McGill University Firewall Sharing Services Service Descriptin and Service Level Agreement Prepared by Netwrk and Cmmunicatins Services
Revisin Histry Versin Date Summary f changes Apprved by 1.0 February 21, 2007 Creatin f the dcument JS 1.1 February 22, 2007 Mdified prices fr the chargeback mdel JS 1.2 September 24, 2007 Mdified prices fr the chargeback mdel JS 1.3 Octber 11, 2007 Remved ISA pricing mdel and related infrmatin JS
Table f Cntents Revisin Histry... ii Table f Cntents... iii Executive Summary and Agreement... ii Signature Page... iii Understd and Agreed by Spnsr... iii Service Descriptin... 1 ISA Server:... Errr! Bkmark nt defined. FWSM... 1 Eligibility... 2 Acceptable Usage Plicy... 2 Chargeback and Pricing... 1 Service Level Agreement... 3 Maintenance Windw... 3 Plicies... 3 Payment Schedule... 3 Amendment and Distributin Plicy... 3 Agreement Renewal and Terminatin... 3 Cmmunicatins Plan... 3 Prblem Supprt Services... 4 Escalatin... 4 Internal escalatin prcess: (staff will be paged as needed)... 4 Appendix A SERVER INFORMATION... 5 Appendix B CONTACT INFORMATION... 6
Executive Summary and Agreement The IST Security grup f Netwrk and Cmmunicatins Services (NCS) manages a firewall device cmprising f Cisc s Integrated Firewall Services Mdule (FWSM). T increase security measures n campus, NCS IST Security is sharing the FWSM with any McGill and nn-mcgill unit wh requires the highest level f security. This Service Level Agreement frmally utlines the details, gals, supprt, and prblem reslutin prcedures fr McGill University s Server Hsting Services.
Cpy f 2 Signature Page NCS representative, Name Title Phne Signed: Date: Understd and Agreed by Client Faculty and/r Department Name(s) Title(s) Phne Signed: Date: Signed: Date: Signed: Date:
Service Descriptin IST Security prvides the fllwing services fr the McGill and nn-mcgill units wh wish t share Cisc s Integrated Firewall Services Mdule (FWSM): FWSM: Prvide a secure envirnment t hst servers which require the highest level f security Creating and hst a VLAN/internal netwrk behind the firewall Maintain the firewall infrastructure which includes required/recmmended upgrades, patches, and licensing Infrastructure design fllws best practices pertaining t cnfiguratin in rder t minimize dwntime and cnfiguratin errrs Upgrades depend n vulnerability detectin and new features available in recent and past releases Prvide a redundant cnfiguratin which ensures availability f service This service is available 7x24x365 The client benefits frm this value-added service Create and maintain Access Cntrl Lists (ACLs) Prvide central mnitring thrugh SNMP, Netwrk Management and Server Mnitring Sftware (SNIPS), and MRTG Prevent bttleneck n bth bandwidth and hardware Prvide efficient disaster r system recvery thrugh daily backup f cnfiguratins. Alert the Client cntact during maintenance windws, disasters, and dwntime. The Client is t prvide a 7x24x365 cntact and prper escalatin instructins as part f the signature f this dcument Cnnect t the McGill backbne The Client will be charged fr the netwrk jack installatin fee alng with the mnthly billings. Prvides enterprise grade security prtectin fr servers hsted in the Burnside Hall datacentre. Prvides netwrk layer firewalling with stateful inspectin Prvides prtectin that is scalable fr bandwidth requirements fr perfrmance and prtectin against denial f service attacks. Prvides high availability scenari fr critical services that need enhanced security Nte: NCS can als prvide system architecture and design advice free f charge, and help the Client with hardware and sftware cmpnent selectin. Please cntact us as needed.
Eligibility These services are available t all McGill University faculties, departments, and affiliated research units. Acceptable Usage Plicy Further gvernance is prvided by the fllwing plicies: Plicy n Intellectual Prperty, fund n the Secretariat website Plicy n the Respnsible Use f McGill IT Resurces, fund n the Secretariat website
Chargeback and Pricing The fllwing table shws typical csts f services, at the time f writing: DATACENTRE FWSM SHARING PRICING MODEL Prepared: Octber 11, 2007 *** THIS IS ONLY AVAILABLE IN THE BURNSIDE DATACENTRE *** Prices calculated using McGill taxes and payment made by FOAPAL (N charge fr labur if less than 4 man-hurs f IST Security staff time per year) Parameters fr 5 Year TCO Unit Cst Year 1 Year 2 Year 3 Year 4 Year 5 Hardware (Standalne ASA) $ 6,211.34 - - - - Hardware maintenance $ 781.37 $ 781.37 $ 781.37 $ 781.37 $ 781.37 Netwrk cst_nn-it McGill Unit $ 222.00 $ 222.00 $ 222.00 $ 222.00 $ 222.00 Netwrk cst_nn-mcgill Unit $ 333.00 $ 333.00 $ 333.00 $ 333.00 $ 333.00 NCS Hurly Labur Rate $ 50.00 TOTAL_Nn McGill Unit $ 7,214.71 $ 1,003.37 $ 1,003.37 $ 1,003.37 $ 1,003.37 TOTAL_Nn-McGill Unit $ 7,325.71 $ 1,114.37 $ 1,114.37 $ 1,114.37 $ 1,114.37 *** NCS reserves the right t add surcharges fr excessive number f hsts/ users as well as fr excessive bandwidth requirements Chargeback Nn McGill 5yr TCO Ttal Cst $ 11,228.19 Nn McGill 5yr TCO (equal charge by year) $ 2,245.64 Nn-McGill Units 5yr TCO Ttal Cst $ 11,783.19 Nn McGill Units 5yr TCO (equal charge by year) $ 2,356.64 COMMENTS Gig ASA with Cmmdity Gig link
Service Level Agreement Maintenance Windw IST Security will prvisin maintenance windws n a mnthly basis fr a ne-hur duratin. A schedule f dates and times will be psted n http://www.mcgill.ca/ncs/prducts/security/maintenance/. Plicies Clients will receive fur hurs f cmplementary supprt. Any additinal supprt required is chargeable accrding t the NCS hurly rate. Payment Schedule All fees are requested t be paid in full befre the hsting starts. Acceptable methds f payment include: Operating fund FOAPALS (nt research funds) Certified Checks upn receipt f McGill invice issued against a frmal McGill client ID. Amendment and Distributin Plicy This Service Level Agreement can be amended at any time, upn mutual agreement f the signatries. Tw cpies f this Service Level Agreement must bare riginal signatures f the Client s representative(s). Distributin f signed riginals (including cmpleted appendix frm A and B) as fllws: ne file cpy fr NCS and ne cpy fr the Client. Agreement Renewal and Terminatin This agreement is valid fr a perid f ne year n the date f bth parties signatures and will be renewed autmatically fr anther year unless either party decides t terminate the agreement. Either parties may prematurely terminate the agreement if NCS is unable t prvide the level f service expected r required by the Client s nging needs, r in the event the service has been replaced by anther, mre beneficial service. Cmmunicatins Plan The Client will cntact IST Security via email at istsecurity@mcgill.ca fr any inquiries r requests f service. The Manager f Research Cmputing Services (514-398-5480) will act as liaisn between ur Clients and IST Security. An integral part f this SLA includes the cmpleted fr fund in Appendix A. The fllwing infrmatin must be included n the frm: 24x7x365 cntact infrmatin. escalatin cntact infrmatin. NCS will infrm the Client and sub-rdinate users (via email ntificatin) f any service-affecting updates r changes at least tw business days prir t the event. The Client will infrm NCS (via email ntificatin) f any anticipated changes n the hsted servers that deviate frm the cntract r culd cause ptential prblems t NCS server mnitring systems.
Prblem Supprt Services All server related prblems experienced by the Client must be reprted t IST Security at extensin 3704. The client establishes the prblem severity. Supprt Severity Levels Nature f the request Severity level Prblem 1 High System dwn, data lss Prblem 2 - Medium Pr perfrmance Change request (sent t istsecurity@mcgill.ca) 3 - Lw Recnfiguratin r additin NCS supprt persnnel respnse time after client cntact with NCS: Descriptin Supprt Respnse Time Perid Severity Level 1 Severity Level 2 Severity Level 3 Business hurs (9:00-17:00 Mn-Fri) 1 hur 4 hurs Next business day Off hurs 2 hurs 8 hurs Next business day Escalatin In the event that IST Security cannt be reached, the NCS Cmputer Operatr may be phned (call 24x7x365 at 514-398-3699). In the event f nn reslutin f a prblem, the Client can simply specify the fllwing: the urgency f the situatin the prblem needs t be escalated the requested level f apprpriate escalatin The Operatr will have up-t-date instructins n hw t reach supprt staff. Internal escalatin prcess: (staff will be paged as needed) Level 1 Operatr n duty (Extensin 3699) Level 2 NCS IST Security (Extensin 3704) IST Security n-call Level 3 NCS IST Security Manager Jacek Slabszewicz (Extensin 1605) Level 4 NCS Assciate Directr Systems Engineering Quan Nguyen Level 5 NCS Directr Gary Bernstein
Appendix A SERVER INFORMATION Nte: All required dcumentatin prvided by the Client must remain up-t-date. Any changes t netwrk tplgy and the like must be reprted t IST Security prir t implementatin, with an updated dcumentatin/diagrams. Server Infrmatin Owner Department Machine Name IP Address Platfrm Required Dcuments Netwrk Diagram Descriptin f prtcls (additinal requirements)
Appendix B CONTACT INFORMATION Administrative Cntact Cntact Name Title Department Address Telephne Cell Pager Email address Technical Cntact Cntact Name Title Department Address Telephne Cell Pager Email address Technical Cntact Cntact Name Title Department Address Telephne Cell Pager Email address