Service Description: Cisco Remote Management Services

Page 1 of 1

Please read this document carefully as it contains important services such as Cisco SMARTnet and Cisco Software information regarding the Services that you have purchased Application Services or Cisco’s Unified Communications from Cisco Remote Management Services. Essential Operate Service, as applicable. Cisco shall provide Cisco Remote Management Services described below as This Service Description document describes the activities and selected and detailed on the purchase order for which Cisco deliverables provided by the following Cisco Remote has been paid the appropriate fee. The Service consists of up Management Services: to 3 service components:

1  Cisco Unified Communications Remote Management 1. Monitoring Services Services 2. Management Services  Cisco Unified Contact Center Remote Management 3. Elective Change Services Services  Cisco Foundation Technologies Remote Management Cisco shall provide a Quote for Services (Quote) setting out Services the extent of the Services and duration that Cisco shall provide such Services. Cisco shall receive a purchase order that  Cisco Application Delivery Remote Management references the Quote agreed between the parties and that, Services additionally, acknowledges and agrees to the terms contained  Cisco Wireless Remote Management Services therein. Cisco only provides support of Managed Components.  Cisco Unified Computing Remote Management Services 1 Management Services  Cisco Remote Monitoring Services for Security With Management Services, Cisco provides Monitoring,  Cisco Remote Management Services for Security Incident Resolution, Reactive Problem Management, service  Cisco Server Networking and Virtualization Remote level management and Standard Changes to resolve all Management Services Incidents.  Glossary of Terms 1.1 Cisco Management Application Platform The Management Application Platform (MAP) provides monitoring for all Managed Components in your solution. The Service may require the installation of a Management Direct Sale from Cisco. If you have purchased these Application Platform (MAP) on your Network in order to provide Services directly from Cisco, this document is incorporated into monitoring coverage. your Master Services Agreement (MSA), Advanced Services Agreement (ASA), or equivalent services agreement executed between you and Cisco. In the event of a conflict between this The MAP is a suite of management applications that may be Service Description and your MSA or equivalent services deployed in a redundant configuration and consists of all agreement, this Service Description shall govern. management software and hardware required for service delivery. The MAP is deployed in a single configuration instance or multiple instance configurations depending on the Sale via Cisco Authorized Reseller. If you have purchased number, type, and location of the managed devices. The MAP, these Services through a Cisco Authorized Reseller, this or portions thereof, may exist on the Customer premise and/or document is for informational purposes only; it is not a contract the Cisco premise. The MAP configuration is determined by between you and Cisco. The contract, if any, governing the Cisco during the Transition Management phase. provision of this Service is the one between you and your Cisco Authorized Reseller. Your Cisco Authorized Reseller should provide the contract to you. You can obtain a copy of The Monitoring MAP is configured with Customer-specific this and other Cisco service descriptions at installation and monitoring data prior to being placed into www.Cisco.com/go/servicedescriptions/. service. Once installed, this MAP will discover the components

Cisco Remote Management Services are intended to 1 Monitoring of security event traffic provided in Cisco supplement a current support agreement for Cisco products, Remote Monitoring Services for Security and only available where all Managed Components in a Customer’s Network are supported through a minimum of core

Controlled Doc. #344357 Ver: 1.4 Last Modified:9/30/2010 3:15:38 PM CISCO CONFIDENTIAL Cisco_Remote_Management_Services Page 2 of 1

under management as indicated via the Service Activation Kit the Cisco premise. The MAP configuration is determined by (see 1.6.2) and build the inventory report. Cisco during the Transition Management phase.

The implementation of Monitoring Services may include some The implementation of Security Device Monitoring Services or all of the following activities: may include some or all of the following activities:

 Installation of operating system and supporting  Shipment of servers, appliances, and/or devices to applications on the MAP. This may be accomplished the designated Customer location. remotely.  Installation and testing of monitoring application. This  Installation and testing of monitoring application. This may be accomplished remotely. may be accomplished remotely.  Establishment of remote monitoring and management  Shipment of servers, appliances and/or devices to the of the Customer’s Network devices and applications designated Customer location. from Cisco.  Installation assistance to Customer for the servers, appliances and/or devices. The Security Management Application Platform is an integral  Establishment of connectivity between the Customer part of the Service and is installed for the duration of Services. site and Cisco. During the Service term, the Customer is granted a nonexclusive and nontransferable license to use the hardware  Establishment of remote monitoring and management and the software resident thereon solely on the Management of the Customer’s Network devices and applications Application Platform supplied. The Customer must return any from Cisco. and all associated Management Application Platform materials (devices and documentation) and connectivity devices to Cisco The Management Application Platform is an integral part of the immediately upon expiration or termination of Services. Service and is installed for the duration of Services. During the Service term, the Customer is granted a nonexclusive and nontransferable license to use the hardware and the software resident thereon solely on the Management Application Platform supplied. The Customer must return any and all 1.4 Software Updates for the Security Management associated Management Application Platform materials Application Platform (devices and documentation) and connectivity devices to Cisco immediately upon expiration or termination of Services. The Service includes routine software updates for the Management Application Platform. The Customer shall receive 1.2 Software Updates for the Device Management an email notification from Cisco which identifies the Application Platform modifications included in the next release. Cisco will schedule a maintenance window and open a ticket to track the software update. The ticket will be updated and closed by Cisco upon The Service includes routine software updates for the completion of the update. Management Application Platform. The Customer shall receive an email notification from Cisco which identifies the modifications included in the next release. Cisco will schedule 1.5 Management Connectivity a maintenance window using the calendar on the Management Management Connectivity establishes bi-directional Application Platform. A reminder ticket will automatically be communication between the Customer Premises and Cisco for opened at the beginning of the change window. The ticket will Management Data to be securely and consistently transmitted be updated and closed by Cisco upon completion of the between Managed Components and Cisco. update. Management Connectivity requires access to specific ports 1.3 Cisco Security Management Application Platform and protocols; such requirements will be reviewed with The Security Monitoring service component monitors all Customer during the Transition Management process. Managed Security Components as well as the security event traffic content from those components. This service may Primary Management Connectivity will be provided by Cisco. require the installation of one or more Security Management At Cisco’s discretion, one of two options will be selected based Application Platform(s) on your Network. The need for Security on the type of Service. Management Application Platform(s) is driven by the quantity of supported devices as well as the quantity of aggregate  A dedicated circuit between Cisco Point of Presence monitored event traffic. (POP) and the Customer-designated handoff. The handoff will be at the Customer data center or other The Security MAP is deployed in a single configuration supported Network termination point. instance or multiple instance configurations depending on the number, type, and location of the managed devices. The MAP or portions thereof may exist on the Customer premise and/or Cisco Remote Management Services

Page 3 of 1

 A virtual connection via a Virtual Private Network  Coordinating, scheduling, and executing the Kickoff (VPN) between Cisco Point of Presence and meeting. Customer Network.  Reviewing roles and responsibilities of Cisco personnel, Customer contacts, and Partner contacts Each option may include a Cisco-provided Termination Device (if applicable). located on the Customer Premises. The size of the connection  Providing Customer with escalation documentation for between the Cisco POP and Customer handoff will depend on Service Desk. the type of Service and number of Managed Components.  Reviewing the support model. Redundant and/or additional circuits are an available option.  Reviewing Services purchased, as indicated on the Fees for any additional circuits are to be paid by the Customer. Purchase Order.  Aligning Cisco and Customer on all major activities, 1.5.1 Termination Device risks and milestones during the Transition Management phase. Cisco will ship a termination device for installation at the Customer site. The termination device terminates the  Reviewing and completing the Service Activation Kit Management Connection. The termination device is a (SAK). Managed Component supplied by Cisco and resides at the Customer Premises. The termination device must have 1.6.2 Service Activation Kit Network access to Managed Components. Reviewing the SAK components and key information is critical to success for Transition Management. It is the Customer’s Unless otherwise agreed upon, title to all termination devices responsibility to fill out all relevant data fields in the SAK, which shall remain in Cisco possession. Customer must return the include all necessary Network and Managed Component Termination Device to Cisco immediately upon expiration or details that are required for activating Services. termination of Services. The Project Coordinator will develop a project plan for Cisco, or its subcontractors, shall be allowed access to the subsequent steps with distribution to project contacts. Customer Premises (location occupied by Customer or Customer’s end user) to the extent reasonably determined by 1.6.3 Management Application Platform Configuration Cisco for the inspection or emergency maintenance of Cisco- supplied Termination Device. Failure to allow timely access Once the Management Application Platform is configured and installed, Cisco executes a discovery process for Managed may invalidate Cisco SLAs and SLOs and delay restoration of 2 Services. Components per the Purchase Order . The Project Coordinator will communicate any discrepancies between discovered devices and devices on the Purchase Order. Any requested 1.6 Transition Management additions beyond the Managed Components defined on the Transition Management is a phased process approach in Purchase Order will be subject to incremental Service fees and which Cisco prepares Customer infrastructure for the additional Transition Management intervals. Management Services. The Customer must place an order with Cisco and attach Cisco Service Description to initiate the Cisco inputs Managed Component information into the Transition Management process. The Transition Management Management Application Platform database and sets-up process concludes at the negotiated Customer Acceptance system consoles and dashboards (per Purchase Order). All Date of monitoring provided by Services. Managed Components are organized into defined device groupings. Where appropriate, service, support and escalation 1.6.1 Kickoff Meeting processes are configured in the Service Management Cisco will assign a Project Coordinator to act as a single point Application Platform. This completes the implementation of the of contact during the Transition Management phase. Within 30 Monitoring Services. days from receipt of a valid Purchase Order, the Project Coordinator will contact the Customer to schedule the kickoff 1.6.4 Remote Training Session meeting. The kickoff meeting is typically accomplished via a The Project Coordinator schedules remote training sessions. conference call with the executed contract detail and may The sessions are conducted using a conference bridge, include a Cisco partner. The kickoff meeting will indicate the collaborative software, and/or instructional videos as needed. initiation of the kickoff phase. The kickoff phase, as well as all remaining phases within Transition Management, is typically facilitated by the Project Coordinator in collaboration with Cisco The objectives of the training sessions are: Engineers assigned to the Customer account.  Using the Management Application Platform This Transition Management phase includes the following activities: 2 Due to the nature of security topology, security services do not employ network discovery Cisco Remote Management Services

Page 4 of 1

 Present service documentation 1.10 Management Portal  Review Cisco provides reports on Tickets as well as performance for o Support services to be delivered Managed Components. Reports are available on the Cisco Management Portal which provides Customers and Partners a o Processes for obtaining service web-based method for accessing information about their o Service escalation process Network and relationship with Cisco. o Change control policies o Submit change requests Customers receive end-user accounts to access the Portal. Instructions to access and navigate the Portal are provided in o Standard reports the remote or Video on Demand (VoD) training sessions as well  Explain the recurring operational meetings as in the Portal User Guide. The Portal User Guide is available  Review the Customer Acceptance timing on the Portal.

1.7 Customer Acceptance 1.11 Security Portal Cisco will work with the Customer to validate that the Cisco provides a Security Portal to allow creation of service Transition Management phase is complete. requests, viewing of tickets, access to device inventory, and viewing of security reports. Once a Customer acceptance date has been received and agreed to by Cisco, the service transitions from Transition The Security Portal requires multi-factor authentication to protect Management to the Service Delivery phase. All exceptions to your network information. the Service Delivery phase must be documented within the Transition Management material. Instructions to access and navigate the Portal are provided in the remote or Video on Demand (VoD) training sessions as well 1.8 Incident Monitoring as in the Portal User Guide. The Portal User Guide is available on the Portal. The Incident Monitoring process monitors Managed Components 24x365, using the Management Application Platform to raise awareness of specific events that have the Further details regarding specific activities on the portal are potential to cause adverse impact to business operations. defined in the appendices below.

The Service: 1.12 Reports The Service shall provide device-level performance, availability  Detects alarms and raises Incident tickets based on and inventory reports. End-users generate reports using the monitoring profiles of managed components reporting capabilities and tools accessible via the Portal. See  Captures Incident and correlation data, enriches the Appendices A-H for more detail about the reports available for data with relevant device information and security each service. information (where appropriate) and creates an 1.13 Translation Support Incident ticket The Service is delivered in the English language. For Customers  Sends automated e-notification(s) as defined in the who require support in a language other than English, Cisco SAK to: may provide telephone translation support. When a Customer o Customer contacts calls Cisco, the Cisco Engineer determines the language spoken o Partner contacts (if desired) and conferences the translator into the call.

1.9 Incident Notification 2 Managing & Resolving Incidents

The Incident Notification informs the Customer that an Incident 2.1 Incident Escalation has been recorded. Cisco uses four communication mediums to notify Customers: Incidents are escalated according to a defined process. At any point in the Incident Management process, the Customer may request escalation via a Cisco duty manager to address  Electronic mail (default) concerns about the processing of the Incident. If service  Pager or cellular phone restoration requires activities by a third party, Cisco will initiate and manage the process.  Telephone  Web portal The Customer is notified that the Incident has been resolved and provided the opportunity to verify that services have been Cisco’s primary means for incident notification is electronic restored satisfactorily. Following Incident resolution and mail. Customer notification, the Incident shall be closed by Cisco or

Cisco Remote Management Services

Page 5 of 1

Customer. Reports regarding Incident Management are for design and testing activities. Configuration Management available on the Portal. activities must be invoked whenever Changes are released to keep configuration data accurate. 2.2 Metrics Metrics are addressed in a separate document on Service Level 2.5 Change Management Objectives found at the following location: The objective of Change management is to make necessary http://www.Cisco.com/go/servicedescriptions/. changes in an efficient and accountable manner. The purpose of Change Management is to make sure that changes to Managed Components are evaluated, coordinated, and communicated to all impacted parties to minimize negative impacts of the Change to Management Services. Change management is the use of 2.3 Reactive Problem Management standard methods and procedures for authorizing, documenting, Reactive Problem Management describes the Problem and performing all changes. Management processes that primarily support Incident Management. These processes are initiated when an Incident Changes are divided into two categories: Standard Change and cannot be matched to a Known Error. A Problem is declared for Elective Change. Elective Changes are always requested by the purpose of tracking the activities that lead to identifying a Customers by submitting a Change Request. For more root cause and a resolution to the Incident’s underlying error. information about Elective Changes, please see Section 3.0. The process concludes when a Known Error, including its root cause and resolution, has been identified and recorded in the Known Error database. The Known Error will then be used to 2.5.1 Standard Changes resolve and close all associated open and future Incidents. A Standard Change is a Cisco recommended change that is Reactive problem management has two major sub-processes: often a result of Incident Management and Problem Problem Control Process and Error Control Process. Management processes or a Cisco Field Notice. A Cisco Engineer will submit a Standard Change Request to start the 2.3.1 Problem Control Process Change Management process. Standard Changes are included in Management Services. The primary output of the Problem Control Process is the identification of a root cause for the Problem. The process steps start with analyzing available data, identifying and recording Incidents will result in the creation of a Ticket which will initiate Problems, and classifying Problems according to impact, Change Management when Cisco deems it is required to urgency, and status. resolve the Incident.

The rest of Problem control involves troubleshooting and A ticket will be created to track the resolution of a Problem. diagnosing Problems to identify root causes and potential work- However, Cisco changes initiated as a result of a Problem will rounds. also be documented as a Known Error and added to Knowledge Base for future use. 2.3.2 Error Control Process 2.5.2 Applying Patches Error control takes over Problem control when a root cause of a problem has been identified. First, a Known Error is identified Application of a patch on managed components is at the and recorded based on the root cause of the Problem. discretion of Cisco. Patches will be evaluated to ensure that the stability of the current environment is maintained. Next, the Error is assessed to determine potential resolutions, which can include both temporary workarounds as well as Patches to remediate an Incident or Problem are handled as a permanent fixes. If a permanent fix is possible and cost- Standard Change. Patches that are Customer-requested for the justifiable, a recommendation will be made to the Customer to purpose of obtaining additional features or functions are correct the error by initiating a change via Change Management. considered discretionary and are handled as an Elective Change. The final step and major output of Error Control is to document the resolutions in the Known Error Database so that the As part of Patch process, Cisco will: remediation procedure can be used by Incident Management.  Review Cisco Field Notices to determine impact and 2.4 Change, Release and Configuration Management urgency to the Customer system and existing software levels. Change, Release, and Configuration Management are a tightly integrated set of processes due to the interdependence of their  Remotely apply service pack updates to Managed process activities. The evaluation of a proposed change is Components’ operating system, system software, and strongly dependent on accurate configuration data. Approved applications. Changes are executed via the Release Management process,  Remotely apply Patch to Managed Components’ which is also strongly dependent on accurate configuration data operating system, system software, and applications.

Cisco Remote Management Services

Page 6 of 1

 Perform a remote software levels audit to determine the service delivery response time is defined in the Service Level current releases/patches based on Cisco leading Objectives document. practices. This is a quarterly audit.  Provide a Change Management Report that identifies The available Cisco Elective Change Services are itemized in work ticket and number of hours spent on ticket. the Appendices. Cisco may elect to offer additional services within its areas of competency in response to a Customer’s 2.6 Coordinating and Planning request for service. Cisco provides an application on the Portal for submitting Standard and Elective Change Requests to Cisco. Cisco will Customers purchase a block of hours that are used for utilize the Portal’s Scheduled Outage capability when necessary executing Elective Changes. The amount of hours purchased to suppress events during a change window. Approved changes may vary by contract. The Customer must have a sufficient will be coordinated, planned, and monitored via the balance of hours on account to cover their requested Change Management Application Platform. This will allow coordination of based on time estimations provided by Cisco at the time the activities to determine how to schedule activities to minimize change is requested. negative impact. Elective Change hours are debited from the Customer’s block of Once a Standard or Elective Change has been released and the hour account balance as delivered, per the following: configuration data has been updated, the Change will be evaluated to determine the level of success in meeting the goals  All Elective Change Requests will require a minimum of of the Change. This evaluation is used to improve Change 0.5 hour charge. Billing will be charged in 0.5 hour Management. The Engineer will confirm that all relevant increments thereafter. stakeholders, including the Customer, have been notified that  Cisco’s priority handling of urgent Elective Change the Change is complete. Once evaluation and notification have Requests is on an as-available basis. Cisco will use been completed, the Change is closed. commercially reasonable efforts to respond to such requests. If priority handling request is accepted it will 2.7 Release Management be charged as a minimum 2-hour charge. Billing will Release Management is focused on the actual implementation then be charged in 0.5 hour increments thereafter. of approved Changes.  Customer Elective Change Requests where requested time of service delivery is outside of Normal Business Rollout planning includes planning the details involved in Hours will be billed at a rate of 1.2 times the standard executing the Change into the production environment. This rate if the time is accepted by Cisco. Elective Change includes setting the detailed timetable including securing a Requests to be delivered on Cisco-observed holidays Customer change window if necessary, identifying and will be billed at 2 times the rate if the change time is communicating to all stakeholders that need to be notified, and accepted by Cisco. coordinating with Customer change procedures.  All Elective Change hours must be used within the duration of the contract period. If a multiple year Execution is the act of introducing the Change into the contract is purchased then the hours allocated must be production environment. Once the Change has been executed, used completely by the end of the contract. In the Configuration Management is initiated to record the changes to event that the Customer has hours left over at the end all impacted Configuration Items. of the contract and the Customer is purchasing additional year(s) of service then and only then may the previous contract unused hours be carried over. 2.8 Configuration Management  If the customer has the need to purchase additional Cisco shall maintain an inventory of the Managed Components. Elective Change blocks of hours then the unused hours This inventory detail includes certain configuration data and the left in the existing contract are added to the hours in levels of service applied to each Managed Component. Refer to the new contract to form the new pool of hours. The the respective appendices for other device backup strategies end date for the use of the new pool of hours will be the date that is furthest in the future. For example, if the 3 Elective Change Services existing contract ends 1/31/2010 and the new contract An Elective Change is requested by the Customer and is often ends 3/31/2011, then the newly created pool of hours the result of changes in the Customer Network, business expires on 3/31/2011. processes, or the business. Elective Changes are not the result  The monthly allocation of hours is computed by dividing of Cisco Incident Management and Problem Management the number of months (12, 24, 36) into the total hours processes. The Customer identifies the requirement and submits for the contract period. Elective Change Requests on the Portal.  In a single month, Customers can submit Elective Changes that add up to no more than 50% over the Elective Changes are scheduled services that the Customer monthly allocation of hours. For example, if Customer must request in advance of service delivery. Elective Change purchases a block of Elective hours for 10 hours per month for a total of 120 hours per year, the Customer Cisco Remote Management Services

Page 7 of 1

may use their 10 hour monthly allocation plus 50% notification of carrier status and update of tickets for accurate more resulting in a maximum of 15 hours for the month. record keeping. Cisco will take efficient and expeditious steps The entire 15 hours is then subtracted from the to bring a circuit back into service while informing the customer Customer’s entire hourly allocation for the contract. If during the entire process. the Customer requires more hours for a particular month then additional hours may be purchased. .  During the Change process, the Customer is required 4 Service Level Management to have an authorized onsite representative available to assist as required. Service Level Management is a process to manage our Customer relationship. The Service Level Management Cisco shall provide a monthly Elective Change Report. process may include the assignment of a Cisco Customer Relationship Manager (CRM) based on account size and account activity. Cisco shall provide the Customer with the option to purchase additional Elective Change Hours as needed. Minimum hour purchase blocks may apply. 4.1 Service Level Reviews 3.1.1 Submitting an Elective Change Cisco gathers and tracks ticket data and generates an Please see section 3.0 on the process to submit an Elective Operational Report to track performance. The Operational change. Report provides ticket information and response times generated every month and distributed to designated Customer contacts via email or Service Portal. The Operational 3.2 Proactive Problem Management Reports are also reviewed remotely on a regular basis in the Elective Change Services can include proactive Problem Service Level Management Review meeting with the Management which may assist to prevent the occurrence or Customer. limit the adverse impact of future Incidents in two ways: Cisco will schedule at a minimum quarterly service reviews with the Customer. The quarterly service reviews are delivered Periodic reviews of Customer Network are conducted to remotely using a conference bridge or collaborative tools. In identify potential error conditions that can be corrected before the quarterly service reviews, the CRM presents ticket Incidents occur. When these conditions are identified, the information, ticket response times, ticket trends, and reviews Change Management (for conditions with Known Errors) or the SLO performance. The meetings provide general Network Problem control process (for conditions that require further performance reporting suitable and available for trending and evaluation) is initiated analysis.

Periodic reviews of Incidents, Problems, Known Errors, and the The annual business review meeting is an interactive and Incident Management process are conducted to improve collaborative session that reviews the trends over the past year efficiency and effectiveness of Cisco in responding to and discusses the Service Plan for the next year of service. Incidents. These activities can include major problem reviews in which the processing of P1 Incidents is reviewed to identify 5 Services Not Covered opportunities for process improvement. Other activities include reviewing past Incidents and problems with the goal of This Service Description should be read in conjunction with the updating the Known Error database and improving remediation List of Services Not Covered document posted at procedures. http://www.Cisco.com/go/servicedescriptions/, under the Technical Services section, which is hereby incorporated into, Customer must submit an Elective Change Request for and made part of, this Service Description by this reference. proactive Problem Management activities. However, Cisco will conduct proactive Problem Management activities at its sole discretion to improve the results of the Incident Management 6 Customer Responsibilities process. 6.1 Management Connectivity

6.1.1 Termination Device 3.3 Carrier Management The Customer will use reasonable efforts to provide and maintain the Termination Device in good working order. The Carrier management activities are an important but very Customer shall not, nor permit others to, rearrange, unpredictable task performed within the Service. Carrier disconnect, remove, attempt to repair, or otherwise tamper with Management is provided as a standard service for Foundation the Termination Device. Should this occur without first Service Offering. Where possible, Carrier Management is an receiving written consent from Cisco, the Customer will be Elective Service for other service offerings. Carrier responsible for reimbursing Cisco for the cost to repair any management includes activities such as coordination of damage thereby caused to the Customer Premise Equipment. outages with the customers’ circuit provider, customer

Cisco Remote Management Services

Page 8 of 1

Under any circumstances, Cisco will not be held liable to the The Customer shall provide training coordination support Customer or any other parties for the interruption of Service, including identifying trainees and trainee contact information. missed SLOs, or for any other loss, cost, or damage that results from the improper use or maintenance of the 6.3 Transition Management Termination Device. To enable Cisco to provide Services for Managed Components, Cisco requires the Customer to: Unless otherwise agreed upon, title to all Termination Devices shall remain in possession of Cisco Systems, Inc. Cisco expects that, at the time of removal, the Termination Device  Assign a project manager to represent the Customer shall be in the same condition as when installed, with the during the Transition Management phase. expectation of normal wear and tear. Customer shall reimburse  Assign a technical lead to assist Cisco with Cisco for the depreciated costs of any Termination Device that establishing the Network access required for remote is deemed beyond normal wear and tear. management.  Project manager and technical lead attend Customer Cisco, or its subcontractors, shall be allowed access to the Project Kickoff meeting and training sessions. Customer Premises (location occupied by Customer or Customer’s end user) to the extent reasonably determined by 6.3.1 Perform a discovery audit4 Cisco for the inspection or emergency maintenance of Cisco- supplied Termination Device. 3 The discovery audit will be conducted by the Customer using Cisco-supplied processes and tools for the Cisco Unified Communications and Unified Contact Center Remote 6.1.2 Install Termination Device Management Services. The Customer shall provide the following with respect to the installation of the Termination Device: The discovery audit must be completed and submitted to Cisco 14 calendar days after placing the order for the Service.  Appropriate secure rack-mount location for the Termination Device with suitable environmental If the Customer so elects, Cisco can perform this audit as an conditions for computer operation. Elective Change Service. The audit process requires  Install the Termination Device and Network Customer to run a Cisco-supplied macro to identify peripherals, connectivity per Cisco-supplied guidelines. routing clients, dialed numbers, dialed number map, call types,  Provide communications facilities and services, services, routes, peripheral targets, labels, device targets, skill including internet and Network configuration. groups, skill group members, agents, person and agent person Communication facilities and services must be map. maintained for the duration of the Service term.  Provide a resource to support the installation of the The Customer will provide the following documentation: Termination Device. These activities include:  Architecture diagrams (to include Trunk and Port  Racking the device counts per peripheral)  Connection to Network  Network diagrams (to include IP addressing for visible and private Networks)

 Power connection to uninterruptible power  Available design docs system (UPS) or other facility with continuous  Network implementation plan uninterrupted power  As-built documentation  Power-up  Customer change control process  Mapping of DNIS to call types, variables and scripts Provide suitable commercial power, and an UPS or other acceptable power back-up facilities providing a minimum of  Population points of all variables 1kVA dedicated for the Termination Device.

Provide mutual agreement of date concerning completion of 6.3.2 Service Activation Kit Transition Management activities. Complete the SAK, which provides the key information critical to success for Transition Management and includes: 6.2 Training  Customer representative contact name

3 Failure to allow timely access may invalidate SLOs and 4 Due to the nature of security topology, security delay restoration of Managed Services. services do not employ network discovery Cisco Remote Management Services

Page 9 of 1

 Location of the site(s) to be managed o Power-up  Location of management applications  Network connectivity detail for the Management  Provide suitable commercial power, and an Application Platform uninterruptible power system (UPS) or other acceptable power back-up facilities providing a  Device location and naming scheme minimum of 1kVA dedicated for the Server  Management IP addresses and system detail, SNMP Management Application and termination device. community strings  Provide mutual agreement of date concerning  Telnet and password access completion of Transition Management activities.  Management system User names and contact detail  Provide training coordination support including  Definition of Customer-specific support policies identifying trainees and trainee contact information.5 including: o Points of contact and profile data 6.4 Service Connectivity and Network Access o Case category access Cisco Remote Management Services are delivered using a o Notification policy collection of protocols and ports. The Customer must allow the o Escalation policy collection of data for Managed Components. o Dispatch policy  Managed Component support contract information Provide Read and Write management access to Managed (e.g., Cisco SMARTnet, etc.) Components as defined by SAK. Provide Read management access for components that are monitored only. Access must be implemented in a timely manner in accordance with the Complete tasks defined in the SAK to enable management SAK. This includes SNMP, syslog, and other defined protocols access to managed systems which may include setting up as necessary to support Services. SNMP, traps, and system logs. 6.5 Incident Resolution Provide as-built documentation including detailed design, The Customer must provide support contracts, letters of Network implementation plan(s), site survey(s), and bill of agency, and all other end Customer documentation and materials. Data and documentation will be obtained from Cisco authorization required to facilitate incident resolution. Partner as necessary to facilitate Transition Management.

6.3.3 Install Management Application Platform Customer is required to maintain hardware maintenance and/or software maintenance as may be applicable on all For those cases where the Cisco Management Application System components identified in Purchase Order for the Platform or components of the Cisco Service Management duration of the contract. Application resides on the Customer Premises then the Customer must provide an appropriate secure rack-mount location for the Cisco Management Application Platform (or 6.6 Managed Components components) and termination devices with suitable The Customer will: environmental conditions for computer operation.  Ensure that all Managed Components are in good The Customer is also expected to provide the following: working order prior to completion of Transition Management. This means that Managed Components are fully configured, deployed, and  Installation of the Management Application Platform functioning properly prior to the commencement of and Network connectivity per Cisco-supplied Cisco remote management and/or monitoring guidelines. services. Good working order status will be verified by  Provide communications facilities and services Cisco during the management readiness assessment including internet and Network configuration. process and using availability and performance Communication facilities and services must be reports during Transition Management. Required maintained for the duration of the Service term. remediation steps will be provided to Customer by  Provide a resource to support the installation of the Cisco. Customer is responsible for all activities Management Application Platform. These activities required to bring Managed Components up to good include: working order, including but not limited to system administration, configuration changes, scripting, and MACs (moves, adds, and changes). Necessary o Racking services may be acquired from Cisco as Elective o Connection to Network Change Services. o Power connection to UPS or other facility with

continuous uninterrupted power 5 Training format varies per services ordered Cisco Remote Management Services

Page 10 of 1

 Approve all Standard and Elective Change Requests  Submit maintenance window and other scheduled prior to Cisco taking change action maintenance activity via the Portal, by telephone or  Provide physical security of the Managed email. Cisco requires 72 hours advanced notification. Components. Cisco will suppress Incident tickets during the scheduled maintenance period.  Contact Cisco to report Incidents via telephone or other means in accordance with policies established  Maintain sole responsibility for informing Cisco of Customer employee status changes to help ensure  Allow Cisco to retain and publish aggregate statistics that Cisco maintains current Customer contact list. and metrics for non-identifiable trending analysis.  Provide and maintain a list of Customer employees  Back-up applications and operating systems. The authorized to request changes. Customer is responsible for ensuring the backups run successfully.  Provide and maintain an escalation path within the Customer’s employee base.  Perform back-up on devices not running Cisco Catalyst OS or Cisco IOS. The Customer is  Provide Cisco product training for end-users. responsible for ensuring the backups run successfully. 7 Device vs Instances 6.7 Non-Managed Components 7.1 Virtualization The Customer is responsible for monitoring and managing the Non-Managed Components and applications. Historically, device management has been charged on a per device basis. More and more devices are supporting 6.8 Communication and Change Management virtualization. The virtualized environment typically makes use Cisco has a co-management approach to Managed Services, of a physical device which can be partitioned to make it appear allowing the Customer and other Customer-approved vendors as multiple unique devices with their own unique operating to retain full read and write access to their Managed environment. For those devices that support virtualization, Components. Because multiple parties can make changes to each virtualized environment takes on a unique charge. These the environment, Cisco requires that anyone with access to the devices that support virtualized environments require a Customer’s environment follow a consistent and documented separate charge for each virtualized environment. The Change Management process. This process is reviewed and virtualized environment is also referred to as an instance of the agreed upon prior to completion of the Transition Management device. Examples of devices that fall into this category are phase. (inclusive but not limited to) WAAS, ACE, UCS, Servers and the Nexus 7000. WAAS supports virtualization for WAN The Customer will: Optimization and Windows servers. ACE and Nexus 7000 support virtual contexts. Each unique virtualized environment supported by the device or server will count as one instance.  Provide Cisco with changed data with respect to the Prices for the virtualized devices are charged on a per instance Customer and Managed Components, as needed, via basis. During service reviews, audits of the virtualized the Portal. environment are performed and the appropriate adjustments  Provide timely delivery of information required for must be made. configuration of Managed Components notification procedures.

Cisco Remote Management Services

Page 11 of 1

APPENDIX A:

Cisco Unified Communication Remote Management Services

Cisco Unified Communication Remote Management Services has two levels of services – Standard and Premier. This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with each service level.

Service Capabilities

Activities & Deliverables Standard Premier Transition management   Management connection   Intelligent monitoring & event correlation   Incident notification   Voice QOS monitoring & ticketing   Incident management   Self-Diagnostics and Business Rules Engine   Management portal   Reactive problem management (root cause analysis)   Standard changes   Review/assess Cisco Field Notices   Ticket Trending and problem analysis   Problem resolution   Create configuration management database for managed   devices Execute elective changes   Device-level reports   CDR & CUCMR collection & storage  Premier Reports  Enables DIY support model with leave behind application  Knowledge base accessible to end users  Synthetic transactions supported  CMDB and Ticketing level integration with Customer platform  available Mobility management  Presence management  Unified messaging management 

Supported Devices:

The following table identifies the devices managed by Cisco Unified Communications Remote Management Service

Supported Devices Standard Premium Cisco Series Routers     Cisco Series Switches

Cisco Remote Management Services

Page 12 of 1

Supported Devices Standard Premium   Universal Gateways and Access Servers   AS5200   AS5300 Series   AS5400   AS5800   Wireless   Cisco 500 Series   Cisco 1100   Cisco 1130   Cisco 1200   WLAN Controller  WSLE  Core Infrastructure DNS   NTP   Core Software Subcomponents Exchange   SQL   Domino   OS Components WIN 2000 OS   WIN 2003 OS   Linux OS   General Hardware Components Cisco MCS Hardware   Cisco Approved HP, IBM, Sun Hardware   Unified Communications Unified Communications Manager 7.x   Unified Communications Manager Express (IOS)   Unified Communications Manager Business   Unity Express 2.x-3.x   Unity 4.x-7.x   Unity Connection 1.x-2.x   Cisco Gatekeeper   Cisco SRST   VG248   IP Communicator   Cisco IP Phone   Cisco TDM Gateways   Cisco Unified Presence 6.x  Unified Mobility Manager 1.x  Meeting Place 5.x -6.x 

Cisco Remote Management Services

Page 13 of 1

Supported Devices Standard Premium Meeting Place Express  Unified Contact Center Express  Unified Mobile Communicator  Unified Personal Communicator  VoIP Trunking Gateways  VXML Gateways  Unified Contact Center Unified Contact Center Express 7.x  ICM 5.x & 6.x  Unified Contact Center Enterprise 7.x  Unified Customer Voice Portal 7.x  CRS 4.X-5.x  Administrative Workstation  Peripheral Gateway  Router (ICM)  Logger  Historical Data Server  CTI OS/CAD (PG CTI Server)  ICM Carrier NIC  Ingress Gateway  Egress Gateway  Gatekeeper  CVP VXML Server  Media Servers  CSS Boxes  ASR/TTS Servers  Outbound Dialer  Third Party Connectors  CVP Report Servers  Cisco WebView Servers  CVP Application Server  CVP Call Director Server 

* Services provided by Cisco include monitoring of foundation elements associated with Unified Communications. As part of the monitoring service, incidents associated with monitored foundation elements will be assigned to the Customer for remediation. Should an escalation occur, or Cisco determines that a foundation element is affecting voice services, then Cisco will engage and assist Customer support staff. Responsibility for remediation of monitored – but not Cisco managed elements resides with the Customer.

Elective Change Services Elective Change Services are Customer requested changes and are scheduled activities. The table below identifies the changes that are available for Cisco Remote Management Services.

Cisco Remote Management Services

Page 14 of 1

Elective Changes Standard Premium Phone Administration (MAC)    Add new phones  Configure/change/ delete lines  Configure speed dials  Configure XML services (e.g. Extension Mobility, CS QRT)  Configure device profiles for extension mobility  Device association for user management and for UC clients  Manage phone button templates and softkey templates  Manage UC user accounts  Perform phone load upgrades on Unified Call Manager Gateway administration    Configure new voice gateways  Add/remove/ change trunks  Allocate directory numbers to trunks for analog ports  Configure hardware media resources (e.g. conference bridges, transcoders)  Upgrade IOS  H.323 gateway/ gatekeeper dial plan updates  Gateway/ gatekeeper/trunk capacity planning Dial plan administration    Planning and design  Auditing dial plan and implementing changes  Translation patterns and CTI route points for forwarding calls  Manage route lists and route groups for trunk preference  Route patterns for tie lines and fax servers  Creating and updating dial plans for new sites  Time of day routing of calls  Configuring line and hunt groups  Configuring and administering UC Attendant Console  Media resource plan auditing and updates Cisco Media Convergence Server (MCS) administration    Apply operating system patches Cisco application software administration    Apply software updates and patches

Licensing    Apply license updates and changes Managing CDR Analysis and Reporting service   MeetingPlace/ MeetingPlace Express    Managing user accounts and groups  License updates and changes Configuration changes to managed Cisco software and   devices to include application and user administration Cisco software upgrades for feature enhancements and   security-related purposes Cisco Unity    End -user MACs  Class of control/ distribution list administration  Microsoft Active Directory & Exchange configuration Call handler MACs  Directory handler MACs  Ports and TDM integration  Apply patches to Microsoft Active Directory, Microsoft Exchange Cisco Remote Management Services

Page 15 of 1

Elective Changes Standard Premium  Failover support TELCO / Carrier Coordination    Coordination of service engagement Capacity Planning    Evaluation of Network performance and current resource utilization  Determining impacts and required modifications to support new applications and services

Premier Reports

The following reports available with Cisco Unified Communications Remote Management Premier Service: Report Name Description System Hardware Report Identifies each hardware component under management and provides the following information: Host name, IP address, device model, serial #, site name, contract expiration date System Infrastructure Identifies IOS image and flash/RAM per managed device and consists of the following Report information: Site name, Host name, device model, modules, IOS version, IOS subset, IOS image name, Flash (size), RAM System Application Report Identifies OS releases and fixes per MCS and equivalent server under management. The report contains the following: Site, device name, device model, model #, device manufacturer, OS type, OS version, application version, hot fixes Registered phone count Identifies registered phones at the time that the report is generated. The report shall report contain the following: CUCM Host name, CUCM IP address, CUCM cluster site location, device type, device registered ID (MAC address), device description, calling search space, partition, device IP address, status (registered or not registered); creates summary report xx phones registered; create a historical trend report month by month Inventory Report Lists all “active” Customer managed devices, by site name, device type/model, device name, “managed” Customer ip address ( if NAT ), last good backup ( IOS/CAT OS ) and lists conifg archive exceptions. The report consist of the following: site name, site location, device type, device name, IP address Natted, IP Address (not Natted), SNMP community string, activation date (optional); date of last back-up. Global Ticket Report Identifies the devices in the system that has been impacted by an Incident or Problem and extent of AutoCase activity. The device names indicate the location in production environments. End user selects the system, time frame and generates a report via Web portal. Service Experience Report Identifies top ten sites that have experienced the most tickets and causes. The report consists of: site names, site location, # of Change tickets, # of Incident tickets, device type, device name, major cause Application Server Report Identifies the following key server statistics: Utilization of CPU, Memory, Disk space, Network. Service status of all monitored services on Cisco UC servers. End user selects the server time frame and generates a report via Web portal. Voice Service Level Cisco Unified Communications Manager cluster-based report representing: mean Summary Report opinion score (MoS), latency, jitter, packet loss, disconnect cause summary, call type report and inbound/outbound call report. Elective Change Report A monthly summary report of elective change hours expended in support of the elective changes requested by the Customer.

Operations Report A monthly report that provides ticket information and response times.

Cisco Remote Management Services

Page 16 of 1

Service Considerations

Quarterly IP Telephony Phones in Service Update Process.

After the initiation of Cisco Unified Communications Remote Management Services for a customer, the number of IP Telephony Phones to be considered covered within the UC RMS service will be reviewed during the last month of each calendar quarter.

The number of billed IP Telephony Phones under Remote Management Service will then be adjusted accordingly and considered in Service.

The IP Telephony Phones in Service is the peak value in this report plus any FXS connected phones or modems whose call processing is done by the CallManager. In Service phones will be designated by unique MAC address entries that have the CallManager status of registered, unregistered or unknown across all managed Call Manager clusters.

Adjustments in the number of phones will be effective for, and reflected in subsequent billing periods. If the total number of phones actually under management in a quarter exceeds 150% of the amount billed, Cisco may, at its option, bill the change retroactively. Any additional Cisco charges will be at the contracted rates and discounts in effect for the services. Quarterly adjustments will reflect both upward and downward adjustments subject to the initial number of phones ordered that comprises a minimum. If Cisco Unified Communications Remote Management Services service minimums are applicable to both the prior and revised IP Telephony Phones in Service count, no adjustment will be made.

Cisco Remote Management Services

Page 17 of 1

APPENDIX B:

Cisco Unified Contact Center Remote Management Services

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered in Cisco Unified Contact Center Remote Management Services.

Service Capabilities

Activities & Deliverables Transition management Management connection Intelligent monitoring & event correlation Incident notification Voice QOS monitoring & ticketing Incident management Self-Diagnostics and Business Rules Engine Management portal Reactive problem management (root cause analysis) Standard changes Review/assess Cisco Field Notices Ticket Trending and problem analysis Problem resolution Create configuration management database for managed devices Execute elective changes Device-level reports CDR & CUCMR collection & storage Premier Reports Enables DIY support model with leave behind appliance Knowledge base accessible to end users

Supported Devices:

The following table identifies the devices managed by Cisco Unified Contact Center Remote Management Services:

Supported Devices Unified Contact Center - Applications Network Devices ICUCM 5.x & 6.x Cisco Series Routers* Unified Contact Center Enterprise 6.x & 7.x Cisco Series Switches* Unified Customer Voice Portal 3.x-7.x Unified Communications CRS 4.X-5.x Unified Communications Manager 4.x-7.x Unified Contact Center - Hardware Unity 4.x-7.x Administrative Workstation Cisco Unified Presence 6.x Peripheral Gateway Unified Mobile Communicator

Cisco Remote Management Services

Page 18 of 1

Supported Devices Router (ICUCM) Unified Personal Communicator Logger IP Communicator Historical Data Server Cisco IP Phone CTI OS/CAD (PG CTI Server) Cisco PSTN Gateway ICUCM Carrier NIC Core Software Subcomponents Ingress Gateway Exchange Egress Gateway SQL Gatekeeper Domino CVP VXML Server OS Components Media Servers WIN 2000 OS CSS Boxes WIN 2003 OS ASR/TTS Servers Linux OS Outbound Dialer General Hardware Components Third Party Connectors Cisco MCS Hardware CVP Report Servers Cisco Approved HP, IBM, Sun Hardware Cisco WebView Servers Core Infrastructure CVP Application Server DNS CVP Call Director Server NTP

Elective Changes Phone Administration  Add new phones  Configure/change/ delete lines  Configure speed dials  Configure XML services (e.g. Extension Mobility, CS QRT)  Configure device profiles for extension mobility  Device association for user management and for UC clients  Manage phone button templates and softkey templates  Manage UC user accounts  Perform phone load upgrades on Unified Call Manager Gateway administration  Configure new voice gateways  Add/remove/ change trunks  Allocate directory numbers to trunks for analog ports  Configure hardware media resources (e.g. conference bridges, transcoders)  Upgrade IOS  H.323 gateway/ gatekeeper dial plan updates  Gateway/ gatekeeper/trunk capacity planning Dial plan administration  Planning and design  Auditing dial plan and implementing changes  Translation patterns and CTI route points for forwarding calls

Cisco Remote Management Services

Page 19 of 1

Elective Changes  Manage route lists and route groups for trunk preference  Route patterns for tie lines and fax servers  Creating and updating dial plans for new sites  Time of day routing of calls  Configuring line and hunt groups  Configuring and administering UC Attendant Console  Media resource plan auditing and updates Cisco Media Convergence Server (MCS) administration  Apply operating system patches Cisco application software administration  Apply software updates and patches Licensing  Apply license updates and changes Managing CDR Analysis and Reporting service MeetingPlace/ MeetingPlace Express  Managing user accounts and groups  License updates and changes Configuration changes to managed Cisco software and devices to include application and user administration Configuration back-up of Cisco Unified Communications servers

 Providing scheduling recommendations for performing back-ups  Monitor the availability for the back-up service executable (.exe) Cisco software upgrades for feature enhancements and security-related purposes Cisco Unity  End -user MACs Class of control/distribution list administration  Microsoft Active Directory & Exchange configuration call handler MACs  Directory handler MACs  Ports and TDM integration  Apply patches to Microsoft Active Directory, Microsoft Exchange  Failover support TELCO / Carrier Coordination  Coordination of service engagement Capacity Planning  Evaluation of Network performance and current resource utilization  Determining impacts and required modifications to support new applications and services CTI  Port and route point integration updates  Scripting updates Routing script adjustments  Perform changes to routing scripts in support of call routing applications Administration script adjustments  Perform changes in support of administrative applications Configuration Manager Changes  Perform updates to Configuration Manager Provisioning applications and interfaces  Provisioning of integration elements between applications Creation of custom reports  Consultation  Definition  Configuration Creation of custom dashboards  Consultation  Definition  Configuration

Cisco Remote Management Services

Page 20 of 1

Elective Changes Management Reporting Optimization  Review and recommendations for modifications to database to support advanced reporting  Perform recommended database changes Port Administration  Modifications  Turn up/down License Administration  Administer modifications to licenses, including additions and deletions Wave File, TTS and ASR Administration  Changes to, prompts, vocabulary, administration, tuning and basic call transfer.  File additions, modifications and deletions Email Administration  Administration of application  Configuration of the email management system Ingress Gateway Administration  Service changes for new application deployments, call service additions and dial peers  Administer changes to the ingress gateway Gatekeeper Administration  Changes to gatekeeper configuration Outbound campaign modifications  Administer the system configuration  Administer outbound campaign application  Changes to dialer lists, modes and scripts. CVP self-service applications in Audium/Design Studio  Application changes and enhancements  File additions, modifications and deletions SIP Proxy Server  Configuration and Table changes  Upgrades, additions, modifications and deletions CVP Operations Console and Reporting server and Database  Application changes and enhancements  File additions, modifications and deletions

Reports

The following reports available on the Portal: Report Name Description System Hardware Report Identifies each hardware component under management and provides the following information: Host name, IP address, device model, serial #, site name, contract expiration date System Infrastructure Identifies IOS image and flash/RAM per managed device and consists of the following information: Site Report name, Host name, device model, modules, IOS version, IOS subset, IOS image name, Flash (size), RAM System Application Report Identifies OS releases and fixes per MCS and equivalent server under management. The report contains the following: Site, device name, device model, model #, device manufacturer, OS type, OS version, application version, hot fixes Registered phone count Identifies registered phones at the time that the report is generated. The report shall contain the report following: CUCM Host name, CUCM IP address, CUCM cluster site location, device type, device registered ID (MAC address), device description, calling search space, partition, device IP address, status (registered or not registered); creates summary report xx phones registered; create a historical trend report month by month Inventory Report Lists all “active” Customer managed devices, by site name, device type/model, device name, “managed” Customer ip address ( if NAT ), last good backup ( IOS/CAT OS ) and lists conifg archive exceptions. The report consist of the following: site name, site location, device type, device name, IP address Natted, IP Address (not Natted), SNMP community string, activation date (optional); date of last back-up.

Cisco Remote Management Services

Page 21 of 1

Report Name Description Global Ticket Report Identifies the devices in the system that have been impacted by an Incident or Problem and extent of AutoCase activity. The device names indicate the location in production environments. End user selects the system, time frame and generates a report via Web portal. Service Experience Report Identifies top ten sites that have experienced the most tickets and causes. The report consists of: site names, site location, # of Change tickets, # of Incident tickets, device type, device name, major cause

Application Resource Provides daily and monthly reports on the availability of resources and ports configured on Cisco voice Report and contact center applications. The report also provides resource availability Incident ticket information. End user selects the server, time frame and generates a report via Web portal. Application Server Report Identifies the following key server statistics: Utilization of CPU, Memory, Disk space, Network. Service status of all monitored services on each Cisco voice and contact center server. End user selects the server time frame and generates a report via Web portal. System Activity Report User generated report that can be generated by site or geography and provides the following info: CVP: Calls active, Total Calls handled/day/hour ICUCM: Calls active, Total calls handled, Dialer: Calls active, Total calls handled WIM: Chats active, total chats handled. EIM: Mails open, total mails handled Voice Service Level Cisco Unified Communications Manager cluster-based report representing: mean opinion score (MoS), Summary Report latency, jitter, packet loss, disconnect cause summary, call type report and inbound/outbound call report. Elective Change Report A monthly summary report of elective change hours expended in support of the elective changes requested by the Customer. Operations Report A monthly report that provides ticket information and response times.

Cisco Remote Management Services

Page 22 of 1

APPENDIX C:

Cisco Foundation Technologies Remote Management Services

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Foundation Technologies Remote Management Services.

Activities & Deliverables Management readiness assessment Intelligent monitoring Incident resolution Advanced Event Correlation (device, time, syslogs) Self-Diagnostics and Business Rules Engine Incident notification Root cause analysis Standard Changes Review/assess Cisco Field Notices Ticket Trending and problem analysis Problem resolution Backup of Cisco IOS Routers and Switches Create Configuration Management Database for managed devices Execute Elective Changes Device-level reporting Web-accessible portal Carrier Coordination  Coordination of Service Engagement

Supported Devices*:

The following table identifies the devices managed by Cisco Foundation Technologies Remote Management Services: Supported Devices Networking Routers Switches 800 Series 6500 1000 Series 6500 Module: Firewall Services Module (FWSM) 1400 Series 6500 Module: Content Switching Module (CSM) 1600 Series 6500 Module: 8 Port E1 PSTN interface modules 1700 Series 6500 Module: 8 Port T1 PSTN interface modules 1800 Series 6500 Module: 4 Port FXS analog interface module 2000 Series Catalyst Express 500/520 Series 2500 Series Catalyst 1200 Series 2600 Series Catalyst 1600 Series 2800 Series Catalyst 1700 Series 3000 Series Catalyst 1800 Series 3600 Series Catalyst 2100 Series 3700 Series Catalyst 2600 Series

Cisco Remote Management Services Page 23 of 1

Supported Devices 3800 Series Catalyst 2800 Series 4000 Series Catalyst 2900 Series 7000 Series Catalyst 2960 7100 Series Catalyst 3550 7200 Series Catalyst 3560 7300 Series Catalyst 3560E 7400 Series Catalyst 3750 7500 Series Catalyst 3750E 7600 Series Catalyst 3750 Metro Series Switches XR12000 Series Catalyst 4000 Catalyst 4500 Catalyst 4500E NAM Cisco Catalyst 4800 Series Switches Cisco NAM Network Module Cisco Catalyst 4900 Series Switches

ASR Nexus Data Center Switching ASR1000 Nexus 5000 Series Switches ASR9000 Nexus 7000 Series Switches Nexus 1000v Series Switches Gateways Nexus 2000 Series Fabric Extenders AS5300 Series Universal Gateway AS5400 Series Universal Gateway

* Note: Services may be limited for devices and applications announced by Cisco as End of Life (EOL) or End of Sale (EOS) consistent with Cisco's End of Life policy located at www.cisco.com/go/eol.

Reports

The following reports (where applicable) are available with this Service: Reports Content

Availability Summary Interface Availability (percent) - The percentage of time that this Interface was in an operational state. Device Availability (percent) - The percentage of time that this resource was in an operational state. Cisco CPU Memory Usage CPU Utilization (percent) - The overall CPU busy percentage over the last 5 minute period. Memory Pool Utilization (percent) - Indicates the percentage of the memory pool that is currently used on the managed device.

Cisco Remote Management Services Page 24 of 1

Reports Content Temperature Level - Value is in degrees Celsius. Temperature Status - Value is in degrees Celsius Device ICMP Ping Replies Received (per second) - The total number of ICMP echo request (ping) messages received. Ping Replies Sent (per second) - The total number of ICMP echo reply messages sent. Pings Sent (per second) - The total number of ICMP echo request (ping) messages sent. Ping Replies Received (per second) - The total number of ICMP echo reply messages received

Frame Relay Errors Availability (percent) - The percentage of time that this resource was in an operational state (in active service) during the last measurement interval. Some reasons that would cause a resource to be out of service include hardware / software faults, manual and automatic resets, and Network maintenance procedures. For interfaces and virtual interfaces, this percentage includes downtime resulting from the entire device being out of service.

Interface Error Discard Delivered (inbound) Packets - Total number of packets delivered to a higher layer, during the last polling period. This metric excludes any packets that were received by an interface but not passed on. Inbound Errors - The number of incoming PDUs that were discarded due to errors. Inbound Discards - The number of incoming PDUs dropped due to congestion / resource limitations. Transmitted (outbound) Packets - The number of PDUs (packets, cells, frames, etc.) sent by this resource. Outbound Errors - The number of outgoing PDUs that were discarded due to errors. Outbound Discards - The number of outgoing PDUs dropped due to congestion / resource limitations. Interface LAN Error Inbound Abort - Valid on packet-oriented interfaces only. The number of (error-free) packets dropped during the last polling period. Packets may be dropped for capacity reasons (no buffer space) or for traffic-shaping reasons.

** These reports should be used judiciously due to the additional cost of Network resources (BW, platform licensing, server capacity,…) they incur. They should only be used when necessary to help Cisco manage the Network.

Elective Changes Licensing  Apply license updates and changes  Track & report on software license usage Configuration changes to Cisco software and devices Cisco software upgrades for feature enhancements and security-related purposes Patches for Cisco devices and Cisco applications

Cisco Remote Management Services Page 25 of 1

Elective Changes Connectivity and Path Maintenance  Packet capture and traffic analysis  Device mapping and packet flow monitoring  SNMP and non-SNMP-based administration agents

Cisco Remote Management Services Page 26 of 1

APPENDIX D:

Cisco Application Delivery Remote Management Services

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Application Delivery Remote Management Services.

Activities & Deliverables Management readiness assessment Incident Monitoring Incident resolution Advanced Event Correlation Incident notification Root cause analysis Standard Changes Review/assess Cisco Field Notices Ticket Trending and problem analysis Problem resolution Backup of Cisco IOS Routers and Switches Create Configuration Management Database for managed devices Execute Elective Changes Device-level and Component-Level Reporting Web-accessible portal

Supported Devices*:

The following table identifies the devices managed by Cisco Application Delivery Remote Management Service:

Supported Devices WAAS WAE 512 ACE NME ACE20 * WAAS WAE 612 ACE4710 Appliance WAAS WAE 674 ACE AXG WAAS WAE 7326 GSS 4492 WAAS WAE 7341 CSS 1150X WAAS WAE 7371 Cisco WAAS Mobile Server Cisco WAVE-274 Core Infrastructure Cisco WAVE-474 6500 Cisco WAVE-574 7600 WAAS NME 302 * ISR 1800 WAAS NME 502 * ISR 2800 WAAS ACNS ISR 3800 WAAS Central Manager ACE NME ACE10 *

* Management of the Network Modules requires a purchase of Foundation support for the Host Device as well

Cisco Remote Management Services Page 27 of 1

** Note: Services may be limited for devices and applications announced by Cisco as End of Life (EOL) or End of Sale (EOS) consistent with Cisco's End of Life policy located at www.cisco.com/go/eol.

Reports

The following reports (where applicable) are available with this Service: Reports Content

Cisco Sensor Fan State - State values are normal(1), warning(2), critical(3), shutdown(4), notPresent(5), notFunctioning(6). Power Supply State - State values are normal(1), warning(2), critical(3), shutdown(4), notPresent(5), notFunctioning(6). Temperature Level - Value is in degrees Celsius. Temperature Status - Value is in degrees Celsius Device ICMP Ping Replies Received (per second) - The total number of ICMP echo request (ping) messages received. Ping Replies Sent (per second) - The total number of ICMP echo reply messages sent. Pings Sent (per second) - The total number of ICMP echo request (ping) messages sent. Ping Replies Received (per second) - The total number of ICMP echo reply messages received

Cisco Remote Management Services Page 28 of 1

Reports Content

Elective Changes Licensing  Apply license updates and changes  Track & report on software license usage Cisco software upgrades for feature enhancements and security-related purposes Connectivity and Path Maintenance  Packet capture and traffic analysis  Device mapping and packet flow monitoring  SNMP and non-SNMP-based administration agents Network Carrier Coordination  Coordination of Service Engagement Patches to Cisco equipment and Cisco applications

Cisco Remote Management Services Page 29 of 1

APPENDIX E:

Cisco Wireless Remote Management Services

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Wireless Remote Management Services.

Cisco Wireless Remote Management Services supports the following wireless devices for autonomous and unified wireless architectures:  Cisco Lightweight Wireless Access Points (LWAPs)  Cisco Wireless LAN Controllers (WLCs)  Cisco Wireless Services Module (WiSMs)  Cisco Wireless Access Points (WAPs)

The following wireless architectures are supported by the Cisco Wireless Remote Management Service.

Unified Wireless Remote Management Service: Monitoring and management of Cisco Wireless LAN Controllers and Lightweight Access Appoints (LWAPs).

Autonomous Wireless Remote Management Service: Monitoring and management of Cisco Wireless Access Appoints (WAP) availability.

For the Unified architecture, the customer only pays for service on the Wireless LAN Controller (WLC). There is no additional charge for the Lightweight Access Points (LWAPs). The LWAPs are managed via the WLC and are supported by the Cisco Wireless Remote Management Service. Backup configuration is only provided on the WLC. The LWAP backup configuration is managed via the WLC.

For the Autonomous Wireless Access Points (WAPs), the customer pays service for each and every WAP.

Activities & Deliverables Management readiness assessment Backup of Cisco IOS Devices (WLC and WAPs only) Incident Monitoring Incident resolution Advanced Event Correlation (device, time, syslogs) Incident notification Root cause analysis Standard Changes Review/assess Cisco Field Notifications Ticket Trending and problem analysis Problem resolution Create Configuration Management Database for managed devices Execute elective changes Device-level and Component-Level Reporting Web-accessible portal

Supported Devices**:

The following table identifies the devices managed by Cisco Wireless Remote Management Services

Supported Devices AP1100* series

Cisco Remote Management Services Page 30 of 1

Supported Devices AP1130 AG series AP1200* series AP1230 AG series AP1240 AG series AP1250* AG series 500 series Express Access Points Wireless LAN Controller 2000 Wireless LAN Controller 2100 Wireless LAN Controller 4400 Wireless Service Module (WiSM) 6500 * Wireless Service Module (WiSM) 7600 * Network Module WLC12 for ISR 2800 * Network Module WLC8 for ISR 2800 * Network Module WLC6 for ISR 2800 * Network Module WLC12 for ISR 3800 * Network Module WLC8 for ISR 3800 * Network Module WLC6 for ISR 3800 * Integrated WLAN Controller S25 for 3750G Integrated WLAN Controller S50 for 3750G Wireless LAN Controller 5500

*Management of the Network Modules only. Management of the Host Device is included in Cisco Foundation Technologies Remote management Services (see Appendix C).

Note that management of the carrier connection out to a service provider is included in Cisco Foundation Technologies Remote Management Services (see Appendix C).

** Note: Services may be limited for devices and applications announced by Cisco as End of Life (EOL) or End of Sale (EOS) consistent with Cisco's End of Life policy located at www.cisco.com/go/eol.

Reports

The following reports (where applicable) are available with this Service: Reports Content

Availability summary Interface Availability (percent) - The percentage of time that this Interface was in an operational state. Device Availability (percent) - The percentage of time that this resource was in an operational state.

Cisco CPU memory CPU Utilization (percent) - The overall CPU busy percentage over the last 5 minute period.

Cisco Remote Management Services Page 31 of 1

Reports Content usage Memory Pool Utilization (percent) - Indicates the percentage of the memory pool that is currently used on the managed device.

Cisco sensor Fan State - State values are normal(1), warning(2), critical(3), shutdown(4), notPresent(5), notFunctioning(6). Power Supply State - State values are normal(1), warning(2), critical(3), shutdown(4), notPresent(5), notFunctioning(6). Temperature Level - Value is in degrees Celsius. Temperature Status - Value is in degrees Celsius Device ICMP Ping Replies Received (per second) - The total number of ICMP echo request (ping) messages received. Ping Replies Sent (per second) - The total number of ICMP echo reply messages sent. Pings Sent (per second) - The total number of ICMP echo request (ping) messages sent. Ping Replies Received (per second) - The total number of ICMP echo reply messages received

Elective Changes  Configuration changes to Cisco software and devices QoS to support wireless phones and prioritize mission critical traffic. Rogue AP detection and optional blocking. Centralized configuration repository with change detection and escalation. Investigation and resolution of authentication issues Management of digital certificates and encryption keys Analysis of logs and protocol sampling to develop a protocol catalog Adjustment of power levels to delineate coverage zones. Cisco software upgrades for feature enhancements and security-related purposes Licensing  Apply license updates and changes  Track & report on software license usage Cisco software upgrades for feature enhancements and security-related purposes Connectivity and Path Maintenance  Packet capture and traffic analysis  Device mapping and packet flow monitoring  SNMP and non-SNMP-based administration agents Patches to Cisco Wireless devices

Cisco Remote Management Services Page 32 of 1

APPENDIX F:

Cisco Unified Computing Remote Management Services

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Unified Computing Remote Management Services.

Activities & Deliverables Management readiness assessment Incident Monitoring Incident resolution Advanced event correlation Incident notification Root cause analysis Standard Changes Review/assess Cisco Field Notices Ticket trending and problem analysis Problem resolution Backup of UCS configuration data Create Configuration Management Database for managed devices Execute Elective Changes Device-level and Component-Level Reporting Web-accessible portal

Supported Devices*:

The following information identifies the devices managed by Cisco Unified Computing Remote Management Services:

Supported Devices Cisco UCS 6120XP 20-Port Fabric Interconnect Cisco UCS 6140XP 40-Port Fabric Interconnect Cisco UCS 5108 Blade Server Chassis Cisco UCS 2104XP Fabric Extender Cisco UCS B200 M1 2-Socket Blade Server Cisco UCS B250 M1 2-Socket Extended Memory Blade Server Cisco UCS VIC M81KR Virtual Interface Card Cisco UCS CNA M71KR – E Emulex Converged Network Adapter Cisco UCS CNA M71KR – Q QLogic Converged Network Adapter Cisco UCS 82598KR-CI Converged Network Adapter

* Note: Services may be limited for devices and applications announced by Cisco as End of Life (EOL) or End of Sale (EOS) consistent with Cisco's End of Life policy located at www.cisco.com/go/eol.

Cisco Remote Management Services Page 33 of 1

Operating Systems

The following table identifies the operating systems managed by Cisco Unified Computing Remote Management Services:

Supported Operating Systems Microsoft Windows Server 2003 (all editions) Microsoft Windows Server 2008 (all editions RedHat Linux v5.x Vmware ESX v3.x

Reports

The following reports are available with this Service:

Reports Content Server Performance A set of tables that consist of summaries of CPU Utilization, file system (disk) Summary Report utilization, memory utilization, swap memory utilization, traffic, and reach-ability for all of the monitored servers in the network by day, week, or month. Server Asset Details  Server Name Report  Model  Manufacturer  Operating system  Operating system revision  Total Random Access Memory  Percent of Memory Used  Amount of RAM Available  Total Virtual Memory  Percent of Virtual Memory Used  Amount of Virtual Memory Available Server CPU Report  CPU Speed  CPU Utilization  CPU Load File Service Performance Lists the following information for each logical storage volume under Details Report management:  Server Operating System  Volume Name (Logical Partition)  Volume Size  Percent of Volume Used  Amount of Volume Available Server Performance  Real time, daily, weekly, and monthly graphs Report  CPU utilization, memory utilization, traffic in and out, and file system (disk) utilization and file system (disk) availability Virtualization  VMware ESX Server information Infrastructure Report  VMs grouped by ESX Server and showing info for each VM, including: Guest OS; CPU Allocation and Utilization; Memory Allocation and Utilization; Bandwidth Utilization; File Systems

Virtualization Server Trended utilization info for virtualization server candidates according to user- Candidate Report defined thresholds

VM Utilization Projection Trended and projected utilization info for ESX servers and VMs Report VM Health Report Health and availability for VMs showing CPU, Memory and Network Activity VM Top Utilization Report VMs with heavy resource utilization VM Migration Report For each VM a history of where it was, where it is now and when it moved VM Interface Utilization Bandwidth utilized by each VM and each ESX server Report

Cisco Remote Management Services Page 34 of 1

VM Compliance Report Software titles running on each VM; all VMs and physical machines with specified software titles Cisco Sensor Statistics Fan & power supply statistics for Cisco 6120XP and 6140XP switches Report Device IP Statistics IP packets received, IP packets forwarded, IP Out requests, No route, Report fragmentation failures, & reassembly failures Interface Statistics Report Interface error & discard statistics

Elective Changes UCS Server Operating System & Switch IOS Install/Upgrade/Downgrade Active Directory Changes/Enhancements Operating System Enhancements Add, Remove, Change Logging and SNMP Service Profile Enhancements in Unified Computing Server Manager (UCSM) BIOS Upgrade/Downgrade Virtual Center DRS Modification Virtual Center vMotion Modification VMWare Deployments

Configuration Backup

Cisco shall perform back-up processes for the configuration of applicable Cisco UCS components. This includes definition and execution of service restoration process for Managed Components. This applies only to configuration data needed to restore functionality of Managed Components. Definition and execution of backup processes for customer data is solely the responsibility of the customer.

Monitory and Notify for UCS

Monitor and Notify version of UCS Service directs fault and incident data to customer. The customer takes on responsibility to remediate on all incidents. By the nature of this service, some of the elements described above are not applicable. Supported device list is the same as the standard UCS service. UCS Standard Reports are not applicable to the UCS Monitor and Notify Service.

Activities & Deliverables Incident Monitoring MTTN Reports Advanced event correlation Incident notification (email) Web-accessible portal Historical Ticketing (search open and closed tickets)

Cisco Remote Management Services Page 35 of 1

APPENDIX G:

Cisco Remote Management Services for Security

The Cisco RMS Security Operations Center (SOC) provides remote network management and monitoring support for specific security components of the Customer’s security infrastructure enabling the Customer to out-task security administration by utilizing Cisco’s security personnel as well as Cisco’s process-driven remote network management methodology. Cisco Remote Management Services for Security are designed to provide Customers with an extended network security support staff with a core competency in Cisco Security advanced technologies.

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Remote Management Services for Security. The primary distinction between the Managed security service vs the Monitored service is the addition of proactive security analysis and remediation of event traffic by our highly knowledgeable Security Operations Center personnel. This addition provides our customers with the 24/7 event analysis, proactive and reactive configuration changes as well as device tuning.

Activities & Deliverables Description Management Readiness Assessment Management Readiness Assessment is an assessment conducted by Cisco RMS Security analysts that determines whether all Managed Components are in good working order prior to completion of Transition Management. Requires Managed Components are fully configured, deployed and functioning properly prior to the commencement of Incident and Problem Management services.

Incident Management Incident Management is an ITIL process used by the Cisco RMS SOC to identify Incidents and restore service or remediate declared incidents as quickly as possible and may involve implementing temporary work-arounds. The RMS SOC will proactively monitor for key events and thresholds on Managed Components in the Customer’s access control network infrastructure. In the case of undetected events, Customers may declare an Incident by contacting the Cisco RMS Service Desk, communicating via telephone any high priority Incidents (system down, degraded performance, etc.). Low priority incidents should be reported to the Cisco RMS Service Desk via the Cisco RMS Web Portal. Upon automatic detection or manual submission of an Incident to the Cisco RMS Service Desk, an Incident Ticket is created. The Cisco RMS Service Desk will coordinate with the Cisco SOC during the lifespan of the declared Incident. The Cisco RMS Service Desk is ultimately responsible for coordinating the management of the Incident, which includes communicating with the Customer throughout the Incident management process. This communication also includes notification to the Customer that the Incident has been resolved or remediated.

Cisco Remote Management Services Page 36 of 1

Activities & Deliverables Description Activities: • Enrich alarm information with relevant Configuration Item (CI) information from the Cisco ROS CMDB • Enrich alarm information with relevant IntelliShield information from the Cisco IntelliShield Deliverable(s): • Create Incident Ticket • Post Incident Ticket online via the Portal for the Customer to view all ticket handling activities and milestones Incident notification Incident Notification is considered to be a subset of Incident Management whereby Cisco will electronically notify (E-notify) designated Customer contacts for new Incidents or milestones achieved during the Incident Management process. E-notifications are sent to any email address or email-capable mobile device and will include the Incident Ticket number. The Customer (or its preferred vendor) can always view Incident status and detailed information via the Cisco RMS Web Portal. Activities: • Automated electronic notification (E-notification) to specific Customer contact(s) based on Customer’s notification requirements as agreed on during the Service Activation process. • Match customer’s notification profile with Incident Ticket milestones Deliverable(s): • Perform E-notification of Incident Tickets per Customer’s notification profile • Log E-notification records in the Incident Ticket Incident Priority and Classification Incident Priority and Classifications is considered to be a subset of Incident Management whereby Cisco Incidents will be managed according to the Severity level as determined by IT Infrastructure Library (ITIL) service support framework. Incident Severity level depends on a variety of factors including pre-defined Incident Ticketing attributes such as business impact, urgency and asset value (if applicable and entered into Cisco’s Configuration Management Database during the Service Activation phase). Incident Severity level will determine the Incident Priority level set by the Cisco SOC on a per- incident basis. Activities: • Evaluate Incident Severity and prioritize all Incidents into Priority 1 (P1), Priority 2 (P2) and Priority 3 (P3) Incident categories • Classify Incidents into Fault, Performance or Security Incident categories Deliverable(s): • Properly prioritized Incidents based on Incident Ticketing attributes • Report status prioritized Incident against its associated Service Level as defined in the Service Level Management document

Incident Investigation and Diagnosis Incident Investigation and Diagnosis is considered to be a subset of Incident Management whereby Cisco SOC engineers utilize Incident Remediation procedures to collect any additional data required to fully diagnose and match the Incident to a known error in the Cisco ROS Knowledge Base (KB). Cisco SOC engineers will work to quickly isolate the root cause of the Incident. Once root cause isolation has occurred, Cisco SOC engineers will update the Incident Ticket with information related to root cause isolation and then proceed to the Incident resolution and restoration phase. Activities: • Collect additional data to properly diagnose root cause of the Incident • Attempt to match Incident to a known error in the Cisco ROS Knowledge Base (KB) Deliverable(s): • Update Incident Ticket with root cause isolation information for Fault and Performance Incidents • Update Incident Ticket with root cause security event information for Security Incidents • Perform E-notification for this Incident Ticket event milestone (if requested by the Customer) • Security events will be root caused to one of the following: Attack, Successful Attack, Probable Attack, Reconnaissance, Misuse, Worm, Virus, or Benign Incident Resolution and Restoration Incident Resolution and Restoration is considered to be a subset of Incident Management whereby Cisco SOC engineers utilize Incident Remediation procedures

Cisco Remote Management Services Page 37 of 1

Activities & Deliverables Description and work to restore services within agreed service levels, initiating any Requests for Change (RFCs) as needed for restoration. After the Incident has been isolated down to its root cause, Cisco SOC engineers will work to resolve the Incident. Resolution is complete when functionality is restored to the affected Managed Component(s) or, in the case of a Security Incident, a recommendation is made to the Customer to remediate the Incident. The resolution process includes any action the Cisco SOC requires to restore functionality to a Managed Component or remediate a Security Incident on the Customer’s network infrastructure. The Cisco SOC will utilize work-around solutions to restore all or partial functionality when full functionality cannot be restored within committed timeframes as defined in the Service Level Management document. When a work-around is utilized, the Incident will continue to remain open and will be worked by Cisco SOC engineers until resolved, in accordance with the priority level of the Incident. Incident resolution and restoration may include Cisco SOC security engineers working directly with the Customer’s network IT team to resolve fault and performance incidents on the entitled Managed Components or to assist with the remediation of security incidents detected on the customer’s network infrastructure. Cisco SOC security engineers may provide recommendations for remediation of an infected host (if detected). The Customer is ultimately responsible for any patching of infected hosts on their network. Should the Cisco SOC require a configuration change in a Managed Component to resolve an issue or implement a work-around, the Cisco SOC will follow the Change Management Process established with the Customer Activities: • Resolve Fault and Performance Incidents on Managed Components • Remediate Security Incidents on the Customer’s network infrastructure • Submit, when needed, a Cisco-recommended Request For Change (RFC) in accordance with the Change Management Process established with the Customer to tune benign traffic or implement a temporary work-around • Dispatch third party vendors, as needed and appropriate, within the resolution steps prescribed by the Cisco SOC and in accordance with the Cisco SMARTnet or Cisco Services for IPS service terms on the affected Managed Components. As vendors are dispatched, the Incident Ticket will be updated with information related to the dispatch. • Update Incident Ticket to include notes detailing Fault and Performance Incident resolution or recommendations for remediating Security Incidents. • Perform E-notification for this Incident Ticket milestones, if requested by the Customer. Deliverable(s): • Updated Incident Ticket with resolution details on Faults and Performance related Incidents • Updated Incident Ticket with recommendations detailing how to remediate a malicious Security Incident • Updated Incident Ticket with justification for classifying benign Security Incidents • Cisco-recommended Request for Change (RFC) for tuning a recurring benign Security Incident as determined by Cisco SOC engineers Incident Escalations Incident Escalations is considered to be a subset of Incident Management whereby Cisco escalation is driven by elapsed time against Service Levels ensuring effective routing of Incidents to appropriate technical resources as required. A Customer may request escalation of a Incident Ticket at any time via the Portal or Telephone call to the Cisco ROS Service Desk. The Cisco SOC will refer Incidents to the Customer as needed and escalate the Incident with the Customer within the Customer’s escalation guidelines until the Incident is resolved (ie: fault and performance incidents) or remediated (ie: security incidents). Activities: • Ensure Incident is being handled by appropriate Cisco SOC engineering resources to meet Service Levels • Escalate Incident as appropriate in the Cisco SOC or with the Customer per the established escalation procedures Deliverable(s): • Updated Incident Ticket to include escalation notes • Incidents resolved or remediated in accordance with Service Level targets

Cisco Remote Management Services Page 38 of 1

Activities & Deliverables Description • Perform E-notification for this Incident Ticket event milestone, if requested by the Customer Incident Closure Incident Closure is considered to be a subset of Incident Management whereby once the Cisco SOC declares an Incident resolved and verified, the incident will be closed. In the event that the Incident reoccurs, a new Incident Ticket will be created to accurately reflect the recurring nature of the Incident and aid in the identification of Problems. Depending on frequency, recurring Incidents may trigger the reactive Problem Management process, which may include a Cisco- recommended Request For Change (RFC) to resolve the recurring Incident. Any authorized Customer agent may also proactively request Incident Ticket closure via the Portal or Telephone. The Cisco SOC will review the request and work in conjunction with the Cisco ROS Service Desk to close the Incident Ticket or follow up with the Customer for more information as needed. Activities: • Confirm Incident is resolved • If Incident reoccurs, depending on frequency and attributes of the Incident, open a Cisco-recommended RFC to resolve recurring Incident Deliverable(s): • Update Incident Ticket to include closing notes • Close the Incident Ticket • Perform E-notification for this Incident Ticket event milestone, if requested by the Customer. Advanced Security Event Correlation Advanced Security Event Correlation - Identifies suspicious patterns based on multi- dimensional correlated data that delivers unprecedented security visibility by tying together diverse security activities across the network. All-in-one correlation capability for addressing multi-state rules, vulnerability correlation, statistical algorithms with historical correlation that identifies repeating patterns of attacks, automated slow attacks, anomalous event patterns, potential threats to high-value assets and applies conditional logic to identify likely attack scenarios with the ability to review past events to better position real-time detection of current and future zero-day attacks. Problem Management The goal of Problem Management is to minimize the adverse impact of Incidents resulting from errors in the Customer’s network by delivering a systematic approach for diagnosing the root causes of Incidents and preventing their reoccurrence by recommending the elimination of the underlying errors whenever possible. To achieve this goal, Cisco SOC engineers will diagnose the root cause of Incidents and then initiate actions to improve or correct the situation.

Reactive Problem Management Reactive Problem Management is considered a subset of Problem Management. Reactive problem management describes the problem management processes that primarily support incident management. These processes are initiated when an incident cannot be matched to a known error. A problem is declared for the purpose of tracking the activities that lead to identifying a root cause and a resolution to the incident’s underlying error. The process concludes when a known error, including its root cause and resolution, has been identified and recorded in the Cisco ROS known error database. The known error will then be used to resolve and close all associated open and future incidents. Activities: • Utilize Problem Management procedures to collect additional data required to analyze the root cause • Utilize error data, technical expertise, and product and development resources to isolate a root cause for the error • Document recommended remediation and resolution procedures, and assist Incident Management team in the resolution of an error • Error is closed and handed back to the Incident Management team for any further Incident Management activity Deliverable(s): • Faster Incident resolution for repetitive Incidents • Accurate and updated known error database Proactive Problem Management Proactive Problem Management prevents the occurrence or limits the adverse impact of future incidents. The Cisco SOC will analyze Incident trends to identify patterns and

Cisco Remote Management Services Page 39 of 1

Activities & Deliverables Description systemic conditions. In the event a trend is detected, the results will be introduced into the Problem Management process. The Cisco SOC analyzes different data sets based upon a variety of triggers that would indicate that a Managed Component should be further evaluated. Not all the aforementioned triggers are necessarily indicative of a problem requiring resolution. Activities: • Identify recurring Incidents and refer to Incident Management for resolution • Analyze trends for Incidents on Managed Components • Monitor the resolution • Document applicable error, remediation, recovery, and resolution information in the Knowledge Base • Perform annual configuration reviews for each qualified Managed Component on the Customer’s access control infrastructure Deliverables: • Reduced number of errors in the customer’s network • Annual Configuration Review report on all Managed Components • Improved network access control policies from actionable recommendations from the Annual Configuration Review report Standard Change Management Change Management is the process used by the Cisco SOC to apply standardized methods and procedures for authorizing, documenting, and performing all changes. The objective of Standard Change Management is to make necessary Cisco-recommended changes in an efficient and accountable manner, utilizing standard processes. Cisco-Recommended Changes Cisco-Recommend changes is the result of Standard Change Management activity. Cisco-recommended changes originate from the Cisco SOC. Before executing a Cisco- recommended change, the Cisco SOC will valuate the change and make a recommendation to the Customer that will include details regarding the criticality and timeframe for implementation of the change. The Cisco SOC will not execute a change until the Customer has authorized or pre-authorized the change to be made. Cisco-Recommended changes can include: • Resolve an Incident or implement a work-around for an Incident • Respond to a critical vulnerability, threat or security incident • Apply a software update to a entitled Managed Component • Resolve a known error identified during the Standard Problem Management process Activities: • Communicate the criticality and timeframe associated to the change • Obtain approval for executing the change • Follow established Standard Change Management process including updating all activities in the Change Ticket. • Logical configuration changes to implement a temporary work-around or aid in troubleshooting an Incident during the Incident Management process including logging level changes • Logical configuration changes to apply software updates during the Incident Management process or the normal service support activities associated the Service and the entitled Managed Components • Communicate the criticality and timeframe associated to the change • Logical configuration changes to respond to a critical vulnerability or threat identified by the Cisco SOC

Deliverable(s): • Creation of a Change Ticket on the Cisco Portal for the Customer to view Change Execution After changes are executed, the Cisco SOC will notify the Customer that the change has been executed. Once the Customer accepts the change, the Ticket will be closed. The status of changes can be viewed on the Portal. Activities: • Maintain a ticket history of changes visible through the Portal • Evaluate change requests • Authorize and schedule change requests • Coordinate changes. • Update Portal Tickets to include change status. • Review and close change requests.

Cisco Remote Management Services Page 40 of 1

Activities & Deliverables Description Deliverable(s): • Executed change. • Portal Ticket updated with change notes. Create Configuration Management Create Configuration Management Database for managed devices Database for managed devices Execute Elective Change Management – Execute Elective Change Management is the process used by the Cisco SOC to apply Additional Elective Charges Apply standardized methods and procedures for authorizing, documenting, and performing all changes. The objective of Elective Change Management is to make necessary Customer-requested changes in an efficient and accountable manner, utilizing standard processes. Customer-Requested Changes – Customer-Requested Changes is the result of a Executive Elective Change request for Additional Elective Charges Apply change and can include: • Add, Delete or Change physical component on existing Managed Component • Change existing logical functionality (Upgrades) • Physically move a Managed Component • Add a new Managed Component or Context • Addition of new functionality- Any Customer-requested Logical Change that results in the activation of additional functionality on a Managed Component will be evaluated on a case-by-case basis and discussed with the Customer. If Cisco determines that the additional functionality will increase service support requirements in the Cisco SOC, the Customer may incur additional recurring monthly charges for Cisco SOC support of the additional functionality. • Remove an existing Managed Component Activities: • A Change Ticket is initiated by Cisco or the Customer • The Change Ticket is categorized as described above. • The Customer tracks the progress of the change throughout its lifecycle. • Cisco RMS Service Desk makes initial evaluation of the Customer-Recommended Change and coordinates with the Cisco SOC Change Manager • Cisco SOC Change Manager classifies the change into one of the following categories: Move, Add, Change, Delete or Project • Cisco SOC Change Manager coordinates with the Cisco SOC Change Advisory Board (CAB) as needed to determine the level-of-effort and business risk associated to the change request as defined in the IT Infrastructure Library (ITIL) Change Management framework under the following change categories: Standard, Minor, Significant, Major or Urgent • Cisco SOC Change Manager or a designated member of the Cisco SOC CAB communicates with the Customer regarding the criticality and timeframe associated to the change in accordance with the change attributes • Cisco SOC Change Manager obtains approval from the Customer for executing the change • Cisco SOC follows the established Change Management process including updating all activities in the Change Ticket • Cisco SOC Change Manager or Change Assignee coordinates with the Customer according to the Change Management process established with the Customer Deliverable(s): • Creation of a Change Ticket on the Cisco Portal for the Customer to view Customer-Requested Projects Customer-requested Changes that have one or more of the following attributes typically will be handled as a Project: • Introduction of a service or functionality that is not currently being used in the Customer’s network. • Cisco SOC engineering work required to support the request exceeds four hours. • Significant planning is required before implementation of the change request. • Logical Change involves changes to multiple Managed Components at the same time. Activities: • Cisco SOC Change Manager will assess the scope of the project, coordinate the Cisco ROS CAB, and build out a Statement of Work (SOW) to present to the Customer for acceptance or rejection (as Professional Services fees will normally apply) • Cisco SOC Change Manager or Change Assignee coordinates with the Customer according to the Change Management process established with the Customer

Cisco Remote Management Services Page 41 of 1

Activities & Deliverables Description Web-accessible portal Cisco provides an online Portal for the Customer to review Tickets, Ticket metrics, and reports for all Managed Components of Cisco Remote Management Services for Security. Deliverable(s): • Portal logins for each of the Customers authorized employees • Inventory information on the Portal (as available per Managed Component) including: • System description • Maintenance vendor • Maintenance coverage type and contract number • Serial number • IP Address • Incident and Service Request Ticket information on the Portal (as available) including: • Incident and Service Request Ticket identification number – The tracking number assigned by the Cisco SOC to each Ticket. • Incident and Service Request Ticket opened date and time – The date the Ticket was opened • Incident and Service Request Ticket description – A brief description of the Incident(s) or Service Request(s) detailed in the Ticket • Incident and Service Request Ticket status – The current status of the Ticket as determined by the most recent note entered in to the ticket • Site(s) affected – Within the Ticket, the site locations where Managed Components are affected

* Some Activities and Deliverables are dependent on services delivered

Supported Devices:

The following table identifies the devices managed by Cisco Remote Management Services for Security: Supported Cisco Devices Cisco Intrusion Prevention Systems * Cisco IPS 42xx Sensors * Cisco AIP-SSM for ASA 5500 Series Adaptive Security Appliances * Cisco Catalyst 6500 Series Intrusion detection System (IDSM-2) Services Module * Cisco IOS IPS for Integrated Services Routers * Cisco IPS Advanced Integration Module for Integrated Services Routers Cisco PIX 500 Series Security Appliances * Cisco PIX 5xx Series Appliance

Cisco Remote Management Services Page 42 of 1

Web Application Firewall * Cisco ACE Web Application Firewall Appliance Cisco Security Manager * Cisco Security Manager Cisco Configuration Engine * Cisco Configuration Engine

* User requested Management of the these devices requires a purchase of elective Move, Add, Change (MAC) hours

* Aggregate event traffic in excess of 2000 events/second may require infrastructure upgrade including additional Cisco MAP components

Cisco Remote Management Services Page 43 of 1

Reports:

The following reports are available with the Cisco Remote Managed Service for Security via the Cisco RMS Portal:

Reports Report Description Intrusion Prevention Blocked Attack Reports A summary of the suspected attacks in which the sensor or enforcement point block a specific packet and/or connection Top Blocked Attacks by Signature A ranking of top fired signatures that resulted in a blocked attack Top Blocked Attacks per Sensor A ranking of top blocked attacks by IPS Sensor Top Source Blocked Attacks A ranking of the top Source IP address that was blocked Top Destination Blocked Attacks A ranking of the top destination IP address that was blocked IPS Signature Categories A ranking of the top fired signatures that resulted in a block by category Intrusion Prevention Summary Reports Top Fired Signatures / Signature severity A ranking of the signatures fired most often and the severities of those signatures by severity Top Attacker Source A ranking of the top Source IP address that resulted in a signature to alarm Top Attacked Destinations A ranking of the top destination IP address that resulted in a signature to alarm Signature Severity Summary by Sensor H,M,L severities per Intrusion Prevention Device A ranking by individual sensor of the top signatures triggered by severity Top Fired Signatures Severity Cumulative totals (H,M,L) of IPS Signature severities triggered across the entire intrusion prevention environment Firewall Summary Report A summary of the the connections and traffic that have been denied as a result of the applied firewall policy Total Denied Packets A ranking by firewall of the total denied attempts Top Denied Source Addresses A ranking by top source IP address which resulted in a denied attempt by a firewall policy Top Denied Destination Address A ranking by top destination IP address which resulted in denied attempt by a firewall policy Top Denied Protocols A ranking by top protocols which resulted in a denied attempt by a firewall policy Top Denies by Access Control Policy A ranking by Access Control List of the most utilized polices which resulted in a denied attempt Authentication Failure Summary Reports A summary of failed authentication attempts Top Source Address A ranking of the top source IP addresses which resulted in failed login attempt Failed Attempts A ranking of the top destination IP addresses which resulted in a failed login attempt Top Destination Address Failed Authentication Attempts Top Authentication Failures by A ranking by device of the top failed login attempts Device Top Username Failed Attempts A ranking by Username of the top failed login attempts Bandwidth Summary Reports Top Applications Presents the top applications across the environment in terms of bandwidth usage Top Source / Destination Presents Top bandwidth consumers by source address and destination address.

Cisco Remote Management Services Page 44 of 1

APPENDIX H:

Cisco Remote Monitoring Services for Security

The Cisco RMS Security Operations Center (SOC) provides remote monitoring services for specific security components of the Customer’s security infrastructure enabling the Customer to out-task security monitoring by utilizing Cisco’s security intellectual security platform. Cisco Remote Monitoring for Security provides Customers with extended network security surveillance with a core competency in Cisco Security advanced technologies.

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Remote Monitoring for Security.

Incident Management Incident Management is an ITIL process used by the Cisco RMS SOC to identify and prioritize Security Incidents. The RMS SOC will proactively monitor for key events and thresholds on Managed Components in the Customer’s security network infrastructure. Upon automatic detection and correlation of a Security Incident, an Incident Ticket is created and customer is e-notified of the security incident. This communication can include remediation procedures, which is dependent on security services requested.

Incident Monitoring Incident Monitoring is considered to be a subset of Incident Management whereby Cisco security monitoring system indicates a fault condition, a performance threshold was exceeded, or a security event has triggered a security Incident. Activities: • Monitor (24x7x365) manageable elements of the Customer’s network security infrastructure • Perform ongoing Fault and Performance incident monitoring (re: alerting) on the entitled Managed Components of the Customer’s network security infrastructure • Perform ongoing Security incident monitoring (re: alerting) on the entitled Managed Components of the Customer’s network security infrastructure. • Detect Incidents • Correlate Incidents where applicable • Correlate Incidents with IntelliShield where applicable Deliverable(s): • Confirmed Incidents logged in the Cisco RMS Configuration Management Database (CMDB) Incident Record Incident Record is considered to be a subset of Incident Management whereby Cisco ticketing system captures alarm / event / correlation data, enriches with relevant Configuration Item (CI) information and creates incident ticket. Activities: • Enrich alarm information with relevant Configuration Item (CI) information from the Cisco ROS CMDB • Enrich alarm information with relevant IntelliShield information from the Cisco IntelliShield Deliverable(s): • Create Incident Ticket • Post Incident Ticket online via the Portal for the Customer to view all ticket handling activities and milestones Incident Notification Incident Notification is considered to be a subset of Incident Management whereby Cisco will electronically notify (E-notify) designated Customer contacts for new Incidents or milestones achieved during the Incident Management process. E-notifications are sent to any email address or email-capable mobile device and will include the Incident Ticket

Cisco Remote Management Services Page 45 of 1

Activities & Deliverables Description number. The Customer (or its preferred vendor) can always view Incident status and detailed information via the Cisco RMS Web Portal. Activities: • Automated electronic notification (E-notification) to specific Customer contact(s) based on Customer’s notification requirements as agreed on during the Service Activation process. • Match customer’s notification profile with Incident Ticket milestones Deliverable(s): • Perform E-notification of Incident Tickets per Customer’s notification profile • Log E-notification records in the Incident Ticket Incident Priority and Classification Incident Priority and Classifications is considered to be a subset of Incident Management whereby Cisco Incidents will be managed according to the Severity level as determined by IT Infrastructure Library (ITIL) service support framework. Incident Severity level depends on a variety of factors including pre-defined Incident Ticketing attributes such as business impact, urgency and asset value (if applicable and entered into Cisco’s Configuration Management Database during the Service Activation phase). Activities: • Auto-Classify Incidents into Fault, Performance or Security Incident categories Deliverable(s): • Properly prioritized Incidents based on Incident Ticketing attributes Incident Closure Incident Closure is considered to be a subset of Incident Management whereby incident will be closed based Incident Closure requirement as agreed on during the Service Activation process. In the event that the Incident reoccurs, a new Incident Ticket will be created to accurately reflect the recurring nature of the Incident and aid in the identification of Problems. Depending on frequency, recurring Incidents may trigger the reactive Cisco-recommended Request For Change (RFC) to resolve the recurring Incident. This incident is places on the Customer to resolve. Activities: • Incident is auto-closed based of agreed Service Activation Process. • Deliverable(s): • Auto-Close the Incident Ticket • Perform E-notification for this Incident Ticket event milestone, if requested by the Customer. Advanced Security Event Correlation Identifies suspicious patterns based on multi-dimensional correlated data enhancing security visibility by tying together diverse security activities across the network. All-in-one correlation capability for addressing multi-state rules, vulnerability correlation, statistical algorithms with historical correlation that identifies repeating patterns of attacks, automated slow attacks, anomalous event patterns, potential threats to high-value assets and applies conditional logic to identify likely attack scenarios with the ability to review past events to better position real-time detection of current and future zero-day attacks. Web-accessible portal Cisco provides an online Portal for the Customer to review Tickets, Ticket metrics, and reports for all Managed Components of Cisco Remote Management Services for Security. Deliverable(s): • Portal logins for each of the Customers authorized employees • Inventory information on the Portal (as available per Managed Component) including: • System description • Maintenance vendor • Maintenance coverage type and contract number • Serial number • IP Address • Incident and Service Request Ticket information on the Portal (as available) including: • Incident and Service Request Ticket identification number – The tracking number assigned by the Cisco SOC to each Ticket. • Incident and Service Request Ticket opened date and time – The date the Ticket was opened • Incident and Service Request Ticket description – A brief description of the Incident(s) or Service Request(s) detailed in the Ticket • Incident and Service Request Ticket status – The current status of the Ticket as determined by the most recent note entered in to the ticket • Site(s) affected – Within the Ticket, the site locations where Managed Components are

Cisco Remote Management Services Page 46 of 1

Activities & Deliverables Description affected * Some Activities and Deliverables are dependent on services delivered

Supported Devices:

The following table identifies the devices managed by Cisco Remote Monitoring Services for Security:

Supported Cisco Devices Cisco Intrusion Prevention Systems * Cisco IPS 42xx Sensors * Cisco AIP-SSM for ASA 5500 Series Adaptive Security Appliances * Cisco Catalyst 6500 Series Intrusion detection System (IDSM-2) Services Module * Cisco IOS IPS for Integrated Services Routers * Cisco IPS Advanced Integration Module for Integrated Services Routers Cisco PIX 500 Series Security Appliances * Cisco PIX 5xx Series Appliance

Cisco ASA 5500 Series Adaptive Security * Cisco ASA 55xx Series Integrated Service Router supporting IOS Cisco ISR Series: FW, IOS IPS * 8xx * 18xx * 28xx * 38xx * 72xx * 73xx Cisco VPN * Cisco VPN 3xxx, ASA 55xx, PIX 5xx, Cisco ISR Series Cisco MARS * Cisco MARS Series Cisco Secure Access Control System (ACS) * Cisco Secure ACS 4.0 & 5.0 Web Application Firewall * Cisco ACE Web Application Firewall Appliance Cisco Security Manager * Cisco Security Manager Cisco Configuration Engine * Cisco Configuration Engine Supported non-Cisco Devices TippingPoint * TippingPoint IPS 210E, 600E, 1200E, 2400E, 5000E, SMS IBM/ISS * IBM/ISS GX Series Checkpoint * Checkpoint UTM, VSX, IAS, SM Juniper * Juniper IDP, ISG, SRX, SSG, NSM

* User requested Management of the these devices requires a purchase of elective Move, Add, Change (MAC) hours

* Aggregate event traffic in excess of 2000 events/second may require infrastructure upgrade including additional Cisco MAP components

* Proactive changes by security operations center personnel requires Cisco Remote Management Services for Security (see Appendix I below)

Cisco Remote Management Services Page 47 of 1

Reports

The following reports are available* with this Service:

*Some reports are dependent on services delivered

Cisco Remote Management Services Page 48 of 1

APPENDIX I:

Cisco Server Networking and Virtualization Remote Management Services

This Appendix describes the services capabilities, supported devices, elective changes, and reports delivered with Cisco Server Networking and Virtualization Remote Management Services.

Standard Service Transition Management Intelligent monitoring Incident resolution Advanced event correlation Problem Management and Remediation Incident notification Root cause analysis Standard Changes Ticket trending and problem analysis Management Connectivity Create Configuration Management Database for managed devices Device-level reporting Web-accessible portal Backup of Server configuration data

Supported Devices*:

The following information identifies the devices managed by Cisco Server Networking and Virtualization Remote Management Services.

Server Hardware The service supports all currently shipping plus 2 previous generations (N-2), rack, tower, and blade servers available from Dell, HP, IBM, and Sun. Includes both x86 and RISC-based architectures.

Supported Hardware Systems Dell HP IBM SUN

Operating Systems The following table identifies the operating systems supported for the Cisco Server Networking and Virtualization service offering

Supported Operating Systems Microsoft Windows 2000 Server (all editions) Microsoft Windows Server 2003 (all editions)

Cisco Remote Management Services Page 49 of 1

Supported Operating Systems Microsoft Windows Server 2008 (all editions HP-UX AIX Sun Solaris Redhat SuSE

Virtual Operating Systems The following table identifies the virtual operating systems supported for the Cisco Server Networking and Virtualization service offering

Virtual Operating Systems VMWare MS Windows 2008 Hyper-V Citrix Zenserver

* Note: Services may be limited for devices and applications announced by Cisco as End of Life (EOL) or End of Sale (EOS) consistent with Cisco's End of Life policy located at www.cisco.com/go/eol.

Elective Changes Licensing  Apply license updates and changes  Track & report on software license usage Configuration changes to software and devices Vendor software upgrades for feature enhancements and security-related purposes Patches for vendor devices and applications

Cisco Remote Management Services Page 50 of 1

APPENDIX J:

Glossary of Terms

Glossary of Terms should be read in conjunction with this Service Description. Capitalized terms not defined herein have the meanings assigned to them in the Glossary of Terms.

Analog Telephony Devices means devices such as Elective Change means a change requested by the fax machines, modems, and analog phones connected to FXS Customer and is often the result of changes in the Customer or gateway ports and that require call processing by a Network, business processes, or the business. Elective managed Cisco Unified Communications Manager. Changes are not the result of Cisco Incident Management and Problem Management processes. Advanced Event Correlation (device-level, component-level, time-based) means the act of combining Elective Change Request means any request for disparate data sources to obtain root cause. service made by the Customer or Partner, in electronic format (submitted via the Portal). Backup Management means the process and actions needed to backup and restore Cisco IOS router and EOL – End of Life switches. May include backup policies outlining retention policies, ad-hoc configuration backups and restores as well as EOS – End of Sale standard backup reports. Host Device means chassis. Carrier means a provider of data transport services. IOS means Cisco Internet Operating System. Change Management means the process used by the Cisco to receive, authorize, execute, and communicate Unified Communications (UC) means the changes to Managed Components. functionality of providing traditional voice services, to include but not limited to, phones calls, convergence calls, or voicemail Change Request means any request for service services, over an IP enabled Network. made by the Customer or Partner, who Customer has granted the authority to act on its behalf, in electronic format (submitted Incident means any event that is not part of the via the Portal). standard operation of a service and that causes or may cause an interruption to, or reduction in, the quality of that service. Cisco means Cisco Systems, Inc., a California corporation having its principal place of business at 170 West Incident Management means the process to detect Tasman Drive, San Jose, California 95134. an incident, notify the Customer about the incident and resolve the incident. Cisco Field Notice means an electronic notification about product related issues. Incident Resolution means the process to restore services on Managed Components. Cisco Remote Operations Services (ROS) means the Cisco Services team that delivers Cisco Remote Intelligent Monitoring means advanced correlation Management Services. and automation of tools and scripts to enable quick response to Incidents. Configuration Management means the process to create and maintain an inventory of the Managed Components. IT means Information Technology.

Customer means the entity purchasing Services for Knowledge Base means a searchable database of its own internal use either directly or through an Authorized knowledge and known errors. Channel. Known Error means Incidents with a defined root Customer Acceptance means a mutual agreement cause and resolution. with Cisco to acknowledge completion of the Transition Management phase. Letter of Agency means a letter which authorizes Cisco to act as the Customer's agent for purposes of ordering, Customer Notification means a communication to facilitating, tracking and/or providing services with Carriers, inform the Customer that an Incident has been recorded. maintenance contract providers, and other general-service providers. Customer Premises means the physical Customer location where the Managed Components reside. Managed Component means an element for which remote IT-infrastructure management services are provided by E-notification means the act of sending notification Cisco. of Incidents and the status of Tickets electronically.

Cisco Remote Management Services Page 51 of 1

Management Application Platform is suite of Portal means the online Web user interface supplied management applications and tools that Cisco uses to deliver for Customers and Partners to receive and submit information ITIL based Service Management. to and from the NOC.

Management Connection means the physical Primary Management Connectivity means the communication link between the Cisco and the Customer management connection provided by Cisco. Premise. Proactive Problem Management means the process Management Connectivity means a bi-directional to prevent Incidents. communication between the Customer Premise and Cisco for Management Data to be securely and consistently transmitted Problem means the underlying cause of one or more between Managed Components and Cisco. Incidents.

Management Data means events, alerts, Problem Analysis means the activity of investigating performance information, traps and/or log messages that are problems to determine the root cause. collected by the Service Management Application. Problem Management means the process to find Management Readiness Assessment means an and resolve the root cause of a Problem and prevention of assessment that determines whether all Managed Incidents. Components are in good working order prior to completion of Transition Management. Requires Managed Components are Problem Resolution means the process of providing fully configured, deployed and functioning properly prior to the remediation based on the root cause for unknown Incidents. commencement of Incident and Problem Management services. Project Coordinator means the Cisco project manager who is the single point of contact thru the Transition Management Services means a service that Management phase. provides Monitoring, Incident Resolution, Reactive Problem Management, service level management and Standard PSTN means Public Switched Telephone Network. Changes to resolve all Incidents. PVC means Private Virtual Circuit. Monitoring means detecting events on Managed Quote means quote for services. Components. Reactive Problem Management means the Problem Network means a set of interconnected and Management sub-process that primarily supports Incident interworking Cisco supported hardware and software that is Management. These processes are initiated when an Incident implemented, operated, and supported by Customer from a cannot be matched to a Known Error. single Network operations center (NOC). Read means the ability to view system logs, Network Component means a device or link that configuration files and other device and system-level makes up part of a Network. information.

Non-Managed Component means any element for Release Management means the process focused which management services is not provided by Cisco. on the actual implementation of approved Changes.

Normal Service Operation means service operation Reseller means the business that sold Cisco within Cisco service levels as defined in Section 4 Service management to the Customer. Level Management. Self-Diagnostic and Business Rules Engine means OSI means the Open System Interconnection the ability to gather further diagnostic data and provide Reference Model. additional actionable recommendations.

Partner means the third party contracted by Service Description means Cisco will provide the Customer to act as its technical point of contact with respect to Services and perform Cisco responsibilities described in the the Service and/or Product. standard Cisco Service Description located at www.cisco.com/go/servicedescriptions/ (or such other Patch means a small fix to a problem using a location of which Cisco may notify Customer from time to time). piece of software code. Service Activation Kit (SAK) means a document Point of Presence means a carrier aggregation that is completed by the Customer during the Transition point for access to carrier-provided Internet and wide Management phase. area Network services. Service Delivery means the phase after Transition Management when Cisco begins to deliver Services.

Cisco Remote Management Services Page 52 of 1

Service Desk means a single point of contact for Customers for the Service. Termination Device means Customer Premises Services mean Cisco Remote Management Services equipment that terminates the Management Connection. which consist of the activities and the processes used by Cisco to monitor manage and make changes to your Network, voice Ticket means the tracking mechanism for Incidents and application services. and service requests within the NOC. The NOC activities are detailed within the Ticket that contains the complete history of Standard Business Hours means 8AM to 5PM in record for an Incident or service request. the time zone of the Customer’s headquarters. Transition Management means a phased process Standard Change means a Cisco ROS approach in which Cisco prepares Customer infrastructure for recommended change that is often as a result of Incident the Management Services. Management and Problem Management processes or Cisco Field Notice. Ticket Trending means analyzing tickets and ticket trends so that proactive steps can be taken to reduce or Standard Change Request means a request for eliminate potential future incidents from occurring in the change to solve an Incident or Problem. Network.

Start Date means the date Services commence. VPN means Virtual Private Network.

SLA means Service Level Agreement. Write means the ability to make and save changes to device configurations. SLO means Service Level Objective.

SLO means Service Level Management .

Cisco Remote Management Services