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Backup. Perform periodic full/incremental backups as specified and required. Restore. Perform restore actions as needed. Capacity Management. Monitor database performance and manage right-sizing events for capacity. | Vitals. Monitor CPU, Memory, Connection Counts, transaction latency. Availability Events. Monitor outages, scaling or failover events and react accordingly. |
| Service Management | Pre-Requisite Products |
| Review. Review of implementation of databases to ensure that they meet current best-practice for the relevant public cloud provider. | Tenant Administration |
| Cloud Providers | |
| AWS Azure Google Cloud Platform |
Server Migration
Virtual Servers are the backbone of most on-premises corporate datacentres. Many of these servers are part of a suite of servers required to deliver an application. Some are stand-alone servers that are required for specific or genera purposes. These servers can typically be migrated to a public cloud provider. Migration involves the following activities:
- Deployment. Selecting and deploying appropriately sized and configured servers in a Cloud Datacentre.
- Migration. The migration of content from on-premises to public cloud services in preparation for a cut-over to the cloud server.
- Mop up. The reconfiguration, re-migration or post-migration configuration tasks needed to ensure service availability and connectivity to and from dependent services.
- Management. Ongoing management of the server once migrated.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Backup. Perform periodic backups of servers with restoration as needed. Restore. Perform restore actions as needed. Patching. The server will be patched according to agreed schedules. | Vitals. Check CPU, disk, memory and network stats, alerting on abnormal behaviour. Storage. Ensure backups, storage and encryption are operating correctly. |
| Service Management | Pre-Requisite Products |
| No additional service management activities. | Cloud Datacentre |
| Cloud Providers | |
| AWS Azure Google Cloud Platform |
Server Provisioning
Virtual Servers are the backbone of most on-premises corporate datacentres. Many of these servers are part of a suite of servers required to deliver an application. Some are stand-alone servers that are required for specific or genera purposes.
| Administration (Business Hours, 8am-6pm) | Monitoring (All Hours) |
| Backup. Perform periodic backups of servers with restoration as needed. Restore. Perform restore actions as needed. Patching. The server will be patched according to agreed schedules. | Vitals. Check CPU, disk, memory and network stats, alerting on abnormal behaviour. Storage. Ensure backups, storage and encryption are operating correctly. |
| Service Management | Pre-Requisite Products |
| No additional service management activities. | Cloud Datacentre |
| Cloud Providers | |
| AWS Azure Google Cloud Platform |
Custom Services
There are a range of products that fit many business requirements. The use of standards-based components is a critical part of making managed services cost effective and flexible. There are cases however where it is necessary to customize these products and to provide specialized support to your ICT teams.
Product Customization
The foundation and workload components are used as starting points for any bespoke services. The customization of a product is executed as a project by jtwo solutions. The project will be billed at jtwo solution’s Professional Services Rates. A Statement of Works will be prepared that describes the product customization. This work order is covered under the Master Services Agreement signed with jtwo solutions. As part of the cloudstep® planning engagement this customization work may have been indicated as a project which is budgeted in the cloudstep® business case reports provided.
The work order will cover the following:
- Requirements. The requirements will be captured, and the base product(s) will be indicated that are used as a starting point.
- Scope of Work. The scope of work will describe the activities that will be carried out and how the customization will be implemented.
- Deliverables. The specific deliverables of the project will be indicted that will generally include a new cloudstep® product for your organisation’s product catalogue but may include other deliverables.
- Project Schedule. A project schedule is included that includes resourcing from jtwo solutions and from your ICT team or business units.
- Estimates. This includes estimates of the effort for various skillsets described in Professional Services Rates. Any other costs or charges (cloud services, licensing or other requirements) will be indicated in the estimates.
The work of customizing cloudstep® products is generally a time & materials activity with an estimate. In some cases, the project cost and scope can be fixed. This will typically involve a time & materials effort analysis with a project manager allocated along with a 20%-30% contingency included in the project cost.
Billling
Our billing is intended to be simple, clear, flexible and low risk. The invoice will contain a line item for one of four things:
- New Service Setup. The setup fee is charged in full for any service commissioned in the Previous Month.
- Prorated Service Management Fee. The Service Management Fee is pro-rated until the end of the month as a proportion of the normal management fee depending on how far through the month the service was commissioned.
- Service Management Fee. For any service currently provisioned or provisioning in the Previous Month the service management fee is charged in advance for the Current Month.
- Refunded Service Management Fee. For any services that were decommissioned in the previous month there will be a pro-rated refund of the Service Management Fee already charged in advance for the previous month
- Above the Line Service Fee. An agreed monthly allowance of above the line services will be billed as units (hours) with the Above the Line Hourly Service Fee.
New Service Setup Fee
Any services provisioned in a billing cycle are billed in arrears for the Previous Month. The setup fee will show up in the invoice as <Product Name> Setup: <Service Name> (e.g. Cloud Datacentre Setup: AWS Sydney Production VPC).
Service Management Fee
Any Services provisioned during the Previous Month or already previously provisioned will be charged a service management fee. This fee is charged in arrears where the service was commissioned in the Previous Month and in advance for the Current Month. The charge will either be the full amount (for previously provisioned services) or a pro-rated amount for new services based on the remaining component of the month. <Product Name> Service Fee: <Service Name> (e.g. Cloud Datacentre Service Fee: AWS Sydney Production VPC). Where the invoice item relates to a pro-rated service the line item will include Pro-Rated Service Fee instead of Service Fee.
There may be a refund on the previous billing cycle’s in-advance charge for the Service Management Fee. In this case the name of the line item will be <Product Name> Service Fee Refund: <Service Name> (e.g. AWS Sydney VPC [Cloud Datacentre] Service Fee Refund).
For a service provisioned and subsequently deprovisioned in the same month there will be a pro-rated charge for the remainder of the month following the provisioning date and a pro-rated refund of the balance of this. For instance, if a service is commissioned on 15th February and subsequently decommissioned on 20th February then the setup fee and a 50% pro-rated management fee will be included in addition to a discount of 28% of the full monthly fee representing the refund of the remaining 8 days of the calendar month. These will appear as three separate invoice items.
Above the Line Services
Each of our managed services agreement includes an allowance for above-the-line support services that is charged on a time and materials basis. Each month a charge will be included for adding time to the above-the-line allowance. This may be 20 hours, 50 or any other agreed quantity of hours. The line item for this in the invoice will be Cloudstep® Above-the-Line Services and will include a number of units (hours) and the rate for the service. The remaining number of hours is identified in the line item. Above-the-Line Services are charged in advance for the Current Month. They are consumed through each month until they are depleted. If above-the-line services consumed in the Previous Month were greater than the available hours, then these additional hours will be billed in arrears in the current Billing Cycle. The line item will also include an entry that indicates the number of hours used in the Previous Month along with the new balance of hours available for Above-the-Line Services. Any hours unused in the Previous Month carry forward to subsequent months.
Billing Cycle
Each Billing Cycle occurs on the 1st of the month. The payment terms for the invoice are 14 days from the date of invoice. Each billing cycle will include items that are charged in arrears (Previous Month) and in advance (Current Month). The Previous and Current Month are relative to the month of the billing cycle.
