iland service schedule

The terms and conditions set out in this iland Service Schedule (this “Schedule”) shall apply to each Service Work Order executed by the Provider and the Customer (each, a “Work Order”), and shall be deemed to be incorporated, the necessary changes having been made, into each Work Order.
  1. Section 1: Definitions

    In this Schedule: Any capitalized terms used but not defined in this Schedule or the remainder of the Agreement shall have the meanings set out in the relevant Work Order.
    1. “Accelerated Storage” shall mean encrypted storage resources provided on a blend of traditional shelves of disks and flash storage.
    2. "Acceptable Use Policy" or "AUP" shall mean the Provider's document that stipulates constraints and practices that the Customer must adhere to when utilizing any of the Provider's Cloud Services. The current AUP can be accessed at https://iland.com/legal/acceptable-use-policy/ provided, however, that the AUP may be modified from time to time at the Provider's sole discretion.
    3. “Active Virtual Machine” shall mean a Virtual Machine that is turned on within the Virtual Data Center.
    4. “Advanced Storage” shall mean storage resources provided on traditional shelves of disks.
    5. “Archive Storage” shall mean storage resources provided on traditional shelves of disks.
    6. “BAA” shall refer to the Business Associate Agreement held between the Customer and the Provider under the Health Insurance and Accountability Act of 1996 (HIPAA).
    7. “Backup Groups” shall mean the groups of Virtual Machines defined in Advanced Backups. These groups define what Virtual Machines are backed up and how they are backed up by the applied Backup Policy.
    8. “Backup Policies” shall mean the policies that define the Advanced Backup schedule of how often and when to take a backup and also the retention timeframe for that backup. The policies also define how often full backups should be taken and how often to retry in the event of backup failure.
    9. “Backup Testing” shall mean the operational mode in which the data of the Machines are validated leveraging Target Site restore points during a predetermined process. “Tested Backup” shall have a correlative meaning.
    10. "Bare Metal Device" shall mean a physical computer system without a base operating system (OS) or installed applications. It is a computer's hardware assembly, comprised of structure and components, that is installed with either the firmware or basic input/output system (BIOS) software utility or no software at all. The Provider service includes the colocation of this device, but no OS.
    11. “Burst Resources” shall mean Cloud Resources that are not dedicated to the Customer but which, if available, the Customer may use to exceed its committed Reserved Resources. These are billed in arrears and are calculated by multiplying a usage over the Reserved Resources by the monthly or hourly burst rate as specified on the Work Order.
    12. “Carrier” shall mean an organization that provides services accessing and using the Internet or any other telecommunications service that operates on its proprietary network infrastructure.
    13. “Change Management” shall mean making controlled and informed changes to the operation and functionality of an eligible service or Equipment provided by the Provider.
    14. “Cloud Storage” shall mean storage resources within the Target Site, provided on traditional shelves of disk, accessed from the Machines.
    15. “Cloud Resources” shall mean compute (CPU), memory (RAM), storage, IP address and network bandwidth that comprises a Virtual Data Center as described in the Work Order.
    16. “Colocation” shall mean the Provider's service related to placing and maintaining the Customer's Equipment within the same Data Center where the Provider hosts its Cloud Resources.
    17. “Colocation Area” shall mean the area within the Data Center in which the Colocation Rack Space is located.
    18. “Colocation Rack Space” shall mean the physical space within a rack or other location(s) within the Colocation Area of the Data Center designated by the Provider for the Customer to colocate the Equipment.
    19. “Colocation Specifications” shall have the meaning set out in the relevant Colocation Work Order or, if no such definition is set out in the Colocation Work Order, the Provider's standard specifications for colocation space in the Colocation Area.
    20. “Commencement Notification” shall mean an email communication from the Provider to the Customer indicating the formal hand-off of Cloud Resources and the commencement of billing under the Work Order.
    21. “Compliance Services” shall mean a suite of tools, processes, devices and information to support the efforts of certain categories of merchants to manage compliance with the requirements of each service noted below. The delivery model for these services offered and supported by the Provider fall under two categories: General Compliance and Managed Compliance-as-a-Service.
    22. “Compliance Services Matrix” shall identify and list the Provider’s Compliance Services offering.
    23. “Cross Connects” shall mean physical cables that allow direct connections between two different termination locations within a Data Center.
    24. “Customer-Leased Equipment” shall mean any equipment that the Customer leases or licenses from the Provider for the Customer’s exclusive use and control.
    25. “Customer-Provided Equipment” shall mean any equipment owned by the Customer and listed in the Hybrid Colocation Order as equipment that may be colocated in the Colocation Rack from time to time .
    26. “Data Center” or "Datacenter" shall mean the facility operated by the Provider designated as the Datacenter in the relevant Hybrid Colocation Order.
    27. “Data Seeding” or “Seed Data” shall mean the process of exporting Virtual Machine data to removable media at the Primary Site and/or Source Site, shipping the removable media to Recovery Site and/or Target Site and importing Virtual Machine data into a Virtual Data Center at Recovery Site and/or Target Site.
    28. "Dedicated Resources" shall mean Cloud Resources dedicated to a single tenant or Customer.
    29. “Demarcation Point” shall mean the point located in the Data Center at which the extension from the Carrier infrastructure ends and connects with the Provider’s on-premises wiring.
    30. “Deployment” shall mean the period of time beginning once the Provider has acknowledged receipt of the signed Work Order, and ending when the Provider satisfies all deliverables within the initial scope.
    31. “Deployment Engineer” shall refer to an engineer, who is an employee of the Provider with technical knowledge and training of use and best practices of the Provider’s services, that is responsible for deploying the environment in the Provider’s infrastructure used by the Customer.
    32. “Disaster” shall mean the Customer’s inability to send or receive data at the Primary Site due to unavailable compute, storage, or network resources.
    33. “Disaster Recovery Runbook” shall mean a collection of Recovery Groups that are combined into a single list to simplify management of the DRaaS environment when testing failover, or in the case of performing a live failover of the environment.
    34. “DRaaS” shall mean Disaster Recovery as-a-Service.
    35. “DRaaS Testing” shall mean the operational mode in which the functions of the Virtual Machines in the Primary Site are validated on the Virtual Machines in the Recovery Site. Testing is a non-service impacting event and does not include modification of Primary Site resources including Virtual Machines and networking. “Tested” shall have a correlative meaning. Testing is a fully autonomous function, and can be triggered by the Customer at any time.
    36. “Electricity Fee” shall mean the amount to be charged by the Provider to the Customer based upon the Customer's usage of electricity in the Colocation Area during the relevant period and the then-current standard prices charged by the Provider to its Customers for electricity, which shall be calculated on a breakered-amp-load basis, and which shall be subject to increase from time to time if the power utility or primary electricity vendor used by the Provider increases the price paid by the Provider for power provided to the Colocation Rack.
    37. “Emergency” shall mean an urgent, sudden, and serious event that requires immediate action to remedy the situation.
    38. “Encrypted Archive Storage” shall mean encrypted storage resources included in the Cloud Resources provided on traditional shelves of disks.
    39. “Encrypted SSD Storage” shall mean encrypted storage resources provided on Solid State disks or Flash Memory.
    40. "Equipment" shall mean physical computer, network and/or communications devices.
    41. “Failback” shall mean the return of operational mode of the Virtual Machines in the Recovery Site back to the Virtual Machines in the Primary Site after originally becoming unavailable through either failure or scheduled downtime.
    42. “Failover” shall mean the backup operational mode in which the functions of the Virtual Machines in the Primary Site are assumed by the Virtual Machines in the Recovery Site due to the Virtual Machines in the Primary Site becoming unavailable through either failure or scheduled downtime.
    43. “General Compliance” shall mean ad-hoc and on demand professional Compliance Services.
    44. “Governance Framework” shall mean a category of Compliance Services that define the structure of rules and procedures by which enterprises and corporations are directed and controlled.
    45. “HIPAA/Pharma Compliance” shall mean a category of Compliance Services offered by the Provider that are aligned with the administrative, physical and technical safeguards set by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
    46. “iland Autopilot Managed Recovery for DRaaS” shall refer to a managed service offering provided by the Provider to the Customer for the purpose of managing the on-boarding, technical design, testing and operational support elements of an iland Secure DRaaS with Zerto or iland Secure DRaaS with Veeam service contract.
    47. “iland Cloud” shall refer to an environment that contains the Provider’s basic cloud infrastructure features without any level of encryption or security attributes integrated into the environment and its underlying storage and/or shared Cloud Resources. Features associated with iland Cloud environment are only available to Customers that elect to have those services provided to them on their Work Order.
    48. “iland DRaaS with Zerto” shall refer to an environment that contains the Provider’s basic cloud infrastructure features without any level of encryption or security attributes integrated into the environment and its underlying storage and/or shared Cloud Resources. Features associated with iland DRaaS with Zerto environment are only available to Customers that elect to have those services provided to them on their Work Order.
    49. “iland Secure Cloud” shall refer to an environment that contains the Provider’s advanced security and encryption features and attributes integrated into the environment and its underlying storage and shared Cloud Resources. Features associated with iland Secure Cloud environment are only available to Customers that elect to have those services provided to them on their Work Order.
    50. “iland Secure Cloud Backup” shall mean the public Internet service delivered by the Provider that allows the Customer to backup Machine’s virtualized data into Cloud Resources. Features associated with iland Secure Cloud Backup environment are only available to Customers that elect to have those services provided to them on their Work Order.
    51. “iland Secure Cloud-to-Cloud Continuity” shall refer to a DRaaS environment where both the Primary Site and Recovery Site are in two (2) different Provider’s physical locations as specified in the Work Order. Features associated with iland Secure Cloud-to-Cloud Continuity environment are only available to Customers that elect to have those services provided to them on their Work Order.
    52. "iland Secure Cloud Console” shall refer to the cloud based management portal in which the Customer accesses and administers the Cloud Resources.
    53. "iland Secure Cloud Object Storage" shall mean the public Internet service delivered by the Provider that allows the Customer to store and manage data as objects, as opposed to other storage architectures like file systems and block storage. Features associated with iland Secure Cloud Object Storage environment are only available to Customers that elect to have those services provided to them on their Work Order.
    54. "iland Secure DRaas with Veeam" shall refer to an environment where the Customer uses Veeam Cloud Connect software to replicate from the Primary Site to the Provider's Recovery Site and its underlying storage and shared Cloud Resources. Features associated with iland Secure DRaaS with Veeam environment are only available to Customers that elect to have those services provided to them on the Work Order.
    55. “iland Secure DRaaS with Zerto” shall refer to an environment that contains the Provider’s advanced security and encryption features and attributes integrated into the environment and its underlying storage and shared Cloud Resources. Features associated with iland Secure DRaaS with Zerto environment are only available to Customers that elect to have those services provided to them on their Work Order.
    56. “iland Secure Private DRaaS with Zerto” shall refer to an environment that contains the Provider’s advanced security and encryption features and attributes integrated into the environment and its underlying storage and dedicated Cloud Resources. Features associated with iland Secure Private DRaaS with Zerto environment are only available to Customers that elect to have those services provided to them on their Work Order.
    57. “iland Secure Private Cloud” shall refer to an environment that contains the Provider’s advanced security and encryption features and attributes integrated into the environment and its underlying storage and dedicated Cloud Resources. Features associated with iland Secure Cloud environment are only available to Customers that elect to have those services provided to them on their Work Order.
    58. “Image-based Backup” shall mean a point-in-time copy of a defined collection of data.
    59. “iland Support” shall refer to the Provider’s technical support department, which acts as the primary contact for all Customer’s requests for help and assistance once the initial deployment has been completed.
    60. “Insider Protection” shall mean the optional feature for the iland Secure Cloud Backup with Veeam service delivered by the Provider that provides an off-repository storage folder into which all deleted files will be retained for a short time allowing for the restoration of those files by the Provider based on the Customer’s request. The length of time these files are stored is set in the Work Order.
    61. “IOPS” shall mean Input/Output Operations Per Second and is a common performance measurement used to benchmark computer storage devices.
    62. “Letter of Authorization” or “LOA” is a document from the Customer or Carrier authorizing the Provider to act on their behalf.
    63. “Machine” shall mean the computing equipment on which the Customer is running the Veeam Cloud Connect software and the computing equipment used by the Customer to access the Cloud Resources (but excluding the Cloud Resources).
    64. “Managed Compliance-as-a-Service” shall mean recurring activities and ongoing professional Compliance Services.
    65. “Managed Migration Service” shall mean the Provider’s process and service that assists the Customer with the migration of Virtual Machines and/or Physical Servers from the Customer’s Primary Site into a Provider’s Virtual Data Center, and the connectivity setup and configuration that it entails.
    66. “Managed Security Portal” shall mean the site that is accessed as part of the Continuous Risk Scanning offering providing the customer visibility into the vulnerabilities within their environment, which can be accessed at https://assess.grncld.com/
    67. “Model Contract Framework” shall mean Compliance Services that falls under the Governance Framework and provides alignment with the standardized contractual clauses that European Union (EU) data protection law requires for the exchange of data.
    68. “Network Support Service” shall mean the Provider’s process and service that assists the Customer with the initial implementation and ongoing support of Customer’s virtual network appliances and their configurations.
    69. "Microsoft 365 user" shall mean a Microsoft 365 end-user account that, because it is being backed up using the Provider's services, requires an iland Secure Cloud Backup for Microsoft 365 license. A Microsoft 365 user account can use one or many applications such as Exchange Online, OneDrive for Business, SharePoint Online, and Microsoft Teams.
    70. “Object Storage Access Credentials” are comprised by a pair of text strings (Key and Secret) used in an iland Secure Cloud Object Storage environment that the Customer generates through the iland Secure Cloud Console.
    71. “On-boarding Provisioning Form” shall mean a document used by the Provider for information gathering and collection of all Customer specific technical and infrastructure related details for the sole purpose of the Provider providing the on-boarding service, integration, and management services to the Customer as part of an iland Secure DRaaS with Zerto or iland Secure DRaaS with Veeam service contract.
    72. "Onsite Backup" shall mean an archive copy of computer data stored at the same DataCenter location where the source of that data resides.
    73. "Offsite Backup" shall mean an archive copy of computer data stored at another remote DataCenter location different to the one where the source of that data resides.
    74. “Playbook” shall mean a set of configured instructions within the Managed Endpoint Detection and Response (EDR) service that outlines the automated steps taken following a specific alert condition.
    75. “Primary Site” shall mean the Customer’s physical location in which the Customer’s Virtual Machines function in normal, non-Failover scenarios in a DRaaS environment.
    76. “Product Compatibility Matrix” shall identify the requirements that the Customer's systems and software must meet in order for them to be compatible with the Provider's offerings. The Customer can access the Matrix by accessing our Success Center at https://success.iland.com/hub.
    77. "Recovery Group" shall mean one or more Virtual Machines grouped together for replication purposes.
    78. “Recovery Plan” shall mean the detailed steps involved in how a Customer’s Virtual Machines will be recovered into the Provider’s Recovery Site.
    79. “Recovery Point Objective” or “RPO” shall mean the maximum acceptable amount of data loss, measured in time, between the last point-in-time that IT services (applications and data) can be restored to during a Disaster.
    80. “Recovery Site” shall mean the Provider’s physical location as specified in the Work Order to which the Virtual Machines located in the Primary Site will be replicated.
    81. “Recovery Time Objective” or “RTO” shall mean the maximum desired length of time allowed between an unexpected failure or Disaster and the recovery of the IT services (applications and data).
    82. “Replica Seeding” or “Seed Replica” shall mean the process of exporting Virtual Machine data from an iland Secure Cloud Backup Target Site repository, and importing Virtual Machine data into a Virtual Data Center at Recovery Site and in the same Data Center location.
    83. “Reserved Resources” shall mean Cloud Resources that are dedicated to the Customer.
    84. “SD-WAN” or “Software-Defined Wide Area Network” shall mean a virtual WAN architecture that allows communication between networks over the Internet using software-defined technology and encryption.
    85. “Shared Resources” shall mean a pool of Cloud Resources shared across multiple Customers in a multi-tenant environment.
    86. “SOC” or “Security Operation Center” shall mean a centralized function within the Provider’s organization composed of people, processes, and technologies that continuously monitor and improve the Customer’s security posture by detecting, analyzing, and responding to cybersecurity incidents.
    87. “SSD Storage” shall mean storage resources provided on Solid State disks.
    88. “Statement of Work” or “SOW” shall mean a document defining the project specific activities, requirements, considerations, deliverables and timelines between the Customer and the Provider, conjunction with the specifications of the relevant Work Order
    89. “Success Center” shall refer to the digital site provided by the Provider that consists of a knowledge-base that contains product documentation, user guides, and technical articles related to the Provider’s portfolio of services located at https://success.iland.com/hub.
    90. “Source Site” shall mean the Customer’s physical location from which the Customer’s Virtual Machines will be backed up in an iland Secure Cloud Backup environment.
    91. “Target Site” shall mean the the Provider’s physical location as specified in the Work Order to which the Machines will be backed up in an iland Secure Cloud Backup environment.
    92. “Users Authorized to Declare Disasters” shall mean users defined on the Customer Contact form which have the Customer’s authorization to declare a Disaster. If Cloud Resources are available at the time-of-Disaster, the Customer pre-authorizes Users Authorized to Declare Disasters the option to expand its Reserved Resources up to the Disaster Resource Limit specified in the Work Order. These resources are billed on a monthly basis with a minimum of one-month commitment. The Customer’s Resource Burst Limit will not be modified. At the end-of-Disaster, the Customer has the option to revert to the original Reserved Resource quantity.
    93. “vApp” shall mean a collection of pre-configured Virtual Machines that combine applications with the operating systems that they require allowing them to work together in a stack as an application.
    94. “Virtual Machine” or '"VM" shall mean a guest operating system such as Windows or Linux that can run or be stored as an isolated entity on a host and is separated from the physical resources it uses such that the host environment is able to dynamically assign those resources among several Virtual Machines.
    95. “Virtual Data Center” shall mean self-contained infrastructure including, compute, memory, and storage that is pooled, aggregated, virtualized and delivered as-a-service.
    96. “Workload” shall mean a logical Virtual Machine or physical server instance used for the purposes of hosting one or more applications and / or data set instances.
    97. "Zerto Journal" or "Journal" shall mean the collection of replicated data and checkpoints defined as part of the Virtual Protection Group (VPG) configuration. The Journal lives in the Recovery Site and it determines the maximum amount of history, in hours or days, that can be saved and leveraged during a failover event.
  2. Section 2: Universal Service Terms (Applicable to All Services)

    1. Service Commencement Date. For all the Provider’s Services, the Service Commencement Date of services shall be defined on the applicable Work Order.
    2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
      1. Testing and placing into production any software updates on the Provider’s systems in relation to the third party software on the Provider’s then-current Product Compatibility Matrix, which is updated from time to time to reflect new software updates that have been placed into production. The Provider shall not be liable to the Customer and the Customer can neither cancel nor withhold payment for an Order outside of the requirements set forth in the Master Service Agreement, Service Schedule, or Work Order if the Customer’s systems or software were not compatible with this Matrix prior to the commencement of a Work Order or if the Customer installs a software update before that update is reflected in the Provider’s then-current Product Compatibility Matrix. In addition, while the Provider may test third party software updates before listing them on the Provider’s then-current Product Compatibility Matrix, those tests are solely designed to ensure that the third party software updates will not have a negative effect on the Provider’s ability to provide agreed upon services to the Customer and the Provider presents those updates listed as being compatible “as is” with no warranties of any kind, express or implied, including, but not limited to, warranties for fitness of purpose in regard to the third party software.
    3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
      1. Supplying the Provider with information reasonably required to fulfill its obligations;
      2. Promptly notifying the Provider if the Cloud Resources are compromised, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar malicious code; and
      3. Reviewing the Provider’s then-current Product Compatibility Matrix before procuring the Provider's services and before installing any software updates in order to ensure that the Customer’s systems are compatible with the Provider’s system. The Provider shall not be liable to the Customer and the Customer can neither cancel nor withhold payment for an Order outside of the requirements set forth in the Master Service Agreement, Service Schedule, or Work Order if the Customer’s systems or software were not compatible with this Matrix prior to the commencement of a Work Order or if the Customer installs a software update before that update is reflected in the Provider’s then-current Product Compatibility Matrix. In addition, while the Provider may test third party software updates before listing them on the Provider’s then-current Product Compatibility Matrix, those tests are solely designed to ensure that the third party software updates will not have a negative effect on the Provider’s ability to provide agreed upon services to the Customer and the Provider presents those updates listed as being compatible “as is” with no warranties of any kind, express or implied, including, but not limited to, warranties for fitness of purpose in regard to the third party software;
      4. Configure the appropriate organization access including the creation, modification, and deletion of end-user iland Secure Cloud Console account(s).
      5. If the Customer is providing operating system or application licenses:
        1. Adhering to the relevant software vendor’s licensing agreements,
        2. Implicitly consenting to the transferring of limited Customer data (i.e. such as Customer contact information) by the Provider to third party licensors providing licenses to the Customer for the purpose of verifying and monitoring compliance and usage with the terms associated with those licenses,
        3. Maintaining, updating and keeping current license information (as interruption of services may result if such licenses are not maintained). This includes ensuring that the quantity and type of licenses do not exceed the Customer-provided licenses. If the Provider determines (in its sole discretion) that the Customer has exceeded the Customer-provided quantity of licenses, the Provider will (1) notify the Customer of such usage, (2) advise the Customer to upgrade its Work Order in order to reflect the additional license usage, and (3) invoice the Customer for the costs associated with the additional license usage during the corresponding period. If the Provider advises the Customer to upgrade its Work Order in the preceding sentence and the Customer does not upgrade its Work Order within 30 days after receiving that notice, the Provider reserves the right to unilaterally increase the number of licenses on the Customer Work Order in order to true up the licensed endpoints. The Customer agrees to pay any invoices or charges for any additional licenses or back charges allowed under this Section,
        4. Building Virtual Machine templates using Customer-provided operating system licenses,
        5. Not utilizing Microsoft operating system original equipment manufacturer (OEM) licenses as they are not allowed; and
        6. Adhering to the Provider’s then-current Acceptable Use Policy as defined in the Definitions Section 1.2 at all times; and
      6. If the Customer is consuming Provider-provided licenses:
        1. Adhering to the relevant software vendor’s licensing agreements,
        2. Implicitly consenting to the transferring of limited Customer data (i.e. such as Customer contact information) by the Provider to third party licensors providing licenses to the Customer for the purpose of verifying and monitoring compliance and usage with the terms associated with those licenses, and
        3. Maintaining, updating and keeping current license information (as interruption of services may result if such licenses are not maintained). This includes ensuring that the quantity and type of licenses do not exceed the contracted amount as described in the Work Order. If the Provider determines (in its sole discretion) that the Customer has exceeded the contracted quantity of licenses, the Provider will (1) notify the Customer of such usage, (2) advise the Customer to upgrade its Work Order in order to reflect the additional license usage, and (3) invoice the Customer for the costs associated with the additional license usage during the corresponding period. If the Provider advises the Customer to upgrade its Work Order in the preceding sentence and the Customer does not upgrade its Work Order within 30 days after receiving that notice, the Provider reserves the right to unilaterally increase the number of licenses on the Customer Work Order in order to true up the licensed endpoints. The Customer agrees to pay any invoices or charges for any additional licenses or back charges allowed under this Section;
    4. Customer Data.
      1. By purchasing the Provider’s Services, the Customer acknowledges that the Provider could potentially be exposed to Customer data which shall not be utilized by the Provider for any purpose other than the purpose of carrying out the Provider’s Obligations specified under Sections 2 and 3 of this Service Schedule. By purchasing Provider Services, the Customer expressly acknowledges that it understands and accepts this possibility and the Customer further agrees to not hold the Provider liable in the event that such an exposure occurs.
      2. After the signing of an Order, the Customer and the Provider may mutually agree to move or redirect the Customer’s data from the Data Center identified on an Order to a different Data Center located in the same country. In the event that the Customer and the Provider come to such an agreement, the Customer shall not be required to sign a replacement Order in order to effect that change and the Provider shall not be in breach of the Agreement or any Order if it moves or redirects the Customer’s data in accordance with that agreement.
    5. Service Level Agreement. Infrastructure and Service Availability, Service Performance, and Response times are available on the Service Level Agreement accessible at https://www.iland.com/legal/sla
    6. Disabling Cloud Resources. If the Cloud Resources get infected, hacked, or are compromised in any way, or if it is determined by the Provider that there is a potential threat to the Provider's network or any of the Provider's other customers, the Provider will make commercial best efforts to notify the Customer and may in its sole discretion disable the Cloud Resources until the Customer can take the appropriate actions to resolve the issue or contact the Provider to resolve the issue. The Provider may disable the Cloud Resources at any time if the Provider reasonably believes that the Customer has violated the Provider's then-current Acceptable Use Policy.
    7. Beta Service Participation. This section describes the terms and conditions under which the Customer may access certain services or features available by the Provider that are not considered Generally Available. Services or features labeled "beta" (each, a "Beta Service"), or access and use of the Provider's Services available in Data Centers that are also labeled as "Beta Location".
      1. Customer may access the applicable Beta Service used in a generally available Data Center, or in a Beta Location during the term specified by the Provider;
      2. Customer shall not grant access to any Beta Service by any third party other than the Customer's employees and contractors that have executed written non-disclosure agreements with the Provider;
      3. Customer shall not advertise or publicly disclose any of the features, services or performance of the Beta Services without the written approval from the Provider;
      4. The Customer shall utilize the applicable Beta Service used in a generally available Data Center, or in a Beta Location only for internal evaluation purposes or to provide feedback to the Provider;
      5. The Customer shall comply with the Provider's then-current Acceptable Use Policy when accessing and using the Beta Service or the Provider's Services in a Beta Location;
      6. The Provider may suspend or terminate Customer's access to or use of Beta Service or the Provider's Services available in Beta Locations;
      7. The Customer shall provide reasonably-requested information related to access, use, testing, or evaluation results of the Beta Services to the Provider;
      8. The Customer agrees that the Provider does not guarantee any Service Level, performance or stability of the Beta Service or any of the Provider's Services in Beta Locations;
      9. Access or use of the applicable Beta Services or the Provider's Services in the Beta Location will automatically terminate upon the release of a generally available version;
      10. The Customer agrees that after termination of
        1. The applicable Beta Service, or
        2. Access to a Provider's Service in a Beta Location,
        there will be a decommissioning process that will include the erasure of all the Customer's data;
      11. The Customer agrees that the Provider does not guarantee that any Beta Service or the Provider's Services in any Beta Location will ever be made generally available, or that the generally available version will be the same or similar as the version made available by the Provider during the term of the Beta Service or Beta Location, as applicable; and
      12. THE PROVIDER EXCLUDES ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, WITH RESPECT TO ANY SERVICE PROVIDED AS PART OF THE BETA SERVICE OR BETA LOCATION, AS APPLICABLE, INCLUDING WARRANTIES FOR MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, OR SATISFACTORY QUALITY OR WHETHER AT COMMON LAW OR CONTRACT OR TORT OR BY STATUTE, OR OTHERWISE. THE BETA SERVICES AND THE PROVIDER'S SERVICES IN ANY BETA LOCATION ARE OFFERED ON AN AS-IS, WHERE IS BASIS, WITH ALL FAULTS, AND ARE NOT SUBJECT TO ANY OF THE WARRANTIES SET OUT IN THE AGREEMENT.
    8. Inbound and Outbound Shipping Policy to/from any of the Provider's Data Center. The terms and conditions of this Section 2.8 shall be applicable if the Customer-Provided Equipment needs to be shipped from the Customer to the Provider or from the Provider to the Customer.
      1. Responsibility and Liability. It is the Customer's sole responsibility to arrange the packaging and shipping of the Customer-Provided Equipment, as the Provider does not provide those services. Because the Provider does not provide those services, the Provider accepts no liability or responsibility in regard to the Customer-Provided Equipment being damaged or mishandled in the packaging and shipping process. Any Customer-Provided Equipment or property not removed within thirty (30) days after the expiration or termination of service agreement(s) will be deemed abandoned and become the property of the Provider. The Customer will be liable for all costs incurred by the Provider as a direct result of removal and disposal of any abandoned Customer-Provided Equipment.
      2. Usage of Carriers. Should the Customer utilize a Carrier for this service, the Customer shall coordinate with that Carrier directly in order to address the variables that arise during shipping, such as shipping internationally or any applicable tax or tariff related requirements; and
      3. Provider's Shipping Process. The Customer is required to contact the Provider's project manager for specific details on the Provider's Inbound and Outbound Shipping Process. The Customer shall be charged the applicable Remote Hands and/or iTech fees for the Provider's assistance.
    9. Statement of Work (SOW). The terms and conditions of this Section 2.9 are applicable to all Statement of Work documents that shall be required prior to the Deployment of a Provider’s specific Service.
      1. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Providing the Customer with a team to ensure the successful completion of the project. This team will include a project manager and a qualified deployment engineer to perform the services purchased; the Provider’s standard support will be available upon completion of the project;
        2. Ensuring that resources are available to complete the tasks and hold meetings per the project timeline;
        3. Providing all deliverables described in the SOW;
        4. Providing written communication and documents through the project tickets;
        5. Adhering to the project schedule and milestone projections. The Provider will notify the Customer as soon as possible if a need to reschedule should arise;
        6. Providing a method of feedback for each project;
      2. Customer’s Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Designating one Technical Contact as the primary contact who will be responsible for the project, acting as the Customer’s project manager;
        2. Reviewing all the documentation the Provider shares with the Customer and asking for clarification when needed;
        3. If required, ensuring that there is enough bandwidth at the Primary Site to enable initial replication of data and successive incremental changes of data to the Recovery Site;
        4. Reviewing the Provider’s online product documentation and user guides located on the Provider’s Success Center;
        5. Providing ample time for the Customer’s project manager to maintain communication with the Provider’s project manager to complete the project requirements;
        6. When possible, providing at least one (1) business day written notice to reschedule any meeting. The Provider understands that emergency circumstances come up as is the nature of the IT services business and that, as a result, one day advance notice is not always possible; and
        7. Missed meetings are defined as being absent from a scheduled meeting by 15 minutes or more after the start time without notifying iland in writing in advance. If three (3) meetings are missed, then the project may be placed “On Hold” at the Provider’s sole discretion, and a project placed on “On Hold” status will be rescheduled to the Provider’s next availability. There is no guarantee that a project rescheduled due to “On Hold” status will be assigned to the same Provider’s project manager.
      3. Risks. The SOW and Work Order were designed and built according to specific information identified during the discovery phase. If that information is incorrect or has changed, the timeline and cost of this project could change.
        1. Compatibility. The Provider publishes the Product Compatibility Matrix which details the current requirements for a Customer’s system and it’s compatibility with the Provider’s system as specified under Section 2.3.3 of this Service Schedule. For DRaaS and/or Migration Services, the Provider makes every effort to ensure that the Customer’s Primary Site or Source Site meets the requirements during the pre-sales process, but in the event something in the Customer’s environment is not compatible with the Provider’s solution, the Provider shall make every reasonable effort to provide assistance to accommodate the Customer. The most common incompatibilities are:
          1. Customer is running VMs with a VM hardware version which is not supported by the Provider,
          2. Customer is running a version of the replication software that the Provider does not support, and
          3. Customer is using Guest Operating Systems that the replication software does not support;
        2. Storage. Storage requirements can change quickly. During the kick-off call, the Provider’s project manager will confirm the amount of storage you need and the amount of storage you purchased. If more storage is needed, the Provider’s project manager will work with the Provider’s sales representative to increase storage;
        3. Bandwidth. If required, the amount of bandwidth the Customer allocates for replicating the data directly correlates with how long replication will take. The Provider recommends providing as much bandwidth as possible during and after the Customer’s office hours. This will ensure the Customer’s data is replicated as quickly as possible without affecting the Customer’s day-to-day operations;
        4. Shared Disks. For DRaaS and/or Migration Services, the Customer understands that any shared disks used across multiple VM’s need to be converted to a single VMDK and used from a single VM. Clustered servers or shared disks are not supported within this SOW Section and would require alternate planning. This solution only supports SCSI based disks. CIFS, IDE, or any other disk types are not supported; and
        5. Active Directory replication. For DRaaS, the Customer understands that in some cases a live Active Directory server is needed for replication and should be connected to the Customer’s internal network for quicker and more seamless recovery of the solution.
  3. Section 3: Service-Specific Terms

    1. iland Cloud. The terms and conditions of this Section 3.1 are applicable to each Work Order that includes iland Cloud services.
      1. Resources.
        1. Storage.
          1. Public. These Cloud Resources are available as Shared Resources with Advanced and/or SSD storage types as specified in the Work Order; and
          2. Dedicated. These Cloud Resources are available as Dedicated Resources with Accelerated and/or SSD storage types as specified in the Work Order with varying parameters:
            1. Capacity. Dedicated Storage is sold in preconfigured sizes, each size providing different usable capacity as specified in the Work Order, which is determined by the maximum recommended usable capacity for the underlying storage component that accounts for the average deduplication and compression ratios.
            2. Performance. Performance for each preconfigured size is specified in the Work Order.
            3. Interoperability. Dedicated Storage resources are only supported under Private Virtual Data Centers, which should only be comprised of resources with similar capacity and performance. Mixing Public and Dedicated storage under the same Private Virtual Data Center is not supported.
        2. CPU & RAM.
          1. Public. These Cloud Resources are available as Shared Resources as specified in the Work Order; and
          2. Private. These Cloud Resources are available as Dedicated Resources as specified in the Work Order. The Provider is responsible for architecting and deploying CPU & RAM in a high availability configuration;
        3. Bandwidth (Public or Private). Bandwidth is available as a Shared Resource as specified in the Work Order. On Work Orders where network bandwidth is not specified, it is included, abiding by the Excessive Use Section on the Acceptable Use Policy;
        4. Business Models (Public or Private). Cloud Resources are available in either Reserved, Burst, or Reserved plus Burst models as specified in the Work Order; and
        5. Overhead (Private only). The Customer acknowledges that all applications and hypervisors require some amount of overhead resource capacity in order to run optimally. The Customer agrees that the Dedicated Resources on the Order will be used for the overhead capacity of the Customer’s applications/hypervisor and that it is the sole responsibility of the Customer to ensure sufficient Cloud Resources exist.
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Onboarding the Customer into the Provider's Cloud Services by giving access to the service and guiding the Customer through the process of deploying the service;
        2. Provide documentation, project management, and guiding the Customer through an initial set up;
        3. Provide ongoing support and education on the service at the Customer's request;
        4. Creating Virtual Data Center(s) consisting of compute, memory, storage infrastructure, and network bandwidth per specifications detailed in the Work Order;
        5. Maintaining the underlying cloud infrastructure components such as compute, memory, storage and networking by following the Provider’s guidelines for managing these environments;
        6. Providing the Customer with the URL and authentication credentials to access the Customer’s Cloud Resources;
        7. Assigning external and internal IP addresses for the virtual router per the Customer-provided requirements; and
        8. Providing VM templates with Microsoft Windows Data Center Licensing.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Unless specified on the Work Order, implementing dedicated physical or virtual network security appliance, managing Firewall(s) including but not limited to the configuration of Network Address Translation (NAT) Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), Load Balancing, and static routing;
        2. If the Customer chooses to Seed Data, then the Customer must follow the Provider’s then-current Data Seeding Guidelines;
        3. Ensuring Virtual Machines match specifications as defined in the Provider’s then-current Product Compatibility Matrix;
        4. Maintaining operating systems and applications installed on the Customer's Virtual Machines or in the Customer's Virtual Data Center, including, but not limited to, patching, upgrades, updates and anti-virus software in accordance with industry best practices;
        5. Fixing any problems resulting from upgrades to the Virtual Machines operating system;
        6. Providing Virtual Machine and application log monitoring;
        7. Providing support for operating systems and applications installed on the Customer-Managed Virtual Machines; and
        8. If the Customer provisions Reserved Resources in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation or errors caused by over allocation.
      4. Encryption.
        1. VM Encryption.
          1. The Provider offers encryption on a per VM or per volume basis, and is available to the Customer if purchased on the Work Order,
          2. The Customer agrees and understands that when running VM Encryption some features in the iland Secure Cloud Console that require access to the Customer's VMs may not function or provide information, since the Customer's VM will be encrypted, and
          3. VM Encryption encrypts data using AES-128/256 algorithms and allows the Customer to manage the encryption keys. The Customer understands that the Provider has no access to encryption keys.
      5. Security Features.
        1. The iland Secure Cloud Console performs the following function:
          1. Vulnerability Scanning.  Assesses systems, networks and applications for weaknesses and detects known and zero day attacks. Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. The weekly predefined scan generates a report which is added to the historical data.
    2. iland Secure Cloud. The terms and conditions of this Section 3.2 are applicable to each Work Order that includes iland Secure Cloud services.
      1. Resources.
        1. Storage.
          1. Public. These Cloud Resources are available as Shared Resources with Advanced and/or SSD storage types as specified in the Work Order; and
          2. Dedicated. These Cloud Resources are available as Dedicated Resources with Accelerated and/or SSD storage types as specified in the Work Order with varying parameters:
            1. Capacity. Dedicated Storage is sold in preconfigured sizes, each size providing different usable capacity as specified in the Work Order, which is determined by the maximum recommended usable capacity for the underlying storage component that accounts for the average deduplication and compression ratios.
            2. Performance. Performance for each preconfigured size is specified in the Work Order and it’s defined based on the underlying storage component’s total IOPS based on 50/50 Read/Write and using 4K random block size.
            3. Interoperability. Dedicated Storage resources are only supported under Private Virtual Data Centers, which should only be comprised of resources with similar capacity and performance. Mixing Public and Dedicated storage under the same Private Virtual Data Center is not supported.
      2. Encryption.
        1. Storage Encryption. Storage is encrypted at rest with AES-256 in XTS cipher mode with FIPS 140-2 approved algorithms.
      3. Security Features.
        1. The Provider offers internal and external vulnerability scanning and reporting on the Customer's public Internet facing IPv4 address blocks and presents the information in the iland Secure Cloud Console;
        2. The iland Secure Cloud Console performs the following functions, if enabled, and displays them in reports. In order to enable some features, a software agent may be required to be loaded on the Virtual Machine:
          1. Vulnerability Scanning.  Assesses systems, networks and applications for weaknesses and detects known and zero day attacks. Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. There are 2 types of scanning available:
            1. Weekly predefined scan and report, and
            2. On-demand scan that generates new reports ad-hoc.
          2. Malware Detection. Detects malware, viruses, spyware, trojans, and other malware,
          3. Firewall. Bidirectional host-based stateful firewall that audits all traffic incoming and outgoing from the VM,
          4. Configuration Auditing. Checks that IT assets are compliant with the Provider’s policies and standards,
          5. Compliance Reports. Provides logs and data necessary to fulfill audit requirements,
          6. Web Application Scanning. Discovers web server and services weaknesses and OWASP vulnerabilities, and
          7. Integrity Monitoring. Monitors critical operating system and application files, such as directories, registry keys, and values, to detect and report malicious and unexpected changes in real time; and
        3. The information contained within the reports are intended solely to identify threats, vulnerabilities, and statuses of the Cloud environment components, and is provided “as is” without warranty of any kind, express or implied, including but not limited to warranties for fitness of purpose. The Provider does not warrant the completeness of accuracy of the report, nor does it make any recommendations based on the findings noted herein.
    3. Standard Backups. The terms and conditions of this Section 3.3, are applicable to each Work Order that includes both the Provider's Standard Backups and at least one of the Providers services that are described in any of the following Sections: Section 3.1 (iland Cloud), Section 3.2 (iland Secure Cloud), iland Secure Private Cloud, Section 3.6 (iland Secure Cloud-to-Cloud Continuity), Section 3.10 (iland DRaaS with Zerto), and Section 3.11 (iland Secure DRaaS with Zerto) of this Schedule.
      1. Resources.
        1. Storage. The amount of storage available for backups as specified by the Work Order;
        2. Licensing. All required licensing is included in the service on the Target Site;
        3. Business Models. Storage is available in a Reserved plus Burst model;
      2. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Providing the pool of storage as specified by the Work Order;
        2. Creating initial backup jobs with the number and frequency of the backup restore points on the target location as specified by the Work Order;
        3. Provide ongoing support and education on the Service at the Customer's request;
        4. Maintaining the underlying cloud infrastructure components such as compute, memory, storage and networking by following Provider's guidelines for managing these environments;
        5. Providing storage pool modification options to the Work Order as required by the Customer, which is directly linked to the amount of production storage;
        6. In case of Provider-assisted restoration, assisting the Customer with initiating the restore at-time-of-Disaster;
        7. In the event of Disaster and restoration from the Target Site, the Provider can, if needed, assisting the Customer with restoration from Disasters to the Customer's Source Site for additional iTech fees;
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Providing the Provider with information reasonably request to fulfill its obligations, including without limitation backup requirement details;
        2. At the Customer’s discretion, restoring backups either through the self-service iland Secure Cloud Console or by requesting support from the Provider in restoring backups;
        3. Performing agent-based application aware backups and restores, as the Provider does not guarantee the recoverability of individual applications running on the Virtual Machines, such as databases or email messaging systems. The Customer is also responsible for performing granular recovery of individual items from agent based application aware backups;
        4. Promptly notifying the Provider if the Cloud Resources are hacked, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar code;
        5. If the Customer provisions Reserved Resources in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation, loss of backup data, or errors caused by over allocation, this includes the storage necessary for processing the snapshot-based backups, which could result in production storage Burst charges; and
        6. In order for the Customer to restore Virtual Machine data, the Customer must have sufficient storage available. If the Customer does not have sufficient storage available, the Customer may have to purchase more storage to make the restore possible.
      4. Risks.
        1. There may be times where the Provider’s service is unable to perform daily backups. Reasons for a backup job failure include, but are not limited to, situations where a job is unable to start during retry windows, services are temporarily unavailable, conflicts occur between resources, etc. Where such failure occurs, the Provider will use reasonable efforts to attempt to remedy any potential backup job failures, and the Customer shall hold the Provider harmless in the event that a backup job did not occur successfully.
    4. Advanced Backups. The terms and conditions of this Section 3.4, are applicable to each Work Order that includes both the Provider's Advanced Backups and at least one of the Providers services that are described in following Sections: Section 3.1 (iland Cloud), Section 3.2 (iland Secure Cloud), Section 3.6 (iland Secure Cloud-to-Cloud Continuity), Section 3.8 (iland DRaaS with Veeam), Section 3.9 (iland Secure DRaaS with Veeam), Section 3.10 (iland DRaaS with Zerto), and Section 3.11 (iland Secure DRaaS with Zerto) of this Schedule.
      1. Resources
        1. Backup Policies. The policies that define the Advanced Backup schedule of how often and when to take a backup and also the retention timeframe for that backup. The policies also define how often full backups should be taken and how often to retry in the event of backup failure;
        2. Backup Groups. Groups define what Virtual Machines are backed up and assigns defined Backup Policy to those virtual machines;
        3. Licensing. All required licensing is included in the service on the Target Site;
        4. Business Models. Storage is available in a Reserved plus Burst model;
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Providing the pool of Storage as specified by the Work Order;
        2. Providing documentation and guide the Customer through an initial setup;
        3. Providing ongoing support and education on the Service at the Customer's request;
        4. Maintaining the underlying cloud infrastructure components such as compute, memory, storage and networking by following Provider's guidelines for managing these environments;
        5. Providing storage pool modification options to the Work Order as required by the Customer;
        6. In case of Provider-assisted restoration, assisting the Customer with initiating the restore at-time-of-Disaster;
        7. In the event of Disaster and restoration from the Target Site, the Provider can, if needed, assist the Customer with restoration from Disasters to the Customer's Source Site for additional iTech fees;
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Providing the Provider with information reasonably request to fulfill its obligations, including without limitation backup requirement details;
        2. Creating and Maintaining the Backup Policies and Backup Groups through the self-service iland Secure Cloud Console. The Customer is responsible to ensure that their Virtual Machines are in the appropriate Backup Groups and have the appropriate Backup Policies applied to meet the Customer's desired RPO and retention times;
        3. Performing agent-based application aware backups and restores, as the Provider does not guarantee the recoverability of individual applications running on the Virtual Machines, such as databases or email messaging systems. The Customer is also responsible for performing granular recovery of individual items from agent based application aware backups;
        4. At the Customer’s discretion, restoring backups either through the self-service iland Secure Cloud Console or by requesting support from the Provider in restoring backups;
        5. Promptly notifying the Provider if the Cloud Resources are hacked, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar code;
        6. If the Customer provisions Reserved Resources in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation, loss of backup data, or errors caused by over allocation, this includes the storage necessary for processing the snapshot-based backups, which could result in production storage Burst charges; and
      4. Risks.
        1. Customer acknowledges that Provider is not responsible for monitoring backup job performance and status. Customer is fully responsible for the monitoring of job performance, SLAs, Backup Policies and Backup Groups. Customer may engage Provider in assistance in monitoring such items for additional iTech fees;
        2. There may be times where the Providers service is unable to perform daily backups. Reasons for a backup job failure include, but are not limited to, situations where a job is unable to start during retry windows, services are temporarily unavailable, conflicts occur between resources, etc. Where such failure occurs, the Provider will use reasonable efforts to attempt to remedy any potential backup job failures, and Customer shall hold Provider harmless in the event that a backup job did not occur successfully.
    5. iland Managed Migration Service. The terms and conditions of this Section 3.5 are applicable to each Work Order that includes the Provider’s Managed Migration Service in combination with either iland Cloud or iland Secure Cloud.
      1. Assets & Deliverables.
        1. Connectivity Design Documentation. Technical documents and/or diagrams providing engineering level information and configuration details for the purpose of interconnecting the Customer Primary Site(s) to the designated Provider Site(s) delivering the service capabilities to the Customer;
        2. On-boarding Project Plan A documented overview of all tasks associated with the Provider’s on-boarding process for interconnectivity and delivery of the Managed Migration Service from the Customer Primary Site(s) Workloads within scope of the mutually agreed upon service contract. The purpose of this document is to track ownership, progress and completion of all applicable on-boarding tasks in collaboration between the Customer and the Provider; and
        3. Migration Workbook. A detailed discovery document used to collect all of the Customer specific technical and infrastructure related information for the sole purpose of the Provider providing the Managed Migration Service as part of the service contract; and
      2. Migration Project Management.
        1. Project managers. Both the Provider and the Customer shall appoint a project manager each who will serve as the primary contact point; and
        2. Migration Project Management Engagement. The Provider’s project manager and the Customer’s project manager shall meet as required for the duration of the migration process for the purposes of facilitating a successful relationship and overseeing the implementation of all Cloud Resources and Managed Migration Service outlined in the Work Order and the Migration Provisioning Form, including but not limited to, (a) tracking the progress of the migration and implementation process and all associated tasks; (b) reviewing other current or future projects or business plans that may impact the Managed Migration Service, (c) reviewing weekly status reports in order to review the Provider’s performance in execution of the project for delivery of all Managed Migration Services, (d) coordinating and planning for any new equipment or software acquisitions specific to supporting the completion of the Managed Migration Service.
      3. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best-practices:
        1. Providing enhanced onboarding project management deliverables, to include:
          1. Status call between the Provider’s migration personnel and the applicable Customer’s contacts, and
          2. Status report summarizing project tasks progress, project milestones, estimated and actual durations/completion dates and critical path items;
        2. Providing and managing supporting service documentation to include:
          1. Inventory and workload specifications (e.g. compute, storage, networking) of all Workloads within scope of the Work Order, and
          2. L2/L3 network design for compatibility and integration between the Customer’s Primary Site(s) and the Provider’s networking services and design guidelines;
        3. If applicable, providing installation, configuration and management of all services components required for the Managed Migration Service, to include:
          1. Replication software installation, guiding the Customer through setup and configuration both in the Customer on-premise and the Provider’s cloud data center environments (where applicable),
          2. Setup and configuration of VPN connections (where applicable), and
          3. Setup and configuration of all Provider’s side networking components support dedicated circuits for WAN connectivity (where applicable); and
        4. Providing full setup and configuration for replication of the Workloads within scope and applicable to the Work Order and the Migration Workbook;
      4. Customer’s Obligations. The Customer is responsible for the following in accordance with the Provider’s delivery of the iland Managed Migration Service and industry best-practices:
        1. Ensure all Customer-owned software, applications, devices, systems, processes, and services that maintain the Customer’s data to be migrated as part of the Work Order are covered as specified under Section 2.3.5 of this Service Schedule for the purposes of fulfilling the Work Order;
        2. Where applicable, the Customer shall maintain all firmware or software updates to all Customer-owned hardware, software, applications, devices, and systems in use with or protected by services provided by the Provider;
        3. Where applicable: contact all software, application, device, system, service, and service providers covered under the Work Order and add appropriate Provider’s personnel as approved contacts for the purposes of fulfilling this Service Schedule;
        4. Complete the Migration Provisioning Form provided by the Provider;
        5. Provide all current and existing documentation of the Customer’s Primary Site(s) to include; environment “as-built” documentation, application contact information, application dependencies, current backup strategy, and disaster recovery plans if applicable;
        6. Provide the Provider’s personnel with Customer’s asset discovery and documentation where applicable;
        7. Where applicable; provide all current process documentation in support of the Managed Migration Service outlined in the Work Order and provide all assistance necessary to modify existing or implement new processes to streamline the delivery of services;
        8. Where applicable, the Customer shall maintain all software and other devices or items provided to the Customer by the Provider located within the Customer’s Primary Site(s) in direct support of the delivery of the Managed Migration Service outlined in the Work Order (the “Equipment’) in good working order and in accordance with applicable manufacturers’ specifications. The Customer shall notify the Provider immediately upon determination that any Equipment is not in compliance with the foregoing, or is in material breach of the terms and conditions set forth in this Service Schedule; and
        9. The Customer shall cooperate with the Provider with regard to the performance of the Provider’s obligations hereunder, including (without limitation):
          1. Providing the Provider with the required remote access to Customer’s Equipment, as may be reasonable to permit the Provider to perform its obligations hereunder, and
          2. Notifying the Provider of any changes to its configurations that could potentially impact the Managed Migration Service.
    6. iland Secure Cloud-to-Cloud Continuity. The terms and conditions of this Section 3.6 are applicable to each Work Order for iland Secure Cloud-to-Cloud services.
      1. Resources. The Cloud Resources used in the Recovery Site mimic the Cloud Resources used in the Primary Site, hence the available features will be the same as the Cloud Resources specified in the Work Order for the Primary Site.
        1. Storage. The types of storage available are Advanced, Accelerated, and/or SSD. Storage purchased by the Customer includes both protected data and Zerto Journal data; Zerto Journal data may not be displayed on the iland Secure Cloud Console, but the Customer is still responsible for paying for this storage and may request a report from the Provider if required. Storage types comprising the environment are specified in the Work Order;
        2. CPU & RAM. These Cloud Resources are available as Shared Resources. CPU & RAM comprising the environment are specified in the Work Order;
        3. Bandwidth. Bandwidth is available as a Shared Resource as specified in the Work Order. On Work Orders where network bandwidth is not specified, it is included, abiding by the Excessive Use Section on the Acceptable Use Policy;
        4. Replication License. Replication licensing per protected Virtual Machine as specified in the Work Order; and
        5. Business Models. Storage is available in a Reserved plus Burst model. CPU, RAM and Bandwidth are available in a Burst model.
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Onboarding the Customer into the Provider's Cloud Services by giving access to the service and guiding the Customer through the process of deploying the service;
        2. Provide documentation, project management, and guiding the Customer through an initial set up;
        3. Provide ongoing support and education on the Service at the Customer's request;
        4. Creating Virtual Data Center(s) consisting of compute, memory, storage infrastructure, and network bandwidth per specifications detailed in the Work Order;
        5. Maintaining the underlying cloud infrastructure components such as compute, memory, storage and networking by following Provider’s guidelines for managing these environments;
        6. Providing the Customer with the URL and authentication credentials to access the Customer’s Cloud Resources;
        7. Assigning external and internal IP addresses for the Primary Site virtual router per Customer-provided requirements;
        8. Assigning external and internal IP addresses for the Recovery Site virtual router per Customer-provided requirements;
        9. Providing replication licensing and replication management for Virtual Machines as described in the Work Order as completed by the Customer;
        10. Configuring protection at the Primary Site using the iland Cloud-to-Cloud Recovery replication and retention policy of 24 hours of data retention for replicated servers at Recovery Site with replication frequency occurring once or more per hour between sites;
        11. Creating Virtual Protection Groups, per environment, per vApp, and initiate replication on Virtual Machines selected for replication;
        12. In case of Provider-assisted Failover, assisting the Customer with initiating Failover at-time-of-Disaster;
        13. Maintaining exclusive control of system administration security (e.g. administrator or root) level access for Provider-managed firewall or load balancing infrastructure;
        14. In the event of a Disaster and Failover to the Recovery Site, the Provider can, if needed, assist the Customer with Failback from Disasters to the Customer's Primary Site for additional iTech fees;
        15. Re-advertise the Customer’s IP Address Block from in case of Disaster; and
        16. If the Customer is running the Standard Backups service defined in Section 3.1, in the event of either a failover or of a VM being active in the Recovery Site’s virtual environment, the Provider will automatically begin backing up the Customer’s live workloads within 24 hours.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Unless specified on the Work Order, implementing dedicated physical or virtual network security appliance, managing Firewall(s) including but not limited to the configuration of Network Address Translation (NAT) Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), Load Balancing, and static routing;
        2. Providing compute, memory, storage and network requirements for each Virtual Data Center and creating Virtual Data Center network and role-based security policies;
        3. If the Customer chooses to Seed Data, then the Customer must follow the Provider’s then-current Data Seeding Guidelines;
        4. Ensuring Virtual Machines match specifications as defined in the Provider’s then-current Product Compatibility Matrix;
        5. Maintaining operating systems and applications installed on the Customer's Virtual Machines or in the Customer's Virtual Data Center, including, but not limited to, patching, upgrades, updates and anti-virus software in accordance with industry best practices;
        6. Fixing any problems resulting from upgrades to the Virtual Machines operating system;
        7. Providing Virtual Machine and application log monitoring;
        8. Providing support for operating systems and applications installed on the Customer-Managed Virtual Machines;
        9. Informing the Provider at the time any of these changes occur in the Primary Site:
          1. Adding a disk to a Virtual Machine or adding a Virtual Machine to a replicated vApp,
          2. Shutting down Virtual Machine in a protected vApp for an extended period (< 5 minutes),
          3. Deleting a Virtual Machine from a protected vApp, and
          4. Increasing resource capacity in Primary Site in relation to replicated Virtual Machines without increasing Cloud Resources at Recovery site;
        10. Initiating failover at-time-of-test and at-time-of-Disaster using the iland Secure Cloud Console;
        11. In case of Provider-assisted Failover, declaring a Disaster affecting the Primary Site following the Provider’s guidelines; and
        12. If the Customer provisions Reserved Resources in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation or errors caused by over allocation.
      4. Service Levels. Recovery Time Objective (RTO) and Recovery Point Objective (RPO) SLAs are accessible at https://www.iland.com/legal/sla.
    7. iland Secure Cloud Backup with Veeam. The terms and conditions of this Section 3.7 are applicable to each Work Order that includes iland Secure Cloud Backup services.
      1. Resources.
        1. Storage and Bandwidth. The Cloud Resources that comprise the iland Secure Cloud Backup with Veeam service include Archive Storage along with embedded unlimited incoming and outgoing network bandwidth as described in the Work Order;
        2. Licensing. Veeam Cloud Connect licensing is included in the service on the Target Site.
        3. WAN Accelerator.
          1. The Provider offers Veeam WAN Accelerator service to the Customer if purchased on the Work Order, and
          2. WAN Accelerator VM and cache use SSD storage;
        4. Insider Protection. The Provider offers Veeam Insider Protection service to the Customer if purchased on the Work Order; and
        5. Business Models. Storage is available in a Reserved model only.
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Providing pool of Cloud Storage, Veeam Cloud Connect licensing, and network bandwidth at Target Site per specifications detailed in the Work Order;
        2. Maintaining Target Site Cloud Storage infrastructure including patching, upgrades and updates;
        3. Creating Cloud Resources per specifications detailed in the Work Order;
        4. Providing Customer the URL and authentication credentials to access the Customer’s Cloud Resources;
        5. Providing storage pool modification options to the Work Order as required by the Customer;
        6. Providing up to two active connections between the backup server at the Source Site and the Cloud Resources at the Target Site per set of credentials. Additional active connections can be requested with the Provider's approval. All other jobs running concurrently will sit idle until the job using the connection completes. The same set of credentials can be used to send to concurrent backups from different locations, or Source Sites to the same Target Site. Alternatively, two different sets of credentials can be used to send backups concurrently from the same backup server at the Source Site.
        7. Insider Protection. Providing the Customer with Insider Protection if purchased on the Work Order with the following parameters:
          1. Retention. Insider Protection retention shall be set at 7 calendar days for the entire cloud repository,
          2. Backup repository. After the Customer deletes a backup on a cloud repository, regardless if this was intentional, accidental or caused by malware, the backup file(s) will be moved from the cloud repository to a "recycle bin" folder on the Provider backup repository that's not accessible by the Customer. While backup metadata files are deleted from disk immediately, the Provider will retain only full and incremental backup files,
          3. Repository quota. Backup files retained by the Provider shall not consume the Customer's cloud repository quota, as they are stored in a different folder only accessible by the Provider, and
          4. Backup recovery. Should the Customer submit a request to the Provider to recover a backup via a support ticket along with the iTech fees for the professional services to perform the restoration tasks, the Provider shall locate the backup file(s) required for data restore in the "recycle bin" and pass it/them to the Customer over the network or on a portable drive on a best-effort basis; Once the support ticket is closed, the Provider shall delete the temporary copies of the backup files; and
        8. Cloud Backup Restore to iland Cloud Services. Providing the Customer with the option to purchase a best-effort cloud restoration service of VMware backups to iland Cloud Services at an additional cost using the backup file chain stored at the Target Site with the following parameters:
          1. The accuracy and success of the restoration depends on the reliability of the backup file chain backed up by the Customer,
          2. The creation of Virtual Data Center(s) will consist of the specifications detailed in the relevant Work Order,
          3. The network connectivity to the restored environment will be provided by the Provider,
          4. The restoration shall be limited to repositories smaller than 20,000 GB,
          5. The restoration shall be limited to VMware based environments, and
          6. The Provider will start the restoration process within 24 hours after the Customer has both declared a Disaster by notifying the Provider and approved the new Work Order that contains the cloud resources required to run the workloads along with the iTech fees for the professional services required to perform the restoration tasks.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Providing the Provider with information reasonably required to fulfill its obligations, including without limitation backup requirement details;
        2. Procuring, implementing, and configuring of the correct licensed versions of Veeam Cloud Connect software on the Machines as specified in the Provider's then-current Product Compatibility Matrix;
        3. Configuring and performing of backups, recovery tasks, and Testing within the Veeam software installation;
        4. Managing applicable Customer-controlled firewall(s) including but not limited to the configuration of Network Address Translation (NAT), Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), and static routing in relation to the Customer's connectivity to the Target Site;
        5. Fixing any problems resulting from upgrades to the Veeam Cloud Connect software;
        6. Maintaining software (including without limitation the Veeam Cloud Connect software) on the Customer's machines including, but not limited to, patching, upgrades, updates and anti-virus software in accordance with industry best practices;
        7. Ensuring the functioning of services or software running on the Customer’s machines;
        8. Providing support for operating systems and applications installed on the Customer’s machines;
        9. Promptly notifying the Provider if the Cloud Resources are hacked, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar code;
        10. Ensuring that during the term of the Work Order the Customer maintains enough bandwidth to ensure the continued successful backup of the data. The Customer acknowledges that the Provider is not in breach of the agreement if there is not enough bandwidth available at Source Site;
        11. In case of utilizing a WAN Accelerator, the Customer shall deploy a WAN Accelerator appliance at the Customer's Source Site with the same storage type used by the Provider on the Target Site;
        12. If the Customer provisions backup jobs in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation, loss of backup data, or errors caused by over allocation;
        13. Insider Protection. In case of requesting the Provider to recover a deleted backup:
          1. Making the request via a support ticket,
          2. Providing the Provider with the sufficient information about the deleted backup data so the Provider can locate the backup file(s) required for data restore,
          3. Importing the full backup file(s) to the backup server on the Customer side, and
          4. Restoring the data from the backup after successfully importing the backup file(s);
        14. Cloud Backup Restore. In case of requiring a cloud backup restore:
          1. Declaring a Disaster by notifying the Provider and approving the Work Order that contains the cloud resources required to run the workloads along with the iTech fees for the professional services required to perform the restoration tasks; and
          2. The Customer understands that restoring the environment from cloud backup files is a best-effort service and acknowledges that the Provider is not responsible for any performance degradation, loss of data, or errors on the VMware-based restored environment as the success of the restoration depends on the reliability of the backup file chain; and
        15. Encryption at Rest.The Customer may optionally configure encryption for backup data using the Veeam software prior to transmitting the data to the Provider.
    8. iland DRaaS with Veeam. The terms and conditions of this Section 3.8 are applicable to each Work Order that includes iland DRaaS with Veeam services, regardless as to whether the Work Order for public or private cloud services.
      1. Resources.
        1. Storage and Bandwidth (Public or Private). The Cloud Resources that comprise the iland DRaaS with Veeam service include Accelerated and/or SSD Storage along with embedded unlimited incoming and outgoing network bandwidth as described in the Work Order.
        2. CPU & RAM.
          1. Public. These Cloud Resources are available as Shared Resources as specified in the Work Order; and
          2. Private. These Cloud Resources are available as Dedicated Resources as specified in the Work Order. The Provider is responsible for architecting and deploying CPU & RAM in a high availability configuration;
        3. Licensing (Public or Private). Veeam Cloud Connect licensing is included in the service on the Recovery Site.
        4. WAN Accelerator (Public or Private).
          1. Provider offers WAN Accelerator service available to Customer if purchased on the Work Order, and
          2. WAN Accelerator VM and cache use SSD storage;
        5. Business Models (Public or Private). Cloud Resources are available in either Reserved, Burst, or Reserved plus Burst models as specified in the Work Order. The business model available depends on whether the Customer has a vCenter based environment or a vCloud Director based environment.
          1. vCenter based environments (legacy) – Storage is available in a Reserved model only. CPU and RAM are available in Burst model only, and
          2. vCloud Director based environments – shared Cloud Resources (including Storage, CPU, and RAM) are available in either Reserved or Reserved plus Burst models; and
        6. Overhead (Private only). The Customer acknowledges that all applications and hypervisors require some amount of overhead resource capacity in order to run optimally. The Customer agrees that the Dedicated Resources on the Order will be used for the overhead capacity of the Customer’s applications/hypervisor and that it is the sole responsibility of the Customer to ensure sufficient resources exist.
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Onboarding the Customer into the Provider’s Cloud Services by giving access to the service and guiding the Customer through the process of deploying the service;
        2. Provide documentation, project management, and demonstrate the failover steps for a full site failover to the Customer on the Provider’s test environment. In the event that a Customer would like the Provider to assist with design, implementation or testing of a partial site failover, additional i-Tech fees will apply;
        3. Provide ongoing support and education on the service at the Customers’ request;
        4. Creating Virtual Data Center(s) for recovering VMware based workloads, consisting of compute, memory, storage infrastructure, per specifications detailed in the Work Order;
        5. Maintaining the underlying cloud infrastructure components such as compute, memory, storage and networking by following the Provider’s guidelines for managing these environments;
        6. Assigning external and internal IP addresses for the Recovery Site virtual router per the Customer-provided requirements;
        7. Providing the Customer the URL and authentication credentials to access the Customer’s Cloud Resources;
        8. Providing up to two active connections between the replication server at the Primary Site and the Cloud Resources at the Recovery Site per set of credentials. Additional active connections can be requested with the Provider’s approval. All other jobs running concurrently will sit idle until the job using the connection completes.
        9. In case of Provider-assisted Failover, assisting the Customer with initiating Failover at-time-of-Disaster; and
        10. In the event of a Disaster and Failover to the Recovery Site, the Provider can, if needed, assist the Customer with Failback from Disasters to the Customer’s Primary Site for additional iTech fees.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Procuring, implementing, and configuring of the correct licensed versions of Veeam Cloud Connect software on the Machines as specified in the Provider’s then-current Product Compatibility Matrix to enable the Secure DRaaS with Veeam Service from the Customer’s Premises;
        2. Ensuring that only VMware based workloads are replicated to the Provider and that the Virtual Machine environment matches specifications as defined in the Provider’s then-current Product Compatibility Matrix;
        3. Configuring compute, memory, storage and network requirements for each Veeam Hardware Plan and/or Veeam Failover Plan(s), and initiating Veeam replication jobs to the Provider;
        4. Unless specified on the Work Order, implementing dedicated physical or virtual network security appliance, managing Firewall(s) including but not limited to the configuration of Network Address Translation (NAT) Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), Load Balancing, and static routing;
        5. Notifying the Provider before making any changes to the Primary site that might affect the DRaaS service, including, but not limited to, any upgrades or patches to Veeam, the underlying virtualization layer, or the network. The Customer notes that any such actions could break the ability of the Service to function;
        6. If the Customer chooses to Seed Data from the Primary site, following the Provider’s then-current Data Seeding Guidelines;
        7. Creating and testing Recovery Plan;
        8. Initiating Failover at-time-of-test and at-time-of-Disaster;
        9. In case of Provider-assisted Failover, declaring a Disaster via a support ticket;
        10. Monitoring available storage in Veeam Cloud Connect Repository to ensure the Service will continue to function properly;
        11. Maintaining operating systems and applications installed on the Customer’s Virtual Machines or in the Customer’s Virtual Data Center, including, but not limited to, providing support, patching, upgrades, updates and anti-virus software in accordance with industry best practices;
        12. Providing Virtual Machine and application log monitoring;
        13. The Customer understands that Testing can be stopped by the Provider in the event that a Testing event has run long enough to impact replication or the underlying infrastructure;
        14. In the event of a Disaster and Failover to the Recovery Site, in order for the Customer to Failback to the Primary Site, the Customer needs to recreate the original environment in the Primary Site by providing similar compute, memory, storage and network resources, and Virtual Machines on the Customer’s hosts, enable site peering to Recovery Site, set up and configure Recovery Groups before replicating data from Recovery Site. The Customer is responsible for paying the associated iTech fees if assistance from the Provider is required;
        15. Promptly notifying the Provider if the Cloud Resources are compromised, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar malicious code;
        16. Ensuring that there is enough bandwidth at Primary Site to enable initial replication and successive incremental changes of data to Recovery Site;
        17. Ensuring that there are enough Cloud Resources at Recovery site in relation to replicated Virtual Machines from Primary Site;
        18. In case of utilizing a WAN Accelerator, the Customer shall deploy a WAN Accelerator appliance at the Customer’s Primary Site with the same storage type used by the the Provider on the Recovery Site;
        19. If the Customer provisions replication jobs in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation or errors caused by over allocation; and
        20. Defining, configuring and managing the required number of restore points stored as part of each replication job.
      4. Encryption. Providing the Customer with Storage Encryption with the following parameters:
        1. Storage Encryption. Storage is encrypted at rest with AES-256 in XTS cipher mode with FIPS 140-2 approved algorithms.
        2. VM Encryption.
          1. The Provider offers encryption on a per VM or per volume basis, and is available to the Customer if purchased on the Work Order,
          2. The Customer agrees and understands that when running VM Encryption some features in the iland Secure Cloud Console that require access to the Customer’s VMs may not function or provide information, since the Customer’s VM will be encrypted, and
          3. VM Encryption encrypts data using AES-128/256 algorithms and allows the Customer to manage the encryption keys. The Customer understands that the Provider has no access to encryption keys.
      5. Security Features (applicable to vCloud director based environments only). The iland Secure Cloud Console performs the following function:
        1. Vulnerability Scanning. Assesses systems, networks and applications for weaknesses and detects known and zero day attacks. Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. The weekly predefined scan generates a report which is added to the historical data; and
      6. Service Levels Recovery Time Objective (RTO) and Recovery Point Objective (RPO) SLAs are accessible at https://www.iland.com/legal/sla.
    9. iland Secure DRaaS with Veeam. The terms and conditions of this Section 3.9 and, to the extent not inconsistent with this Section 3.9, Section 3.8, are applicable to each Work Order that includes iland Secure DRaaS with Veeam services, regardless as to whether the Work Order for public or private cloud services.
      1. Security Features (applicable to vCloud director based environments only). Providing the Customer with the following Security Features:
        1. The Provider offers internal and external vulnerability scanning and reporting on the Customer’s public Internet facing IPv4 address blocks and presents the information in the iland Secure Cloud Console;
        2. The iland Secure Cloud Console performs the following functions, if enabled, and displays them in reports. In order to enable some features, a software agent may be required to be loaded on the Virtual Machine:
          1. Vulnerability Scanning. Assesses systems, networks and applications for weaknesses and detects known and zero day attacks. Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. There are 2 types of scanning available:
            1. Weekly predefined scan and report, and
            2. On-demand scan that generates new reports ad-hoc,
          2. Malware Detection. Detects malware, viruses, spyware, trojans, and other malware,
          3. Firewall. Bidirectional host-based stateful firewall that audits all traffic incoming and outgoing from the VM,
          4. Configuration Auditing. Checks that IT assets are compliant with the Provider’s policies and standards,
          5. Compliance Reports. Provides logs and data necessary to fulfill audit requirements;
          6. Web Application Scanning. Discovers web server and services weaknesses and OWASP vulnerabilities, and
          7. Integrity Monitoring. Monitors critical operating system and application files, such as directories, registry keys, and values, to detect and report malicious and unexpected changes in real time; and
        3. The information contained within the reports are intended solely to identify threats, vulnerabilities, and statuses of the Cloud environment components, and is provided “as is” without warranty of any kind, express or implied, including but not limited to warranties for fitness of purpose. The Provider does not warrant the completeness of accuracy of the report, nor does it make any recommendations based on the findings noted herein.
    10. iland DRaaS with Zerto. The terms and conditions of this Section 3.10 are applicable to each Work Order that includes iland DRaaS with Zerto services, regardless as to whether the Work Order for public or private cloud services.
      1. Resources.
        1. Storage (Public or Private). The types of storage available are Advanced, and/or SSD. Storage purchased by the Customer includes both protected data and Zerto Journal data; Zerto Journal data may not be displayed on the iland Secure Cloud Console, but the Customer is still responsible for paying for this storage and may request a report from the Provider if required. Storage types comprising the environment are specified in the Work Order;
        2. CPU & RAM.
          1. Public. These Cloud Resources are available as Shared Resources as specified in the Work Order; and
          2. Private. These Cloud Resources are available as Dedicated Resources as specified in the Work Order. The Provider is responsible for architecting and deploying CPU & RAM in a high availability configuration;
        3. Bandwidth (Public or Private). Bandwidth is available as a Shared Resource as specified in the Work Order. On Work Orders where network bandwidth is not specified, it shall be considered to be embedded in storage;
        4. Replication License (Public or Private). Replication licensing per protected Virtual Machine as specified in the Work Order. On Work Orders where replication licensing is not specified, it shall be considered to be embedded in storage;
        5. Business Models (Public or Private). Cloud Resources are available in either Reserved or Reserved plus Burst models as specified in the Work Order; and
        6. Overhead (Private only). The Customer acknowledges that all applications and hypervisors require some amount of overhead resource capacity in order to run optimally. The Customer agrees that the Dedicated Resources on the Order will be used for the overhead capacity of the Customer’s applications/hypervisor and that it is the sole responsibility of the Customer to ensure sufficient resources exist.
      2. Provider's Obligations.The Provider is responsible for the following in accordance with industry best practices:
        1. Onboarding the Customer into the Provider's Cloud Services by giving access to the service and guiding the Customer through the process of deploying the service;
        2. Provide documentation, project management, and demonstrate the failover steps for a full site failover to the Customer on the Provider's test environment. In the event that a Customer would like the Provider to assist with design, implementation or testing of a partial site failover, additional i-Tech fees will apply;
        3. Provide ongoing support and education on the Service at the Customers’ request;
        4. Creating Virtual Data Center(s) consisting of compute, memory, storage infrastructure, and network bandwidth per specifications detailed in the Work Order;
        5. Maintaining the underlying cloud infrastructure components such as compute, memory, storage and networking by following the Provider’s guidelines for managing these environments;
        6. Providing the Customer with the URL and authentication credentials to access the Customer’s Cloud Resources;
        7. Assigning external and internal IP addresses for the Recovery Site virtual router per the Customer-provided requirements;
        8. Providing Zerto Cloud Connector;
        9. Providing Zerto replication licensing for Virtual Machines as defined in the Provider's then-current Product Compatibility Matrix;
        10. In case of Provider-assisted Failover, assisting Customer with initiating Failover at-time-of-Disaster;
        11. In the event of a Disaster and Failover to the Recovery Site, the Provider can, if needed, assist the Customer with Failback from Disasters to Customer Primary Site for additional iTech fees; and
        12. If the Customer is running the Standard Backups service defined in Section 3.1, in the event of either a failover or of a VM being active in the Recovery Site’s virtual environment, the Provider will automatically begin backing up the Customer’s live workloads within 24 hours.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Unless specified on the Work Order, implementing dedicated physical or virtual network security appliance, managing Firewall(s) including but not limited to the configuration of Network Address Translation (NAT) Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), Load Balancing, and static routing;
        2. Providing compute, memory, storage and network requirements for each Virtual Data Center and creating Virtual Data Center network and role-based security policies;
        3. Ensuring that only VMware based Workloads are replicated to the Provider and that the Virtual Machine environment matches specifications as defined in the Provider’s Product Compatibility Matrix. By purchasing this product, the Customer specifically acknowledges that Hyper-V Workloads are not supported;
        4. Creating Virtual Machines for Zerto Virtual Manager (ZVM), downloading and installing ZVM software and Zerto Virtual Replication Appliance (ZvRA) on Customer hosts;
        5. Configuring Zerto Protection at the Primary Site; Creating Recovery Groups and initiating replication on Virtual Machines selected for replication;
        6. Notifying the Provider before making any changes to the Primary site that might affect the DRaaS service, including but not limited to, any upgrades or patches to Zerto, the underlying virtualization layer, or the network. The Customer hereby acknowledges that any such actions could break the ability of the Service to function;
        7. If the Customer chooses to Seed Data, then the Customer must follow the Provider’s then-current Data Seeding Guidelines;
        8. Ensuring Virtual Machines match specifications as defined in the Provider’s then-current Product Compatibility Matrix;
        9. Creating and testing Recovery Plan;
        10. Initiating Failover at-time-of-test and at-time-of-Disaster;
        11. In case of Provider-assisted Failover, declaring a Disaster following the Provider’s guidelines;
        12. Ordering additional Zerto licenses when new VMs are added;
        13. Maintaining operating systems and applications installed on the Customer's Virtual Machines or in the Customer's Virtual Data Center, including, but not limited to, providing support, patching, upgrades, updates and anti-virus software in accordance with industry best practices;
        14. Providing Virtual Machine and application log monitoring;
        15. The Customer understands that Testing can be stopped by the Provider in the event that a Testing event has run long enough to impact replication or the underlying infrastructure;
        16. In the event of a Disaster and Failover to the Recovery Site, in order for the Customer to Failback to the Primary Site, the Customer needs to recreate the original environment in the Primary Site by providing similar compute, memory, storage and network resources, Virtual Machines, Zerto Virtual Manager (ZVM) and Zerto Replication Appliance (ZvRA) on the Customer's hosts, enable site peering to Recovery Site, set up and configure Recovery Groups before replicating data from Recovery Site. The Customer is responsible for paying the associated iTech fees if assistance from the Provider is required;
        17. Promptly notifying the Provider if the Cloud Resources are compromised, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar malicious code;
        18. Informing the Provider at the time any of these changes occur in the Primary Site:
          1. Adding a Virtual Machine to a replicated vApp that exceeds the maximum number of Zerto replication licensing specified on the Work Order;
          2. Increasing resource capacity in Primary Site in relation to replicated Virtual Machines without increasing Cloud Resources at Recovery site; and
          3. Defining, configuring and managing the required journal retention setting within each VPG.
        19. Ensuring that there is enough bandwidth at Primary Site to enable initial replication and successive incremental changes of data to Recovery Site;
        20. If the Customer provisions Reserved Resources in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation or errors caused by over allocation; and
        21. Defining, configuring and managing the required journal retention setting within each VPG.
      4. Encryption.
        1. VM Encryption.
          1. The Provider offers encryption on a per VM or per volume basis, and is available to the Customer if purchased on the Work Order,
          2. The Customer agrees and understands that when running VM Encryption some features in the iland Secure Cloud Console that require access to the Customer's VMs may not function or provide information, since the Customer's VM will be encrypted, and
          3. VM Encryption encrypts data using AES-128/256 algorithms and allows the Customer to manage the encryption keys. The Customer understands that the Provider has no access to encryption keys.
      5. Security Features. The iland Secure Cloud Console performs the following function:
        1. Vulnerability Scanning.  Assesses systems, networks and applications for weaknesses and detects known and zero day attacks. Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. The weekly predefined scan generates a report which is added to the historical data.
      6. Service Levels. Recovery Time Objective (RTO) and Recovery Point Objective (RPO) SLAs are accessible at https://www.iland.com/legal/sla.
    11. iland Secure DRaaS with Zerto. The terms and conditions of this Section 3.11 and, to the extent not inconsistent with this Section 3.11, Section 3.10, are applicable to each Work Order that includes iland Secure DRaaS with Zerto services, regardless as to whether the Work Order for public or private cloud services.
      1. Resources.
        1. Storage. The types of storage available are Accelerated, and/or SSD. Storage purchased by the Customer includes both protected data and Zerto Journal data; Zerto Journal data may not be displayed on the iland Secure Cloud Console, but the Customer is still responsible for paying for this storage and may request a report from the Provider if required. Storage types comprising the environment are specified in the Work Order.
      2. Encryption.
        1. Storage Encryption. Storage is encrypted at rest with AES-256 in XTS cipher mode with FIPS 140-2 approved algorithms.
      3. Security Features.
        1. The Provider offers internal and external vulnerability scanning and reporting on the Customer's public Internet facing IPv4 address blocks and presents the information in the iland Secure Cloud Console;
        2. The iland Secure Cloud Console performs the following functions, if enabled, and displays them in reports. In order to enable some features, a software agent may be required to be loaded on the Virtual Machine:
          1. Vulnerability Scanning.  Assesses systems, networks and applications for weaknesses and detects known and zero day attacks. Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack. There are 2 types of scanning available:
            1. Weekly predefined scan and report, and
            2. On-demand scan that generates new reports ad-hoc,
          2. Malware Detection. Detects malware, viruses, spyware, trojans, and other malware,
          3. Firewall. Bidirectional host-based stateful firewall that audits all traffic incoming and outgoing from the VM,
          4. Configuration Auditing. Checks that IT assets are compliant with the Provider’s policies and standards,
          5. Compliance Reports. Provides logs and data necessary to fulfill audit requirements;
          6. Web Application Scanning. Discovers web server and services weaknesses and OWASP vulnerabilities, and
          7. Integrity Monitoring. Monitors critical operating system and application files, such as directories, registry keys, and values, to detect and report malicious and unexpected changes in real time; and
        3. The information contained within the reports are intended solely to identify threats, vulnerabilities, and statuses of the Cloud environment components, and is provided “as is” without warranty of any kind, express or implied, including but not limited to warranties for fitness of purpose. The Provider does not warrant the completeness of accuracy of the report, nor does it make any recommendations based on the findings noted herein.
    12. iland Secure DRaaS with DoubleTake. The terms and conditions of this Section 3.12 are applicable to each Work Order for iland Secure DRaaS with DoubleTake. The Customer acknowledges that this product requires that the services listed in Section 3.1 or 3.2 to be deployed in conjunction with it.
      1. Resources.
        1. Replication License. Either Physical or Virtual Edition Replication Licenses as described in the Work Order;
        2. Business Models. Replication licenses are available in a per job Reserved model with two options as described in the Work Order:
          1. Constant replication, or
          2. Migration only.
      2. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Onboarding the Customer into the Provider’s DRaaS with DoubleTake service by guiding the Customer through the process of deploying the service;
        2. Building target VMs for each server requiring replication with DoubleTake;
        3. Deploying the DoubleTake agent and DoubleTake Metered Usage (DTMU) on each target VM for licensing purposes;
        4. Deploying a DoubleTake management server in the Provider's hosted infrastructure to act as the management console for the customer;
        5. Providing the Customer with a URL to download the DoubleTake agent and the corresponding license keys;
        6. Assisting the Customer in setting up replication jobs utilizing the DoubleTake management server;
        7. Providing documentation, project management, and demonstrate the DR failover steps to the Customer and successfully test failover;
        8. In case of Provider-assisted Failover, assisting the Customer with initiating Failover at-time-of-Disaster; and
        9. In the event of a Disaster and Failover to the Recovery Site, the Provider can, if needed, assist the Customer with Failback from Disasters to the Customer's Primary Site for additional iTech fees. .
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Providing the Provider with information reasonably required to fulfill its obligations, including without limitation backup requirement details;
        2. Ensuring that only VMware based workloads are replicated to the Provider and that the Virtual Machine environment matches specifications as defined in the Provider’s then-current Product Compatibility Matrix. By purchasing this product, the Customer specifically acknowledges that Hyper-V workloads are not supported;
        3. Downloading and installing the DoubleTake agent on each of the source servers that require replication;
        4. Working with the Provider to set up replication jobs utilizing the DoubleTake management server;
        5. Unless specified on the Work Order, implementing dedicated physical or virtual network security appliance and managing Firewall(s) including, but not limited to, the configuration of Network Address Translation (NAT) Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), Load Balancing, and static routing;
        6. Notifying the Provider before making any changes to the Primary site that might affect the DRaaS service, including any upgrades or patches to DoubleTake, the underlying virtualization layer, the replication jobs, or the network. The Customer hereby acknowledges that any such actions could break the ability of the Service to function;
        7. Initiating Failover at-time-of-test and at-time-of-Disaster;
        8. In case of Provider-assisted Failover, declaring a Disaster via a support ticket;
        9. Monitoring available storage in the hosted environment to ensure the Service will continue to function properly;
        10. Maintaining operating systems and applications installed on the Customer’s Virtual Machines or in the Customer’s Virtual Data Center, including, but not limited to, patching, upgrades, updates and anti-virus software;
        11. Promptly notifying the Provider if the Cloud Resources are compromised, accessed by a person lacking permission to access the Cloud Resources, or infected with a virus, worm or similar malicious code;
        12. Ensuring that there is enough bandwidth at Primary Site to enable initial replication and successive incremental changes of data to Recovery Site;
        13. Ensuring that during the term of the Work Order the Customer maintains enough bandwidth to ensure the continued successful replication of the data. The Customer acknowledges that the Provider is not in breach of the agreement if there is not enough bandwidth available at Primary Site; and
        14. If the Customer provisions replication jobs in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation or errors caused by over allocation and the Customer may incur in additional costs to cover the additional licenses.
    13. Bare Metal Services.The terms and conditions of this Section 3.13 are applicable to each Work Order that includes iland Bare Metal services.
      1. Resources.
        1. Bare Metal Resources. CPU, RAM, Local Storage, Networking Backplane and Redundant Power comprise the Bare Metal server in the form of a blade or physical appliance as described in the Work Order; and
        2. Business Models. Bare Metal resources are available in Reserved model.
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Providing Bare Metal resources as specified on the relevant Work Order;
        2. Providing to the Customer Root Administrator access to the Bare Metal Server;
        3. Providing to the Customer, upon request via support ticket, Graphic Console access;
        4. Using commercially reasonable efforts to power on and ensure connectivity to the Bare Metal resources before handoff to the Customer; and
        5. Using commercially reasonable efforts to provide first and second tier support to ensure the connectivity of the Bare Metal resources.
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Unless specified on the Work Order, implementing dedicated physical or virtual network security appliance, managing Firewall(s) including but not limited to the configuration of Network Address Translation (NAT) Access List, Virtual Private Network (VPN), Dynamic Host Configuration Protocol (DHCP), Load Balancing, and static routing;
        2. Selecting and securing the appropriate authentication procedures to allow access to the Bare Metal server OS and applications residing in it;
        3. Following the Provider's then-current Data Seeding Guidelines if the Customer chooses to seed data;
        4. Maintaining operating systems and applications installed on the Bare Metal server(s), including, but not limited to, patching, upgrades, updates and anti-virus software in accordance with industry best practices;
        5. Fixing any problems resulting from upgrades to the Bare Metal server operating system;
        6. Providing Bare Metal server and application log monitoring;
        7. Providing support for operating systems and applications installed on the Bare Metal server(s);
        8. Maintaining all backups for all Customer data residing on the Bare Metal servers; and
        9. If the Customer provisions Reserved Resources in excess of the specifications set out on the Work Order, the Customer hereby acknowledges that the Provider is not responsible for any performance degradation or errors caused by over allocation.
    14. Cross Connects. The terms and conditions of this Section 3.14 are applicable to each Work Order that includes iland Cross Connect services.
      1. Resources
        1. Cross Connect Resources. Copper or Fiber Cross Connects as described in the Work Order; and
        2. Business Models. Colocation resources are available in Reserved model.
      2. Provider's Obligations.
        1. Patch in the Provider’s side of the cross connect up to the Demarcation Point:
          1. On Cross Connects which media type is fiber, the Provider will supply a single-mode fiber optic patch cable to connect the cross connect to the Provider's switching infrastructure, unless otherwise specified on the Work Order, or
          2. On Cross Connects which media type is copper, the Provider will supply a 1000Base-LX patch cable to connect the cross connect to the Provider's switching infrastructure;
        2. Support port configurations of 1 GB or 10 GB; and
        3. The Provider does not include any rack space as part of the cross connect service;
      3. Customer's and/or Carrier’s Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. The Customer shall ensure that the Carrier has a presence in the specific Provider’s Data Center where the Cross Connect will be deployed as described in the Work Order. The Carrier’s presence should be within the acceptable range of the media type relative to the Provider’s presence within the Data Center;
        2. The Customer shall manage the relationship with the Carrier;
        3. The Customer shall provide the Provider with a signed Letter of Authorization (LOA), using the Carrier’s letterhead, authorizing the Provider and the Data Center to connect the Carrier's Equipment to the cross connect with the following information:
          1. Data Center address,
          2. Authorization excerpts – referencing the Provider to complete the work,
          3. Demarcation location (ports included),
          4. Media type, and
          5. Connector type;
        4. The Customer and the Customer’s Carrier shall be responsible for all circuit provisioning up to the Carrier Demarcation Point. This includes but is not limited to all the necessary access, timelines for completion, installation, and any other relevant items; and
        5. The Customer shall follow up with their Carrier and request that the cross connect be patched in.
    15. Shared Colocation. The terms and conditions of this Section 3.15 are applicable to each Work Order that includes iland Shared Colocation services.
      1. Resources.
        1. Colocation Resources. Cabinet or Rack Units, Power, Bandwidth and Networking components comprise the Colocation service as described in the Work Order; and
        2. Business Models. Colocation resources are available in Reserved model. 
      2. Grant of License. The Provider hereby grants to the Customer the right to use the Colocation Rack Space for the placement of Customer-Leased Equipment and/or Customer-Provided Equipment during the term of the Work Order on the terms and subject to the conditions set out in this Schedule, provided that the Provider retains the right to access the Colocation Rack Space for any legitimate business purpose at any time.
      3. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Use commercially reasonable efforts to prepare any Colocation Rack Space to the relevant Specifications set in the Statement of Work (SOW) and/or the Work Order on or before the relevant Commencement Date;
        2. Once the Customer provides the tracking information for the Equipment upon shipment, the Provider will alert the Data Center of the shipment to ensure acceptance;
        3. Install the Equipment after it has arrived at the Data Center according to the cabling diagram provided by the Customer;
        4. Using commercially reasonable efforts to power on and ensure connectivity to the Equipment. On Customer-Provided Equipment, issues on the preconfiguration shall result in project timeline delays and the Customer may incur in additional costs to cover the additional time;
        5. The Provider shall not in any case be liable for any type of downtime, connectivity failure, or service interruption and SLA shall not be applied for any of the following:
          1. Full or partial failure in the Customer-Provided Equipment,
          2. Misconfiguration of the Customer-Provided Equipment, and
          3. Failure in any external Customer-Provided Carrier;
        6. To the extent legally practicable, assign to the Customer any warranty received by the Provider from the manufacturer of the Customer-Leased Equipment to allow the Customer to pursue a remedy from such manufacture in respect of defects in the Customer-Leased Equipment. Other than as set out in the previous sentence, the Customer-Leased Equipment shall be provided for Customer’s use "as is", with all faults and the Provider hereby disclaims all implied warranties including, without limitation, warranties of merchantability, fitness for a specific purpose, and warranties of satisfactory quality in respect of the Customer-Leased Equipment; and
        7. The Provider shall not grant physical access to the Customer into the Data Center. Shall the Customer require physical access to the Equipment, the Provider will coordinate with the Customer and schedule remote hands services to gain physical access.
      4. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Ensure that any Customer-Provided Equipment sent out to the Provider is in good working conditions in accordance with prevailing industry standards throughout the term of the relevant Colocation Order such that the Customer-Provided Equipment does not damage any other property within the Colocation Rack Space, Colocation Area or Data Center. The Provider shall have the right to take such actions, without liability under this Schedule, the Agreement or the Colocation Order, as are reasonably necessary to protect property in the Data Center from harm caused by the Customer-Provided Equipment, including without limitation by disconnecting the Equipment, if the Provider in its reasonable discretion believes that the Equipment poses a threat of damage to property within the Data Center.
        2. Ensure that any Customer-Provided Equipment sent out to the Provider is preconfigured with relevant information in such a way that the Customer can access them remotely as they are racked and cabled;
        3. Ensure that the Customer-Provided Equipment does not rely on Wi-Fi or radio frequency (RF) as it is not permitted;
        4. Ensure that the Customer-Provided Equipment supports dual power connected to redundant A+B power circuits. In the event of a power outage, the Provider shall not be liable for any power failure to the Customer-Provided Equipment if such Customer-Provided Equipment does not support redundant power supply or if the Customer does not provide the necessary cables to connect the redundant power supply.
        5. Provide a cabling diagram that includes a physical view of each port of the Equipment that needs to be plugged;
        6. Ensure that the Customer-Provided Equipment is properly labeled;
        7. Provide all the necessary network patch and power cables;
        8. Provide the tracking information for the Customer-Provided Equipment upon shipment;
        9. In the event that the Customer-Provided Equipment fails:
          1. The Customer is responsible for troubleshooting the Equipment,
          2. The Customer is responsible for applying any warranty with the manufacturer to pursue a remedy from such manufacture in respect of defects in the Customer-Provided Equipment, and
          3. If a replacement is required, the Customer shall be responsible for, but not limited to, the costs and management of the removal, packaging, and logistics of the Customer-Provided Equipment and the corresponding replacement. The Provider shall not be liable for any loss of data or hardware, or damage incurred by the Customer arising out of the Provider’s disconnection, removal, or disposal of the Customer-Provided Equipment if the Customer fails to respond after several communication attempts from the Provider. The obligations of this Section 3.14.4 are applicable to the Customer-Provided Equipment that shall act as a replacement and managed under a new Work Order.
        10. In the event that a Colocation Order is terminated, the Customer shall be financially responsible for the disconnection, removal, packaging, logistics, and/or disposal of Customer-Provided Equipment. If the Customer leaves Customer-Provided Equipment in the Provider's Data Center for thirty (30) days after the termination of a Colocation Order, the Provider reserves the right to dispose of any such hardware and shall not be liable to the Customer for any associated loss of data or hardware.
      5. Risks.
        1. Power. If the Customer does not purchase redundant power or if any of the Customer-Provided Equipment does not support redundant power, the Customer is at risk if a power failure occurs. Provider’s best practice recommendation is to purchase redundant power and to utilize the Customer-Provided Equipment that supports redundant power;
        2. Rack Mounting. The Equipment cannot be racked back to back, such that the rear of two devices are facing each other in the middle of a rack. Only one device shall be used per shelf or unit (U). If the Provider finds that the Customer did not supply the rack-mounting materials, or the Customer-Provided Equipment is not rack-mountable and an additional shelf or tray is needed to securely mount the Equipment to the rack, the Customer shall incur an additional cost to correctly rack the equipment and the project timeline may be delayed while additional colocation space is allocated;
        3. Shelves.  If the Customer uses a shelf and the combined height of the Customer-Provided Equipment and shelf use more than the allotted space, the Customer shall incur an additional cost for additional U(s). The project timeline shall also be delayed while additional colocation space is allocated;
        4. Shipping. All Customer-Provided Equipment that is shipped must follow the Provider’s Shipping Process and must be handled through the Provider's project manager. This ensures the Provider's ability to effectively track the Equipment to ensure it does not get lost. If the Equipment is shipped without following the Provider’s shipping requirements or without the Provider's project managers involvement, the likelihood the Equipment is lost is increased;
        5. Reject Equipment. Provider reserves the right to reject any Customer-Provided Equipment that appears unsafe. In this event, the Customer-Provided Equipment will be shipped back to Customer and the project timeline shall be delayed while new hardware is shipped or a new solution is devised;
        6. Equipment Size. If the Customer-Provided Equipment is larger than the space allocated, Provider shall increase the monthly cost and the project timeline may be delayed while additional colocation space is allocated;
        7. Required Cables. It is the Customer's responsibility to ship the Customer-Provided Equipment with all required cables and to test the cables prior to shipping, ensuring they work as intended. If the Equipment is shipped with missing or defective cables, Customer shall be charged for the required cables and the corresponding Provider’s i-Tech fee for any additional time required to install the cables, and the project timeline shall be delayed; and
        8. Shipping Materials. All shipping and packaging materials are destroyed once equipment arrives at the Data Center. The Provider will not return any boxes, manuals, packing materials, or any other items that are shipped.
      6. Storage of Equipment. Following the request of the Customer, the Provider may, at its option, store Customer-Provided Equipment that the Customer intends to colocate in the Colocation Rack for not more than five days prior to the Commencement Date as a courtesy incidental to the license granted to the Customer by the Provider under this Schedule.  The Provider will not charge the Customer a fee for such storage.  Absent the Provider's gross negligence or intentional misconduct, the Provider shall have no liability to the Customer or any third party arising from such storage services.  If the Customer stores Customer-Provided Equipment for longer than ten days, the Provider may, but shall not be obligated to, return the Customer's equipment to the Customer without liability, at the Customer's sole cost and expense.
      7. Changes. The Provider reserves the right to change from time to time, and at the Provider's cost, the location or configuration of the Colocation Rack Space in which the Customer-Provided Equipment and/or the Customer-Leased Equipment is located, provided that the Provider shall not arbitrarily require such changes.  The Provider and the Customer shall work in good faith to minimize any disruption in the Customer's services that may be caused by such changes in location or configuration of the Colocation Rack Space.
    16. Zipline. The terms and conditions of this Section 3.16 are applicable to each Work Order that includes iland Zipline services.
      1. Resources.
        1. Zipline Resources. Bandwidth, access to the elastic interconnection fabric based on a Software Defined Network, and a shared physical Cross Connect in the Provider's Data Center comprise the Zipline connection as described in the Work Order; and
        2. Business Models. Zipline resources are available in a Reserved model.
      2. Provider's Obligations.
        1. Patching in the Provider’s side of the Cross Connect up to the Demarcation Point;
        2. Creating and maintaining a subscription to the elastic interconnection fabric based on a Software Defined Network service;
        3. Creating and maintaining the required number of virtual Cross Connects to support Zipline connectivity as defined in the Work Order;
        4. Using commercially reasonable efforts to provide first and second tier support to ensure the performance and connectivity of the Zipline resources; and
        5. Escalating support request(s) on the Customer's behalf for tier 3 support, if performance or connectivity issues are determined to be on the Provider's side.
    17. iland Secure Cloud Backup for Microsoft 365 with Veeam. The terms and conditions of this Section 3.17 are applicable to each Work Order that includes iland Secure Cloud Backup for Microsoft 365 services. The terms Office 365 and Microsoft 365 can be used interchangeably as they refer to the same service.
      1. Resources.
        1. Storage and Bandwidth. The Cloud Resources that comprise the Secure Cloud Backup for Microsoft 365 service include unlimited shared storage per user account along with embedded unlimited incoming and outgoing network bandwidth used for backup purposes;
        2. Licensing. Veeam Backup for Microsoft Office 365 licensing is included in the service on the Provider's site, unless explicitly specified in the Work Order; and
        3. Business Models. All subscription licenses are sold per user account in a reserved model as described in the Work Order according to the minimum license commitment and incremental guidelines specified by the Provider.
      2. Provider's Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Providing a user based cloud backup service comprised of unlimited cloud storage, Veeam Backup for Microsoft Office 365 licensing, unless explicitly specified in the Work Order and network bandwidth at the Provider's Site to store Microsoft 365 data per user account as specified in the Work Order;
        2. Maintaining the Provider's Cloud Storage infrastructure including patching, upgrades and updates;
        3. Providing the Customer the URL and authentication credentials to access the Microsoft 365 user's data via the Veeam Explorer applications through Veeam Cloud Connect;
        4. Assisting the Customer in creating an inclusion and exclusion groups that can be used in the backup jobs to manage user license counts;
        5. Backing up Exchange Online mailbox items (email, calendar and contacts), as well as OneDrive for Business, SharePoint Online files and folders, and Teams data on the Microsoft 365 organization that hosts the licensed Microsoft 365 user accounts for, as specified by the Customer, either (a) the entire Microsoft 365 organization, or (b) a subset of Microsoft 365 users via an Active Directory security group. Each Microsoft 365 user account consist of the following objects:
          1. A personal mailbox,
          2. An online Archive mailbox,
          3. OneDrive documents,
          4. Personal SharePoint sites, and
          5. Teams data;
        6. Backing up Microsoft 365 items for shared and group mailboxes, group SharePoint sites, as well as user objects that do not have a Microsoft 365 license applied, without requiring an iland Secure Cloud Backup for Microsoft 365 with Veeam license, as specified by the Customer;
        7. The Provider considers licensed Microsoft 365 users with at least one restore point stored on the Provider's infrastructure. The Customer can designate specific user accounts for deletion from backups from the Provider’s infrastructure; once all backups have been deleted for an account designated for deletion, the licenses associated with such deleted accounts can be reassigned by the Customer.
        8. Configuring and performing backups, that shall occur at least once a day;
        9. Retaining backups indefinitely while a Veeam Backup for Microsoft Office 365 license is assigned to a Microsoft 365 user. Shall the Customer require a retention policy shorter than the indefinite one provided by the Provider, Customer can work with the Provider to set a specific retention policy and such retention policy will not affect the price specified in the Work Order; and
        10. Providing the following recovery options to the Customer:
          1. Restoring Organization Mailbox, OneDrive, SharePoint, or Teams data,
          2. Exporting Exchange objects to a PST file,
          3. Saving items as a Microsoft Exchange Mail Document (.msg) file,
          4. Saving items as HyperText Markup Language (.html) files,
          5. Sending items as attachments to specified recipients, and
          6. Saving OneDrive, SharePoint, or Teams files and folders as a ZIP file.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Providing a list of either (a) the entire Microsoft 365 organization’s users, or (b) a subset of Microsoft 365 users via an Active Directory security group in addition to a list of Group SharePoint sites, that are to be protected by the Provider with iland Secure Cloud Backup for Microsoft 365 with Veeam licenses. If the Customer provides a subset of Microsoft 365 users in accordance with part (b) of the preceding sentence, the Customer shall be responsible for any charges associated to the mailboxes, documents, sites, and/or items selected explicitly or implicitly under the security group;
        2. Providing the Provider with information reasonably required to fulfill its obligations, including, but not limited to, the Microsoft 365 organization name that contains the user accounts to back up, and a Microsoft 365 account with the following criteria and rights:
          1. An account that belongs to the Microsoft 365 organization that shall be backed up. Having a mailbox in that organization is optional,
          2. Role Management role. To grant ApplicationImpersonation role,
          3. ApplicationImpersonation role. To allow this role assignment, the account must be granted the Organization Management permission,
          4. Organizations Configuration role. To manage role assignments,
          5. View-Only Configuration role. To obtain the necessary organization configuration parameters,
          6. View-Only Recipients role. To view mailbox recipients (required for job creation),
          7. MailboxSearch or MailRecipients. To backup groups,
          8. Global Administrator role, or the SharePoint Administrator role. To connect to the Microsoft SharePoint organization,
          9. This account may optionally use modern authentication including app ID, client secret and app password, and
          10. Or this account may optionally use modern application authentication which will automatically configure the proper roles needed to connect to the service;
        3. Procuring, implementing, and configuring of the correct licensed versions of Microsoft 365;
        4. Ensuring the functionality of Microsoft 365 services and contacting Microsoft, or the Microsoft 365 reseller, for any type of support related to the Microsoft 365 service as the Provider is not responsible for this service including, bot not limited to, performance, malfunction, or downtime;
        5. Utilizing its own Microsoft 365 credentials, with the appropriate administration and impersonation permissions, to access the organization's data backups via the Veeam Explorer applications through Veeam Cloud Connect. This account may optionally use modern authentication including app ID, client secret and app password or modern application authentication;
        6. Configuring and performing self-service recovery tasks based on the recovery options listed by the Provider;
        7. Promptly notifying the Provider if the Microsoft 365 service has been hacked, accessed by a person lacking permission to access the Microsoft 365 and/or the Microsoft 365 cloud backups stored at the Provider's site, or infected with a virus, worm or similar code;
        8. Informing the Provider when a change needs to be made, which shall include, but not be limited to, the retention policy, in the case where that policy to be different from the standard indefinite policy, as the retention policy must be manually updated by the Provider;
        9. Removing specific user accounts from backups and purging the user accounts from the Provider’s infrastructure, so that the licenses associated with such deleted accounts can be revoked and potentially reassigned in order for the Customer to avoid incurring Burst charges for the then-current month. The Customer shall reduce license count prior to the end of the month or the Customer will be responsible for any applicable Burst Resource charges incurred for the then-current month; and
        10. Sorting specific user accounts into inclusion or exclusion groups as appropriate to manage licenses and prevent exceeding the contracted license count.
      4. Risks.
        1. Redundant Backups. If the Customer is running multiple backups of their Microsoft 365 environment, either on-prem or with another cloud provider, the Customer acknowledges that there could be performance and/or data loss situations. These situations arise due to connectivity restrictions and rate limiting throttling that is set outside of the Provider’s control.
    18. iland Secure Cloud Object Storage. The terms and conditions of this Section 3.18 are applicable to each Work Order that includes iland Secure Cloud Object Storage services.
      1. Resources.
        1. Storage, Bandwidth, and Operations on objects. The Cloud Resources that comprise the Secure Cloud Object Storage service include shared Encrypted Archive Storage along with embedded unlimited incoming and outgoing network bandwidth and unlimited operations on objects as described in the Work Order; and
        2. Business Model. Object Storage is available in a Reserved model.
      2. Provider’s Obligations.
        1. Providing pool(s) of Cloud Storage and network bandwidth at Target Site as per specifications detailed in the Work Order;
        2. Maintaining Target Site Cloud Storage infrastructure including patching, upgrades and updates;
        3. Creating Cloud Resources as per specifications detailed in the Work Order;
        4. Providing Customer the initial URL and authentication credentials to access the Customer’s Cloud Resources upon completion of the Work Order;
        5. Providing storage pool modification options to the Work Order as required by the Customer; and
        6. Providing an industry-standard method of protecting, either through replication or erasure coding, of Customer data uploaded to the Provider's Secure Cloud Object Storage at the Data Center described by the Work Order.
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Management and creation of all data stored and consumed on the Provider’s Secure Cloud Object Storage;
        2. Consuming only the resources reserved as described in the Work Order;
        3. Verifying and adhering to all S3-compatibility requirements for all 3rd-party applications or client software used to connect, store and consume the Customer's data on the Provider’s Secure Cloud Object Storage;
        4. Installation, version control, patching and updates on all 3rd-party applications or client software used to connect, store and consume the Customer's data on the Provider’s Secure Cloud Object Storage;
        5. Creating and managing of all subsequent security rights, access controls, S3-credentials and retention policies for the Customer's data stored and consumed on the Provider’s Secure Cloud Object Storage once the Customer has been provided initial URL and authentication credentials from the Provider;
        6. Performance response of any and all 3rd-party applications used to connect, store and consume the Customer's data on the Provider's Secure Cloud Object Storage;
        7. Tracking and maintaining all Object Storage Access Credentials used to store and consume the Customer's data on the Provider’s Secure Cloud Object Storage;
        8. Encrypt and maintain encryption keys for any data uploaded to the Provider’s Secure Cloud Object Storage; and
        9. If available, understanding the implications that enabling immutability and data versioning might impact the total consumed storage
      4. Service Support.
        1. Storage Encryption. All Secure Cloud Object Storage support for clients is provided as “best effort” as there are many clients that all implement Object Storage functionality in different ways. The Provider can demonstrate functionality with known clients, but individual implementations may vary.
    19. Veeam Licensing. The terms and conditions of this Section 3.19 are applicable to each Work Order that includes Veeam Licensing.
      1. Resources.
        1. License Key. A digital key that defines the scope of the license, terms and options for Agent or Backup & Replication Edition rental licenses as described in the Work Order. The license unit options are:
          1. VM. A protected Virtual Machine that is backed up, replicated, copied or otherwise consumed by the software,
          2. Server. A physical or virtual host, that contains an application or applications that serves one or more client workstations, where the software is installed. Each node of a clustered setup needs to be licensed separately, or
          3. Workstation. A physical or virtual host, typically used as a personal computer, where the software is installed. Each node of the clustered setup needs to be licensed separately.
      2. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best practices:
        1. Creating and Deleting the corresponding Veeam Cloud Connect Tenant(s) that links the license key(s) to specific Customer(s);
        2. Provide the security credentials to the Customer for pairing with the Provider’s cloud infrastructure for delivery of the license key(s);
        3. Procuring the license key(s) associated to the Veeam products as described in the Work Order;
        4. Maintaining the cloud infrastructure needed to deliver the Veeam licenses to the Customer; and
        5. Troubleshooting and Supporting issues related to both the procured Veeam license and the corresponding Veeam software using it. Provider shall not troubleshoot or support issues related to other licenses not procured by the Provider, including, but not limited to, Evaluation, "Not for Resale", Free, and Community Licenses.
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with industry best practices:
        1. Verifying the system requirements for both hardware and software compatible with Veeam's compatibility matrix available at www.veeam.com;
        2. Installing and updating the Veeam software on the corresponding workstations, servers, or Virtual Machines;
        3. Pairing the Veeam Agent(s) and/or Backup & Replication server(s) to the Provider in order to receive and maintain the license key(s);
        4. Managing and monitoring any alarms, reports, audits, and logs generated by the Veeam software and its configuration;
        5. Providing the information to the Provider necessary for troubleshooting the Veeam license and the corresponding Veeam software using it; and
        6. With the exception of Evaluation, "Not for Resale", Free, and Community Licenses, adhering to Veeam's End User License Agreement (EULA) found at https://www.veeam.com/eula.html
    20. iland Autopilot Managed Recovery for DRaaS. The terms and conditions of this Section 3.20 are applicable to each Work Order that includes iland Autopilot Managed Recovery for DRaaS in combination with iland Secure DRaaS.
      1. Assets & Deliverables.
        1. Connectivity Design Documentation. Technical documents and/or diagrams providing engineering level information and configuration details for the purpose of interconnecting the Customer's Primary Site(s) to the designated Provider's Recovery Site(s) delivering the DRaaS service capabilities;
        2. On-boarding Project Plan A documented detailed overview of all tasks associated with the Provider on-boarding process for interconnectivity and delivery of the services protecting Workloads replicated from the Customer's Primary Site(s) Workloads within scope of the mutually agreed upon service contract. The purpose of this document is to track ownership, progress and completion of all applicable on-boarding tasks in collaboration between the Customer and the Provider;
        3. On-boarding Provisioning Form. A detail discovery document used for information gathering and collection of all Customer specific technical and infrastructure related information for the sole purpose of the Provider providing the onboarding service, integration, and management services to the Customer as part of the Secure DRaaS service contract;
        4. Recovery Action Plan. A disaster recovery process document providing enhanced details for all steps and tasks required for proper failover or failback of the Customer's replicated Workloads to the designated Provider's Recovery Site(s). Additional details include task ownership, estimated/actual task duration times, and Customer's specific and managed application acceptance criteria testing processes. This document is developed and managed in collaboration between the Customer and the Provider; and
        5. Recovery Service Guide. A process document providing a business level view of the DRaaS solution. Key content includes general service description, service capabilities, the Customer's Primary Site(s) and the designated Provider's Recovery Site(s) location information, recoverable application service catalog, protected workload inventories, and failover process overview with key metrics (RTO / RPO).
      2. On-boarding Project Management.
        1. Project managers. Both the Provider and the Customer shall appoint a project manager each who will serve as the primary contact point; and
        2. On-boarding Project Management Engagement. The Provider's project manager and the Customer's project manager shall meet as required for the duration of the on-boarding process for the purpose of facilitating a successful relationship and overseeing the implementation of all Cloud Resources and services outlined in the Work Order and the On-boarding Provisioning Form, including but not limited to, (a) tracking the progress of the on-boarding and implementation process and all associated tasks; (b) reviewing other current or future projects or business plans that may impact the onboarding of the Cloud Resources and services, (c) Weekly status reports to review the Provider’s performance in execution of the on-boarding project for delivery of all Cloud Resources and services, (d) coordinating and planning for any new equipment or software acquisitions specific to supporting the completion of on-boarding all Cloud Resources and services.
      3. On-Boarding Acceptance Test.
        1. The On-Boarding Acceptance Test consists of non-service impacting Failover Test operation performed by Provider, as well as Application Testing And Verification performed by Customer. Fully committed Failover and Failback are not supported. The Test does not include modification of Primary Site resources including Virtual Machines and networking.
        2. The On-Boarding Acceptance Test is performed during the Provider’s normal business hours of Monday-Friday 8:00 am – 5:00 pm with the the time zone being based on data center location where services are located.
        3. Onboarding Acceptance Test Scheduling. Upon completion of the on-boarding project tasks required for implementing the Cloud Resources within the scope identified in the Onboarding Provisioning Form, the Customer will be notified and will have fourteen (14) days from the day of notice in which to schedule a final On-Boarding Acceptance Test; and
        4. On-Boarding Acceptance Test Success Criteria. Successful completion of the On-boarding Acceptance Test shall be determined by validation of the Provider’s ability to meet the RTO agreed during the planning phase of the onboarding project. The Target Objectives will be documented in the Recovery Action Plan and Recovery Service Guide. In the event that the On-Boarding Acceptance Test exceeds the RTO agreed in the planning phase, the Customer agrees to provide the Provider with any data or information reasonably requested by the Provider in order to enable the Provider to diagnose and resolve any problems associated with any failure to meet that RTO in the On-Boarding Acceptance Testing. The Provider project manager will notify the Customer via email or phone upon resolution of any such issues. After the Provider has notified the Customer that the problem has been resolved, the Customer and the Provider will promptly conduct a follow-up On-Boarding Acceptance Test to validate that the RTO with such follow-up test no longer exceeds the RTO provided in the original the On-Boarding Acceptance Test. This process will continue, if necessary, until the On-Boarding Acceptance Test Criteria meets the required success criteria. Notwithstanding anything to the contrary in this Service Schedule, if the Customer fails to respond to the On-Boarding Acceptance Test reschedule notice within fourteen (14) days of the date of notification, then the Provider shall consider the on-boarding completed and will have no further obligations to the Customer in regard to the On-Boarding Acceptance Test. Under these circumstances in which the Provider deems on-boarding completion due to failure of response by the Customer, the Customer shall reserve the right to exercise unlimited self-service testing or the allocated (2) Recovery Test per 12-months as outlined in Section 1.5 of the Autopilot Managed Recovery for DRaaS SLA for completion of the On-Boarding Acceptance Testing.
        5. On-boarding Acceptance Test Failure. Failure of the Onboarding Acceptance Testing shall be defined as the inability for the Provider to meet the RTO SLA target objectives as outlined in Section 1.2.1 of the Autopilot Managed Recovery for DRaaS SLA. The Customer agrees to provide the Provider with any data or information reasonably requested by the Provider in order to enable the Provider to diagnose and resolve any problems associated with a failure in the On-boarding Acceptance Testing. The Provider project manager will notify the Customer via email or phone upon resolution of any such issues. After the Provider has notified the Customer that the problem has been resolved, the Customer and the Provider will promptly conduct a follow-up On-boarding Acceptance Test to validate that all test criteria associated with the On-boarding Acceptance Test have now been met. This process will continue, if necessary, until the On-boarding Acceptance Test Criteria meets the required success criteria. Notwithstanding anything to the contrary in this Service Schedule, if the Customer fails to respond to the On-boarding Acceptance Test reschedule notice within fourteen (14) days of the date of notification, then the Provider shall consider the on-boarding completed and will have no further obligations to the Customer in regard to the On-boarding Acceptance Test. Under these circumstances in which the Provider deems on-boarding completion due to failure of response by the Customer, the Customer shall reserve the right to exercise unlimited self-service testing or the allocated (2) Recovery Test per 12-months as outlined in Section 1.5 of the Autopilot Managed Recovery for DRaaS SLA for completion of the Onboarding Acceptance Testing.
      4. Service Delivery Management.
        1. Service Delivery Management Contacts. The Customer shall appoint an individual who will serve as the primary contact point for the Provider in connection with ongoing lifecycle management and delivery of the services (the “Customer Primary Contact”), and the Provider shall appoint a project manager (the “Technical Account Manager”); and
        2. Service Delivery Management Engagement. The Provider and the appointed Customer's project contact shall meet as required during the term of each service for the purpose of facilitating a successful relationship and overseeing the delivery and performance of each service, including but not limited to, (a) tracking the progress of the on-boarding and implementation process and all associated tasks, (b) reviewing other current or future projects or business plans that may impact all services and/or delivery of all services, (c) reviewing the Provider’s performance in the delivery of the service levels set forth in the Service Level Agreement, (d) coordinating and planning for any new equipment or software acquisitions or needs, (e) reviewing strategic and tactical decisions for the Customer in respect of the establishment, budgeting and implementation of the Customer’s priorities and plans for information technology that may impact services and/or delivery of all services, (f) monitoring and resolving concerns that may arise regarding the provision of all services, this SLA and/or the Service Schedule;
      5. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best-practices:
        1. Providing enhanced onboarding project management deliverables, to include:
          1. Weekly status call between the Provider on-boarding personnel and applicable Customer's contacts, and
          2. Weekly status report summarizing project tasks progress, project milestones, estimated and actual durations/completion dates and critical path items;
        2. Providing and managing all supporting Service documentation to include:
          1. Documented inventory and workload specifications (e.g. compute, storage, networking) of all Workloads within scope of the Work Order,
          2. Documented L2/L3 network design for compatibility and integration between the Customer Primary Site(s) and iland Secure DRaaS networking services and design guidelines, and
          3. Documented Customer network security configurations, including firewall security policies, NAT policies and network security segmentation design;
        3. Providing full installation, configuration and ongoing management of all services components required for delivery of iland Secure DRaaS, to include;
          1. Replication software installation, setup and configuration both in the Customer's premises and the Provider’s cloud data center environments,
          2. Setup and configuration of VPN connections (where applicable),
          3. Setup and configuration of all the Provider's side networking components support dedicated circuits for WAN connectivity (where applicable), and
          4. Setup & configuration of any cross-connects to support networking connectivity in accordance with Section 3.13 of this Service Schedule;
        4. Providing full setup and configuration for replication of the Recovery Groups for all Workloads within scope and applicable to the Work Order and the Onboarding Provisioning Form;
        5. Providing full assistance with development and creation of the Customer’s Disaster Recovery Runbook(s) within the iland Secure Cloud Console;
        6. Providing full assistance with development and creation of the Customer’s Recovery Activation Plan;
        7. Providing managed failover testing and live failover/fallback declaration events. Managed failback operations are only provided for live declaration events when required;
        8. Providing a completed Recovery Service Guide at the completion of the on-boarding process and manage all ongoing updates;
        9. Providing managed provisioning of new Recovery Groups, capacity additions, VPN connections and other change requests submitted by the Customer; and
        10. Providing ongoing updates, patching and maintenance for all the Provider provided service components required for delivery of the iland Secure DRaaS, to include:
          1. Replication software, and
          2. Network virtual appliances sold and provided on the Work Order.
      6. Customer’s Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the Autopilot Managed Recovery for DRaaS and industry best-practices:
        1. Ensure all Customer-owned software, applications, devices, systems, processes, and services that maintain Customer Data to be protected by the services delivered as part of this Agreement are covered as specified under Section 2.3.5 of this Service Schedule for the purposes of fulfilling this Agreement;
        2. Where applicable, the Customer shall maintain all firmware or software updates to all Customer-owned hardware, software, applications, devices, and systems in use with or protected by Cloud Resources provided by the Provider;
        3. Where applicable, contact all software, application, device, system, service, and service providers covered under this Agreement and add the appropriate Provider’s personnel as approved contacts for the purposes of fulfilling this Service Schedule;
        4. Complete the On-boarding Provisioning Form provided by the Provider;
        5. Provide all current and existing documentation of the Customer Primary Site(s) to include; environment “as-built” documentation, application contact information, application dependencies, current backup strategy, and disaster recovery plans if applicable;
        6. Provide the Provider’s personnel with the Customer's asset discovery and documentation where applicable;
        7. Where applicable; provide all current process documentation in support of the services outlined in this Agreement and provide all assistance necessary to modify existing or implement new processes to streamline the delivery of services;
        8. Where applicable, the Customer shall maintain all software and other devices or items provided to the Customer by the Provider located within the Customer's Primary Site(s) in direct support of the delivery of Cloud Resources outlined in the Work Order (the “Equipment’) in good working order and in accordance with applicable manufacturers’ specifications. The Customer shall notify the Provider immediately upon determination that any Equipment is not in compliance with the foregoing, or is in material breach of the terms and conditions set forth in this Service Schedule; and
        9. The Customer shall cooperate with the Provider with regard to the performance of the Provider’s obligations hereunder, including (without limitation):
          1. Providing the Provider with the required remote access to the Customer’s Equipment, as may be reasonable to permit Provider to perform its obligations hereunder, and
          2. Notifying the Provider of any changes to its configurations that could potentially impact the services.
      7. Service Levels. All applicable SLAs are defined in the Autopilot Managed Recovery for DRaaS Service Level Agreement.
    21. iland Network Support Service. The terms and conditions of this Section 3.21 are applicable to each Work Order that includes both the Provider’s Network Support Service and at least one of the Providers services that are identified in Section 3.1, Section 3.2, Section 3.8, Section 3.9, Section 3.10, and Section 3.11 of this Schedule, regardless as to whether the Work Order is for public or private cloud services.
      1. Assets & Deliverables.
        1. On-boarding Provisioning Form. A documented overview of the network details associated with the Provider’s network on-boarding process for delivery of the Network Support Service within scope of the mutually agreed upon SOW. The purpose of this document is to document applicable on-boarding network details in collaboration between the Customer and the Provider; and
        2. Network Diagram. Technical diagrams providing engineering level information and configuration details for the purpose of detailing network connectivity within the Provider Site(s) delivering the service capabilities to the Customer within scope of the mutually agreed upon SOW.
      2. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best-practices:
        1. Providing and managing all supporting service documentation to include:
          1. Documented L2/L3 network details within the Provider’s networking services and design guidelines;
        2. Providing full installation and configuration of virtual network components, as described in the Network Support Service components on the Work Order, to include:
          1. Setup, licensing and configuration of virtual network device(s), and
          2. Setup, licensing and configuration is limited to no more than 5 hours in aggregate to plan, implement and test; and
        3. Ongoing support of virtual network components, as described in the Work Order, to include technical support as initiated by the Customer for routine configuration changes and basic troubleshooting activities.
        4. Individual support activities which take the Provider more than two hours to plan and execute are out of scope for this service and are considered projects. Project work will require a separate SOW and may result in additional fees.
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the iland Network Support Service and industry best-practices:
        1. Customer’s Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the iland Network Support Service and industry best-practices:
        2. The Customer shall complete the On-boarding Provisioning Form provided by the Provider;
        3. The Customer shall cooperate with the Provider with regard to the performance of the Provider’s obligations hereunder, including (without limitation):
          1. Providing the Provider with the required remote access to the Customer’s Equipment and/or Workloads, as may be reasonable to permit the Provider to perform its obligations hereunder, and
          2. Notifying the Provider of any changes to its configurations that could potentially impact the iland Network Support Service; and
        4. The Customer shall sign a confirmation that it accepts the potential risks for any Customer requests that fall outside of industry and security best-practices.
      4. Service Levels.
        1. The Provider shall use commercially reasonable efforts to make sure that the Technical Ticket Response Management process adheres to the Targets set out in (1) the current Service Level Agreement accessible at https://www.iland.com/legal/sla and (2) the additional Targets listed in the chart below:
          Severity Description Initial Response Target Resolution Target Response Target
          Severity 4 Change request
          Customer submitted change request (e.g. new system addition, new replication job request, new VLAN configuration at the designated Provider’s Recovery Site).
          < 2 hrs < 24 hrs 100%
      5. Service Level Exclusions
        1. The following items are excluded from the Service Level Targets set forth and agreed upon in section 3.21.4. The enactment or occurrence of such items will not be deemed a breach by the Provider under any Work Order or the Agreement.
          1. Changes made outside of the Provider’s control. Any act or omission on the part of the Customer or any third party contractor or vendor, or any other entity in their control with which the Customer exercises control or has the right to exercise control to the extent that failure or delay caused by such event is excused,
          2. Transient event. Any event or occurrence which lasts less than the defined polling threshold in the Provider’s monitoring systems,
          3. Unknown or unacknowledged items. Any event which happens prior to the Provider formally acknowledging the existence and responsibility of said item moving into the scope of the Services set forth and agreed upon between the Customer and the Provider in the Work Order,
          4. Force majeure. Events beyond the reasonable control of the Provider including, but not limited to acts of God, natural disasters, cable cuts, government acts and regulations, acts of terrorism and national emergencies, to the extent that failure or delay caused by such event and any other circumstances excused pursuant to the Force Majeure provisions of the Agreement,
          5. No Access. Incidents in which the Provider has been denied access to affected systems (physically or virtually) due to any act or omission of the Customer or any third party contractor,
          6. Network Access. Failure of any underlying network infrastructure that was not under the direct control of the Provider and not otherwise caused by the Provider,
          7. Modifications of Monitoring Equipment or probes. Incidents involving the Customer’s personnel modifying or manipulating any part of the Provider’s monitoring environment or access to same,
          8. Non Response. Any time in which the Customer does not respond within a reasonable time period to the Provider’s requests for assistance to repair an outage,
          9. Work Around. Any service outage where an acceptable work around to perform business function is utilized or created by the Customer or the Provider and no down time to business function incurred, and
          10. Scheduled or Emergency Maintenance. Any service outage due to regularly scheduled or emergency maintenance performed by the Provider on all underlying hardware, software, and equipment directly supporting all services and Cloud Resources consumed by the Customer.
    22. iland Backup Deployment Service. The terms and conditions of this Section 3.22 are applicable to each Work Order that includes the Provider’s Backup Deployment Service in combination with iland Secure Cloud Backup with Veeam.
      1. Assets & Deliverables.
        1. Statement of Work. Overall project document defining the terms of the engagement, steps and expected outcomes with sign-off by the Customer;
        2. Kick-off Call. Initial project call for introductions, defining timeframes and ensuring project alignment from Provider and Customer;
        3. Onboarding Provisioning Form. Documentation of existing environment including list of servers, VMs and backup jobs;
        4. Backup Deployment Service Guide. As-built documentation provided at the end of the engagement describing the architecture and environment that has been designed and deployed on the Customer site by the Provider;
        5. Sign-off document validating knowledge transfer. Sign-off documentation validating that the Customer has received adequate instruction and education on the Provider-built environment; and
      2. Backup Deployment Project Management.
        1. Project managers. Both the Provider and the Customer shall appoint a project manager each who will serve as the primary contact point; and
        2. Backup Deployment Project Management Engagement. The Provider’s project manager and the Customer’s project manager shall meet as required for the duration of the migration process for the purposes of facilitating a successful relationship and overseeing the implementation of all tasks outlined in the Statement of Work, including but not limited to, (a) tracking the progress of the implementation process and all associated tasks; (b) reviewing other current or future projects or business plans that may impact the Backup Deployment Service, (c) reviewing weekly status reports in order to review the Provider’s performance in execution of the project for delivery of all Backup Deployment Service, (d) coordinating and planning for any new equipment or software acquisitions specific to supporting the completion of the Backup Deployment Service.
      3. Provider’s Obligations. The Provider is responsible for the following in accordance with industry best-practices:
        1. Providing enhanced onboarding project management deliverables, to include:
          1. Statement of Work documentation at the beginning of the project, and
          2. Kick-off Call call between the Provider’s deployment personnel and the applicable Customer’s contacts, and
          3. Backup Deployment Service guide at the end of the engagement to the applicable Customer's contacts;
        2. Providing and managing supporting service documentation to include the Onboarding Provisioning Form detailing inventory and job specifications of all Workloads to be protected within scope of the Work Order;
        3. Providing installation, configuration and management of all services components required for the Backup Deployment Service, to include:
          1. Backup software installation, guiding the Customer through setup and configuration both in the Customer on-premise and to the Provider’s cloud data center environments,
          2. Setup and configuration of backup jobs and schedules,
          3. Setup and configuration of all Provider’s side software components to support Customer's backup jobs;
      4. Customer’s Obligations. The Customer is responsible for the following in accordance with this Section 3.22 and industry best-practices:
        1. Ensuring that all required assets and services are obtained, and, where applicable, installed on the Customer’s environment that are needed as part of the Work Order to include software, licenses, operating systems, bandwidth, hardware, storage, etc;
        2. Ensuring that all required assets and services are deployed and configured in accordance with the applicable manufacturers' specifications and supportability requirements;
        3. Providing and managing supporting service documentation to include the Onboarding Provisioning Form detailing inventory and job specifications of all Workloads to be protected within scope of the Work Order;
        4. Ensuring all Customer-owned software, applications, devices, systems, processes, and services that maintain the Customer’s data to be protected as part of the Work Order are documented as part of the Onboarding Provisioning Form;
        5. Providing all current and existing documentation of the Customer’s Site(s) to include; environment “as-built” documentation, application contact information, application dependencies, current backup strategy, and disaster recovery plans if applicable;
        6. Providing the Provider’s personnel with Customer’s asset discovery and documentation where applicable;
        7. Where applicable, maintaining all software and other devices or items provided to the Customer by the Provider located within the Customer’s Site(s) in direct support of the delivery of the Backup Deployment Service outlined in the Work Order (the “Equipment’) in good working order and in accordance with applicable manufacturers’ specifications. The Customer shall notify the Provider immediately upon determination that any Equipment is not in compliance with the foregoing, or is in material breach of the terms and conditions set forth in this Service Schedule; and
        8. Cooperating with the Provider with regard to the performance of the Provider’s obligations hereunder, including (without limitation):
          1. Providing the Provider with the required remote access to Customer’s Equipment, as may be reasonable to permit the Provider to perform its obligations hereunder, and
          2. Notifying the Provider of any changes to its configurations that could potentially impact the Backup Deployment Service.
    23. iland DRaaS Deployment Service. The terms and conditions of this Section 3.23 are applicable to each Work Order that includes iland DRaaS Deployment Services in combination with iland Secure DRaaS.
      1. Assets & Deliverables.
        1. Connectivity Design Documentation. Technical documents and/or diagrams providing engineering level information and configuration details for the purpose of interconnecting the Customer’s Primary Site(s) to the designated Provider’s Recovery Site(s) delivering the DRaaS service capabilities;
        2. On-boarding Project Plan. A documented detailed overview of all tasks associated with the Provider on-boarding process for interconnectivity and delivery of the services protecting Workloads replicated from the Customer’s Primary Site(s) Workloads within scope of the mutually agreed upon service contract. The purpose of this document is to track ownership, progress and completion of all applicable on-boarding tasks in collaboration between the Customer and the Provider;
        3. On-boarding Provisioning Form. A detail discovery document used for information gathering and collection of all Customer specific technical and infrastructure related information for the sole purpose of the Provider providing the onboarding service, integration, and management services to the Customer as part of the Secure DRaaS service contract;
        4. Recovery Action Plan. The initial disaster recovery process document developed between the Customer and the Provider which provides enhanced details for all steps and tasks required for proper failover or failback of the Customer’s replicated Workloads to the designated Provider’s Recovery Site(s). The Customer will own any changes after the initial development of the document; and
        5. Recovery Service Guide. A process document providing a business level view of the DRaaS solution. Key content includes general service description, service capabilities, the Customer’s Primary Site(s) and the designated Provider’s Recovery Site(s) location information, recoverable application service catalog, protected workload inventories, and failover process overview with key metrics (RTO / RPO).
      2. On-boarding Project Management.
        1. Project managers. Both the Provider and the Customer shall appoint a project manager each who will serve as the primary contact point; and
        2. On-boarding Project Management Engagement. The Provider’s project manager and the Customer’s project manager shall meet as required for the duration of the on-boarding process for the purpose of facilitating a successful relationship and overseeing the implementation of all Cloud Resources and services outlined in the Work Order and the On-boarding Provisioning Form, including but not limited to, (a) tracking the progress of the on-boarding and implementation process and all associated tasks; (b) reviewing other current or future projects or business plans that may impact the onboarding of the Cloud Resources and services, (c) Weekly status reports to review the Provider’s performance in execution of the on-boarding project for delivery of all Cloud Resources and services, (d) coordinating and planning for any new equipment or software acquisitions specific to supporting the completion of on-boarding all Cloud Resources and services.
      3. On-boarding Acceptance Test.
        1. The On-Boarding Acceptance Test consists of non-service impacting Failover Test operation performed by Provider, as well as Application Testing And Verification performed by Customer. Fully committed Failover and Failback are not supported. The Test does not include modification of Primary Site resources including Virtual Machines and networking;
        2. The On-Boarding Acceptance Test is performed during the Provider’s normal business hours of Monday-Friday 8:00 am – 5:00 pm with the time zone being based on data center location where services are located;
        3. On-Boarding Acceptance Test Scheduling. Upon completion of the on-boarding project tasks required for implementing the Cloud Resources within the scope identified in the Onboarding Provisioning Form, the Customer will be notified and will have fourteen (14) days from the day of notice in which to schedule a final On-Boarding Acceptance Test;
        4. On-Boarding Acceptance Test Success Criteria. Successful completion of the On-boarding Acceptance Test shall be determined by validation of the Provider’s ability to meet the RTO agreed during the planning phase of the onboarding project. The Target Objectives will be documented in Recovery Action Plan and Recovery Service Guide; and
        5. In the event that the On-Boarding Acceptance Test does not meet the RTO agreed in the planning phase, the Customer agrees to provide the Provider with any data or information reasonably requested by the Provider in order to enable the Provider to diagnose and resolve any problems associated with any failure to meet that RTO in the On-Boarding Acceptance Testing. The Provider project manager will notify the Customer via email or phone upon resolution of any such issues. After the Provider has notified the Customer that the problem has been resolved, the Customer and the Provider will promptly conduct a follow-up On-Boarding Acceptance Test to validate that the RTO associated with the On-Boarding Acceptance Test have now been met. This process will continue, if necessary, until the On-Boarding Acceptance Test Criteria meets the required success criteria. Notwithstanding anything to the contrary in this Service Schedule, if the Customer fails to respond to the On-Boarding Acceptance Test reschedule notice within fourteen (14) days of the date of notification, then the Provider shall consider the on-boarding completed and will have no further obligations to the Customer in regard to the On-Boarding Acceptance Test.
      4. Provider’s Obligations.. The Provider is responsible for the following in accordance with industry best-practices:
        1. Providing enhanced onboarding project management deliverables, to include:
          1. Weekly status call between the Provider on-boarding personnel and applicable Customer’s contacts, and
          2. Weekly status report summarizing project tasks progress, project milestones, estimated and actual durations/completion dates and critical path items;
        2. Providing all supporting Service documentation to include:
          1. Documented inventory and workload specifications (e.g. compute, storage, networking) of all Workloads within scope of the Work Order,
          2. Documented L2/L3 network design for compatibility and integration between the Customer Primary Site(s) and iland Secure DRaaS networking services and design guidelines, and
          3. Documented Customer network security configurations, including firewall security policies, NAT policies and network security segmentation design;
        3. Providing full installation and configuration of all services components required for delivery of iland Secure DRaaS, to include:
          1. Replication software installation, setup and configuration both in the Customer’s premises and the Provider’s cloud data center environments,
          2. Setup and configuration of VPN connections (where applicable),
          3. Setup and configuration of all the Provider’s side networking components support dedicated circuits for WAN connectivity (where applicable), and
          4. Setup & configuration of any cross-connects to support networking connectivity in accordance with Section 3.13 of this Service Schedule;
        4. Providing full setup and configuration for replication of the Recovery Groups for all Workloads within scope and applicable to the Work Order and the Onboarding Provisioning Form;
        5. Providing full assistance with development and creation of the Customer’s Disaster Recovery Runbook(s) within the iland Secure Cloud Console;
        6. Providing full assistance with development and creation of the Customer’s Recovery Activation Plan;
        7. Providing the initial managed failover test.
        8. Providing a completed Recovery Service Guide at the completion of the on-boarding process.
      5. Customer Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the iland DRaaS Deployment Services and industry best-practices:
        1. Ensure all Customer-owned software, applications, devices, systems, processes, and services that maintain Customer Data to be protected by the services delivered as part of this Agreement are covered as specified under Section 2.3.5 of this Service Schedule for the purposes of fulfilling this Agreement;
        2. Where applicable, the Customer shall maintain all firmware or software updates to all Customer-owned hardware, software, applications, devices, and systems in use with or protected by Cloud Resources provided by the Provider;
        3. Where applicable, contact all software, application, device, system, service, and service providers covered under this Agreement and add the appropriate Provider’s personnel as approved contacts for the purposes of fulfilling this Service Schedule;
        4. Complete the On-boarding Provisioning Form provided by the Provider;
        5. Provide all current and existing documentation of the Customer Primary Site(s) to include; environment “as-built” documentation, application contact information, application dependencies, current backup strategy, and disaster recovery plans if applicable;
        6. Provide the Provider’s personnel with the Customer’s asset discovery and documentation where applicable;
        7. Where applicable; provide all current process documentation in support of the services outlined in this Agreement and provide all assistance necessary to modify existing or implement new processes to streamline the delivery of services;
        8. Where applicable, the Customer shall maintain all software and other devices or items provided to the Customer by the Provider located within the Customer’s Primary Site(s) in direct support of the delivery of Cloud Resources outlined in the Work Order (the “Equipment’) in good working order and in accordance with applicable manufacturers’ specifications. The Customer shall notify the Provider immediately upon determination that any Equipment is not in compliance with the foregoing, or is in material breach of the terms and conditions set forth in this Service Schedule;
        9. The Customer shall cooperate with the Provider with regard to the performance of the Provider’s obligations hereunder, including (without limitation):
          1. Providing the Provider with the required remote access to the Customer’s Equipment, as may be reasonable to permit Provider to perform its obligations hereunder, and
          2. Notifying the Provider of any changes to its configurations that could potentially impact the services;
        10. Manages and updates to any documentation after the initial handoff of the documentation to the Customer; and
        11. All other obligations as outlined in Section 3.10.3
    24. Managed Firewall. The terms and conditions of this Section 3.24 are applicable to each Work Order that includes the Provider’s Managed Firewall Services.
      1. Service options. Either Managed Firewall service offering can be delivered to physical or virtual firewalls running on premises or cloud infrastructure.
        1. Basic. The Basic Management Firewall provides basic management of the firewall appliance without the SOC monitoring or reporting; and
        2. Advanced. The Advanced Managed Firewall provides management, monitoring and reporting utilizing the full Unified Threat Management (UTM) capabilities of the firewall appliance and includes monitoring by the SOC. Additional Managed Device(s) under this service option include Fortinet switch(es), wireless access point(s), WAN wireless extender(s), and SD-WAN.
      2. Provider’s Obligations. The Provider is responsible for the following in accordance with commercially reasonable efforts:
        1. Unless explicitly specified in the Work Order, providing a Next-Generation Managed Firewall (NGFW) powered by Fortinet FortiGate;
        2. Reviewing the configuration of NGFWs;
        3. Onboarding Managed Device(s) into the Provider’s infrastructure;
        4. Configuring Network Address Translation (NAT) and inbound and outbound stateful firewall rules in accordance with applicable and reasonable Customer specifications;
        5. If requested, configuring site-to-site IPSEC VPN connectivity;
        6. If requested, configuring remote access VPN to provide Customer’s end-user access to the internal network. This includes local user setup or Lightweight Directory Access Protocol (LDAP). The Provider will make commercial best efforts to configure VPN client connectivity, however VPN connectivity is subject to a variety of factors, including, but not limited to, local ISP issues, local or home office network issues, and public WiFi port blocking;
        7. Providing recommended NGFW firmware upgrades, which may not always align with the most recent firmware from Fortinet;
        8. Firmware upgrades will be completed as deemed appropriate and necessary by the Provider;
        9. The Provider will attempt to coordinate all non-emergency firmware upgrades with the Customer prior to completion of the upgrade;
        10. Providing configuration tuning in support of the features available based on the size of the supported NGFW(s);
        11. Providing seven (7) days of active log retention from each supported NGFW;
          1. When the specified seven (7) day log limit is exceeded, the oldest logs shall be overwritten to make room for new logs, and
          2. Destruction of logs upon termination in accordance with the terms of the Agreement;
        12. The Provider will make commercial best efforts to provide Change Management support;
          1. The Provider will make reasonable attempts to discuss and notify the Customer of any changes prior to making changes to the configuration of the NGFW(s), and
          2. In the case of an Emergency, where the Provider determines (in its sole discretion) that the security, confidentiality, integrity, or availability of the NGFW(s) is at risk, changes may be made without prior notification to the Customer in order to attempt to mitigate the risk;
        13. Maintaining backup configurations after changes are made to the supported NGFW(s) to ensure rollback and recovery capability;
        14. Supporting Next Business Day (NBD) replacement for the Provider’s provided Equipment; and
        15. Exclusively for the Advanced Managed Firewall: The Provider shall use commercially reasonable efforts to:
          1. Providing UTM Feature configuration and optimization as per the Provider’s then-current Product Compatibility Matrix, including, but not limited to:
            1. IDS/IPS. Configuring Intrusion Detection and Prevention Services (IDS/IPS) to detect and block traffic patterns that contain malicious threats on Equipment.
            2. Application Control. Configuring application control to provide detailed visibility into user traffic.
            3. Web Filtering. Configuring web content filtering to monitor and block websites based on category.
          2. Performing UTM security updates,
          3. Providing performance & utilization monitoring,
          4. Analyzing suspicious activity and traffic with notifications to Customer,
          5. Providing a monthly activity report,
          6. Supporting High Availability (HA) deployments,
          7. Providing a ninety (90) day active log retention, and
          8. Providing a one (1) year long archive.
      3. Customer’s Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the Managed Firewall services and industry best practices:
        1. For Customer-provided appliances, either physical or virtual, ensuring that the NGFW(s) is exclusively powered by Fortinet FortiGate and supported by the Provider’s then-current Product Compatibility Matrix;
        2. Providing an approved network diagram;
        3. Providing access to the current NGFW(s) configuration;
        4. Provide applicable specifications to the Provider to allow for configuring Network Address Translation (NAT) and inbound and outbound stateful firewall rules:
        5. Providing access to the customer’s internal network to allow provider to configure remote access VPN:
        6. Providing a technical resource for the duration of the implementation project;
        7. Providing coordination for scheduling necessary maintenance windows to complete the implementation;
        8. Providing a technical resource to assist in troubleshooting issues for NGFW on-premises as Provider does not provide on-site support for physical firewalls;
        9. Remediating threats;
        10. Notifying the Provider with Change Management requests, which shall be limited to four (4) changes per calendar month. In the event that the Customer requires Change Management assistance that exceeds four (4) changes per calendar month, the Customer shall be responsible for paying additional iTech fees;
        11. Notifying the Provider in the event of any major changes that may potentially impact the Managed Firewall service, including, but not limited to:
          1. Changing Internet service at the location where the NGFW resides,
          2. Changing internal networking scheme,
          3. Moving the NGFW to a different location, and
          4. Significantly increasing the users of SSL client VPN (as determined by the Provider at the Provider’s sole discretion);
        12. For physical appliances only, unless NGFW is provided by the Provider:
          1. Ensuring proper power is available at the location where the NGFW resides,
          2. Ensuring that the necessary rack space has been allocated,
          3. Ensuring that proper environmental requirements are met for any new Equipment installations, and
          4. Providing the physical address of the NGFW to the Provider.
    25. Managed SIEM (Security Information and Event Management). The terms and conditions of this Section 3.25 are applicable to each Work Order that includes Managed SIEM services.
      1. Provider’s Obligations.The Provider is responsible for the following in accordance with commercially reasonable efforts:
        1. Assisting the Customer in deploying the collector and/or agent on the agreed Customer locations;
        2. Ensuring that all event sources are properly sending logs to the SIEM;
        3. Optimizing the data collection and tuning of alerts;
        4. Creating custom alerting and notifications;
        5. Log File Analysis:
          1. Log files will be subjected to automated analysis procedures designed to identify attacks, operational problems, or compromises,
          2. Anomalies discovered by this process shall be communicated to the Customer, and
          3. A ticket with a monthly report shall be provided to the Customer summarizing the results of the analysis and any applicable network traffic trends;
        6. Log Retention:
          1. Providing a ninety (90) day active log retention. When the specified ninety (90) day limit is exceeded, the oldest logs will be overwritten to make room for new logs,
          2. Providing a one (1) year archive of log files, and
          3. Destruction of logs upon termination in accordance with the terms of the Agreement; and
        7. Custom Reporting or Analysis:
          1. Providing the Customer with the option to purchase custom reporting, log analysis, or forensic investigations, by notifying the Provider for additional iTech fees.
      2. Customer's Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the Managed SIEM services and industry best practices:
        1. Providing an approved network diagram;
        2. Providing a technical resource for the duration of the implementation project, including, but not limited to, installing and uninstalling the collectors and/or agents, and configuring log sources;
        3. Providing a device to collect event logs. In the event that the collector is part of the Customer’s virtual Data Center, providing virtual resources to deploy the collector;
        4. Providing the Provider with an admin account to pull information from the environment;
        5. Providing a list of log sources on the Customer’s network;
        6. Configuring the event sources for log data ingestion based on the Provider’s instructions; and
        7. Notifying the Provider in the event of any changes to the list of log sources or if the network environment changes, including, but not limited to, adding or removing devices.
    26. Managed CRS (Continuous Risk Scanning). The terms and conditions of this Section 3.26 are applicable to each Work Order that includes Managed CRS services.
      1. Provider’s Obligations. The Provider is responsible for the following in accordance with commercially reasonable efforts:
        1. Providing network discovery and asset prioritization;
        2. Identifying critical vulnerabilities;
        3. Providing a remediation workflow engine;
        4. Performing distributed scanning;
        5. Providing visibility to reporting and scorecards;
        6. Creating tenant in the Managed Security Portal;
        7. Setting up Customer’s user(s) in the Managed Security Portal;
        8. Creating an agent installer and supporting the Customer in the deployment of the scanning agent. Agent support shall be limited to Windows OS;
        9. If necessary, assisting the Customer in the deployment of the virtual scanning appliance; and
        10. Setting up the external cloud scanner for external asset scanning.
      2. Customer's Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the Managed CRS services and industry best practices:
        1. Providing all documented IP space (including subnets);
        2. Providing any changes to the network;
        3. Providing an Access Control List (ACL) to allow the Provider’s scanner to reach all devices;
        4. Maintaining proper access to the network and assets being scanned by the Provider;
        5. Assisting the Provider in the deployment of the agenda and/or virtual scanner;
        6. Assisting the Provider in the grouping of assets into business contexts;
        7. Remediating threats and vulnerabilities; and
        8. Notifying the Provider in the event of any major changes that could potentially impact the service, including, but not limited to:
          1. Changing Internet service at the Customer location,
          2. Changing internal networking scheme,
          3. Moving to a different location,
          4. Removing agents,
          5. Adding new endpoints, and
          6. Replacing endpoints.
    27. Managed EDR (Endpoint Detection and Response). The terms and conditions of this Section 3.27 are applicable to each Work Order that includes Managed EDR services.
      1. Provider’s Obligations. The Provider is responsible for the following in accordance with commercially reasonable efforts:
        1. Guiding the Customer in the deployment of the agent(s), which shall be limited to Fortinet FortiEDR agents;
        2. Creating and optimizing the policies and tuning alerts;
        3. Creating and optimizing the Playbook according to threat data and Customer’s business requirements;
        4. Analyzing logs and notifying the Customer of suspicious activity or identified threats;
        5. Creating custom alerting and notifications;
        6. Performing a monthly threat findings review;
        7. Providing a six (6) month log retention;
          1. When the specified six (6) month log limit is exceeded, the oldest logs shall be overwritten to make room for new logs, and
          2. Destruction of logs upon termination in accordance with the terms of the Agreement;
        8. Optionally, configuring the following external integrations:
          1. Custom SIEM target(s), upon Customer’s reasonable request, that are publicly accessible, and
          2. Managed Firewall service for additional automated response capabilities to block known malicious IPs.
      2. Customer's Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the Managed EDR services and industry best practices:
        1. Providing an approved network diagram;
        2. Providing a technical resource for the duration of the implementation project;
        3. Assisting the Provider in deployment of agents on endpoints;
        4. Ensuring that the endpoints, on which the Fortinet FortiEDR agents are deployed, match the specifications as defined in the Provider’s then-current Product Compatibility Matrix;
        5. Assisting the Provider in the customization of Playbooks and policies during the tuning period and ongoing;
        6. Providing incident response and remediating threats; and
        7. Notifying the Provider in the event of any major changes that could potentially impact the service, including, but not limited to:
          1. Changing Internet service at the Customer location,
          2. Changing internal networking scheme,
          3. Moving to a different location,
          4. Removing agents,
          5. Adding new endpoints, and
          6. Replacing endpoints.
    28. Professional Security Services. The terms and conditions of this Section 3.28 are applicable to each Work Order that includes Professional Security services.
      1. Service options.
        1. Network Architecture Review and Design. This service includes professional services by the Provider’s security professionals to review the Customer’s existing architecture, and design a network solution driven by both security and business objectives;
        2. Appliance Configuration and Implementation. This service includes professional services by the Provider’s security professionals to configure and optimize the Customer’s Fortinet FortiGate appliance(s), and test the Customer’s Equipment for readiness and quality before deployment. This service is limited to Fortinet products only; and
        3. Health Check. This service includes professional services by the Provider’s security professionals to perform a detailed review of the Customer’s security solution and identify potential areas of improvement within the scope of the mutually agreed upon SOW.
      2. Provider’s Obligations. The Provider is responsible for the following in accordance with commercially reasonable efforts:
        1. Developing a Statement of Work based on Customer’s provided business objectives and/or goals; and
        2. Performing duties necessary to deliver the service as defined in the Statement of Work.
      3. Customer's Obligations. The Customer is responsible for the following in accordance with Provider’s delivery of the Professional Security services and industry best practices:
        1. Providing a technical resource for the duration of the engagement;
        2. Providing an approved network diagram;
        3. Providing business objectives and/or goals for the engagement;
        4. Acknowledging that the Provider does not guarantee prevention of security breaches;
        5. Exclusively for the Appliance Configuration and Implementation service, accurately identifying the Equipment that needs to be replaced and provide the Provider with the current configuration for the Equipment; and
        6. Exclusively for the Health Check service, providing the Provider with all relevant and necessary details for the Customer’s current security posture and existing system controls.