Service Level Agreement for Managed Server Support
- During normal business hours, Incidents will be responded to within four (4) hours after notification to the service provider using the ITS Service Desk ticketing system.
- During normal business hours, Service Requests will be responded to within one (1) business day after notification to the service provider using the ITS Service Desk ticketing system.
1. Purpose of Agreement
This Service Level Agreement ("SLA") defines the services and service levels between ITS Systems ("Provider") and the users ("Customer") of the Manager Server Support service ("Service"). Eligible customers are the Colleges, schools, and units ("CSU") affiliated with the University of Texas at Austin. This SLA is designed to cover service related terms and conditions, costs, roles and responsibilities, and provides a framework for communication, problem escalation and service resolution. The SLA will be reviewed annually to assess and update for accuracy.
2. Term of the Agreement
The initial SLA period is for a minimum of one year and will continue until either party terminates. The SLA will be reviewed and modified, where appropriate, on an annual basis. The SLA limits service to those specifically described under Section 10 of this document or an amendment to this SLA. The customer may cancel service, after the initial one year minimum requirement, by providing 90 days’ notice, in writing, to the Service Account Manager. The customer must pay the full balance of the account within 14 days of receiving the final invoice, which may include charges incurred or billed after the date of the cancellation notice. The agreement begins when it has been signed by both parties and will automatically renew each year.
- The Service offers standards-based professionally managed Linux and Windows systems administration for Customer owned servers, either physical or virtual.
- Support services may include planning, installation, configuration, and security hardening of servers; application of security patches and updates; host-level monitoring, log analysis, and troubleshooting; documenting host configurations and Customer requirements; assistance with implementing a data backup strategy that meets the business requirements for the Customer; and grant access for the installation and configuration of third party applications by the Customer.
Any services provided outside of scope of this SLA are subject to additional charge.
Under normal circumstances, Provider staff are available between 8 am - 5 pm Monday through Friday, excluding all holidays and university closures.
Operational support with no reasonable risk of causing disruption of a service will take place during normal business hours, Monday - Friday, 8 a.m. – 5 p.m.
After-Hours requests for support and emergency support will be fulfilled on a best-effort basis. Priorities will be determined based on urgency and level of impact.
Occasionally, it is necessary for Provider to escalate a problem to another entity. In these instances, Provider cannot guarantee the response time of the other entities. Provider will continue to act as the point-of-contact for cases that require support from an outside entity.
Provider will prioritize and process incoming incident requests if it meets any one of the following criteria within covered service hours: Provider response to priority requests or incidents may delay response to other requests.
o Number of people affected.
o Percentage of total tasks that can no longer be performed by individuals.
o Academic and Administrative Calendar deadlines.
o Impact on course delivery.
o Risk to safety, law, rule, or policy compliance.
Should there be a dispute about service rendered, escalations can be requested by the Customer to the direct management of Provider.
4. Cost Schedule
Published rates for the Service are based on actual cost recovery methodology as set and approved by the Office of Accounting Costing and Analysis section. Fees will be charged and transferred once per fiscal year at the beginning of the university fiscal year. If, during the fiscal year, there is an increase or decrease in the number of servers, hours or type of service provided, the bill will be adjusted. Items not covered in this SLA are subject to additional published hourly Time & Materials (T&M) charges. Beginning in the Spring Semester, Provider will review documented server counts and estimate support costs, where appropriate, for the upcoming year for each Customer. Significant changes will be noted, and a revised SLA and/or estimate will be issued to the requesting Customer. At least quarterly, a service report will be provided to the Customer by the Service Account Manager. For billing and administrative questions or issues, the Customer may contact their assigned Service Account Manager.
To make a Service Request or report an Incident, the Customer must create a ticket in the ITS Service Desk ticketing system. Please provide information that the report is for a Managed Server Support Customer along with the server name, if known. One of the following methods may be used for creating a ticket:
- Send an email to firstname.lastname@example.org
- Submit a request online using the MSS Form on the Service Catalog page.
- Contact the UT Service Desk.
Emailing the support email address or using the online form will automatically generate a ticket in the UT Service Desk ticketing system. Customers will receive an automated response with a case number for follow-up reference. Other forms of contact may affect Provider ability to respond in a timely manner.
When calling outside of regular business hours, a voicemail can be left or, where applicable, it is possible to follow phone prompts to be connected to an after-hours operator. Be sure to provide your name, department, that you are Managed Server Support customer and the server name, if you know it. This information will allow the operators to more quickly identify and look up the correct person to escalate the call to.
A Service Request means any request made by the Customer to the Provider for routine operational support published on the ITS Managed Server Support page. During normal business hours, Service Requests will be responded to within one (1) business day after notification to the Provider. Service Request changes will be made during normal business hours. Requests made after normal business hours will be responded to the following business day.
An Incident means any interruption of the normal function of the server where it is severely malfunctioning. During normal business hours, Incidents will be responded to within four (4) hours after notification to the service provider. Reports made after normal business hours may not be processed until the following business day. After-Hours requests for support and emergency support will be fulfilled on a best-effort basis.
If an Incident or Service Request is not responded to with the response times outlined above, the Customer may escalate by directly contacting their assigned Service Account Manager or the ITS Service Desk. Please refer to the ticket number when escalating.
6. Routine Maintenance
Because the central IT environment is regularly updated to allow for growth and change in the use of information technology, the Customer must expect routine maintenance to be scheduled periodically to comply with new standards and upgrades. Provider will schedule with Customer in advance when such work is needed, with recurring maintenance windows established for such work. Growth or change initiated by the Customer may warrant a Service Review and new Consultation of their current environment.
7. Optional Data Backups
Customers may request data backups subject to additional published T&M charges. Provider will work with the Customer to implement a data backup strategy that meets their business requirements. Provider will perform regularly scheduled data backups on covered systems per defined strategy and provided resources. Backups are subject to the availability of a backup system.
8. Business Recovery and Continuity
Provider does not provide disaster recovery or business continuity planning for Customers. The Information Security Office has developed a comprehensive risk management program that focuses on proactive risk reduction in compliance with university rules and policies as well as all relevant state and federal laws. This program helps units identify and monitor risk to information resources on campus and develop strategies to manage that risk over time to include business recovery and continuation. For more information, see Risk Management Services.
Each Customer is the owner of all data and is expected to use their professional judgment in managing risks to the information and systems they use and/or support. As the custodian and systems administrator of the system, Provider will make recommendations based on the site’s data classification and risk assessment as determined by the Customer. Provider will implement Customer approved solutions to protect the data. All security controls should be proportional to the confidentiality, integrity, and availability requirements of the data processed by the system. Provider will not be held liable for loss or compromise of data due to improper data security controls. Please see the Campus IT Policies website for more information on minimum security standards.
10. Provider Responsibilities
- One (1) hour of consultation included to gather requirements and provide a cost estimate for the initial service engagement.
- Offer server provisioning and operating system management. Operating system patches are reviewed for their criticality as they are released. Routine patches are applied on a consistent basis in order to minimize server outages. Security patches deemed critical may be applied outside the pre-defined maintenance window. Provider will not be responsible for any application failure, downtime or issues resulting from these mandatory updates.
- Provide operating system technical support and problem resolution.
- Provide patch management for installed operating system. Provider will install, support, maintain the installation of operating system patches, firmware upgrades as needed, and manage the hardware and operating system of each server under this SLA.
- Provide summary email of results of maintenance window upon completion.
- Maintain server security in accordance with policies governing UT information technology resources.
- Assist with server lifecycle management. The preferred deployment platform for all new servers is a virtual machine running on the central Virtual Infrastructure. The virtual server specifications will be established based upon recommendations from the application vendor and Provider. If the application requires a physical server, the Customer will be responsible for acquiring all necessary hardware components based on application vendor and Provider. Provider will work with the preferred hardware representatives to obtain a quote for the Customer via UT Market that meets the requirements of Provider, university data center, and application vendor.
- Implement a data backup strategy that meets the business requirements for the Customer (Section 7). Additional costs for backups may be required outside of MSS fees.
- Provide basic system performance monitoring and troubleshooting. Operational monitoring is provided for all managed systems. The monitoring system is configured to display an alert to the University Data Center Operators console between 8 am and 5 pm daily if a critical error condition is detected on production systems as well as to send email alerts to responsible staff 24x7 for all systems managed by Provider. Please see Section 3 for response expectations.
- Maintain a customer server inventory that will be updated at least quarterly.
- Create and maintain a site specific manual that will include server build documentation.
- Coordinate with other ITS Infrastructure Services, Departments, and external vendors as needed to provision and support managed server(s).
- Assist the customer in completing Information Security Office Risk Assessment (ISORA).
- Log changes to any server environment using a change management system.
- Perform planned maintenance on a scheduled basis based during the designated maintenance window.
- Provide the Customer contact with notification of service disruptions and emergency maintenance as soon as feasible.
- Review each service annually, or as agreed by both Provider and the Customer, to evaluate the IT needs of the customer and provide appropriate recommendations.
- May provide root\administrative access to individuals designated by the Customer in order to perform application installation, support, and development.
In order to protect the interests and assets of the University of Texas at Austin, Provider may be required to render services beyond those described in this document. Such additional support is provided at the discretion of University senior management with Customer consultation. This work may result in additional T&M charges.
11. Customer Responsibilities
The Customer is the owner of their data, and must categorize and manage access to that data according to university requirements.
Assign and maintain a current on-site departmental technical contact for Provider.
- The technical contact will designate individuals whom require administrative access to their servers. Individuals granted administrative access to servers are responsible for changes made to the server. Those individuals must acknowledge their responsibility by annually completing the Acceptable Use Acknowledgement Form and comply with ISO requirements for Information Resources Use and Security Policy
The technical contact will provide application support for the customer’s application or can act as a liaison to the customer’s application support group. Technical contact should endeavor to diagnose reported issues by Customer end-users prior to reporting to Provider for assistance.
Use the processes defined in Section 5 of this SLA for requesting help and services.
Respond to Provider inquiries in a professional and timely manner.
Agree to a maintenance window for scheduled maintenance, either for the site or per server.
Technical contact must be available to test and verify applications and/or services are back online immediately after maintenance window is complete. Technical contact should either be available during the maintenance window or at the very least confirm their services are back online. Confirmation can come in the form of an email to the provider stating patching was successful without issues.
Maintain compliance with all software licensing requirements.
Provide the necessary access to software and training for specialized departmental or proprietary services where required.
Adhere to relevant University acceptable use and security policies and standards related to the acquisition, development, testing, implementation, and production usage of servers, software, networking, related systems, or data stored on their respective systems. Provider reserves the right to shut down or isolate any server that is found to be out of date, vulnerable or compromised.
Consult with Provider before making hardware or software purchases related to supported systems. Hardware or software purchased by the customer without Provider consultation may not be supported under the standard SLA.
Adhere to a hardware and software lifecycle which meets or exceeds the minimum configuration requirements for the systems supported for the Customer based upon recommendations from Provider.
Maintain hardware warranties or provide timely payment for repair charges (T&M) for any Customer provided equipment covered under the agreement, and pay for software costs associated with required upgrades for new features or security concerns.
Responsible for the development, installation, configuration, maintenance, patching, upgrade, troubleshooting and security of their business application. Any assistance requested from Provider required to meet these obligations may involve a T&M charge.
Consult with Provider on changes to system or service. Any changes made to a system/service not reviewed by Provider which results in assistance from Provider may be subject to a T&M charge.
Responsible for communicating specific service availability and any service interruptions or outages to application users.
Appendix A: Definitions
Customer – individual users or units that use the Managed Server Support Service.
CSU – Colleges, Schools, and Units
Provider – the provider team of the Managed Server Support Service. This is ITS
Service Account Manager – designated individual on the Provider team that will act as the business service liaison with the Customer
T&M – Time and Materials
Appendix B: Revision History
|2017-08-03||Updated SLA to reflect current terms|