– Windows support is limited to Windows 2008 and later.
– Linux support is restricted to AWS Linux currently supported by AWS and Red Hat Enterprise Linux 5.0, CentOS 5, and Ubuntu 12 and later.
– Logicworks may manage other operating systems on AWS at its discretion.
– While clients may choose to schedule the deployment of Operating System Vendor patches, those patches must be applied in a commercially reasonable time frame.
– Critical data that needs to be persistent needs to be on persistent storage (EBS) or mirrored across instances.
– Client must communicate any changes of a given server’s role to Logicworks (e.g., installing a database management system on a Web server).
– Client is prohibited from modifying server configuration in any way that prevents the server rebooting cleanly and/or requiring manual intervention on startup or the application from restarting on reboot without manual intervention.
– If a centralized configuration management platform (e.g., Puppet, cfengine, Chef) is utilized to configure auto-scaled resources, Client must notify Logicworks of any new or changed configurations that need to be applied.
– Clients may not disable or alter system settings that may affect monitoring, failover, or administration (e.g., syslog, cron, snmpd for Linux; syslog agent, snmp service, wmi service, windows firewall, remote registry for Windows).
– Logicworks retains root level credentials for all accounts as per our Partner/Reseller agreement with Amazon Web Services.
– Logicworks will issue IAM credentials with privileges up to but not including management of IAM itself and billing to Clients’ users.
– Clients are required to use Multi Factor Authentication for all IAM user accounts that have administrative level privileges allowing for deletion of resources or otherwise harmfully impacting the environment.
– At all times Clients are required to use minimal privileges necessary when automating interaction with the AWS API.
– Passwords must conform to generally-accepted best security practices, i.e., must include non-alphanumeric characters, cannot be easily-guessable, and must be greater than 8 characters.
– If root or Administrator passwords, for Linux and Windows respectively, are changed, the new passwords must be communicated to Logicworks immediately.
– No passwords should be sent via email. If passwords are sent via email, they will need to be changed immediately.
– Client is prohibited from accessing Websites that are likely to contain malicious code from their servers, and are generally discouraged from accessing the Internet from their servers.
– Any changes to network configuration are subject to Senior Engineering approval.
– Administrative access to servers must be available on standard ports and allowed from Logicworks administrative networks.
– All administrative access (SSH, Remote Desktop, FTP, etc.) must be restricted by IP address, or accessed via VPN.
Backup and Recovery
– Backups are done primarily as EBS snapshots.
– For databases on EC2 backups must be written to the local file system first, prior to being copied off-server, regardless of whether database backups are being performed by a custom agent.
– Logicworks cannot exclude individual files or directories from backups.
– All failover scenarios are subject to testing, coordinated by Client and Logicworks within Logicworks normal business hours. Testing must be performed post-turnover and prior to going live (i.e., making the Application available to end users).
– Web servers and application servers which are dependent on high-availability services need to be configured by Client in accordance with Logicworks recommended practices.
– Client is responsible for providing the appropriate parameters (e.g., thresholds, failover conditions, timeouts, etc. set high enough to not cause false failovers) for high availability configurations.
– Clients may not disable or alter system settings that may affect monitoring, failover, or administration (e.g., ucarp, syslog, cron, sendmail, snmpd for Linux; syslog agent, snmp service, wmi, database mirroring, clustering, log shipping, recurring jobs configured by Logicworks for Windows). Client may not alter anything that may affect high availability services without consulting with Logicworks Senior Engineering in advance.
Managed Database (applicable to database services on EC2 instances)
– Replica database servers must be used only for reads when not being used as the live database in a fail-over scenario.
– If replica database servers are used for reporting, enough resources must remain available for the use of the replica server during a fail-over scenario to not be impacted. Client acknowledges that additional users of replica server may impact performance during failover use.
– Client shall be required to provide and maintain, in writing, documentation concerning requested failover procedures.
– Client may be required to maintain separate block devices for log files, data and backups, subject to the direction of Logicworks Senior Engineering.
– Client must notify Logicworks if and when it is performing manual database failovers.
– Client must notify Logicworks of the creation of additional databases as those additions may affect high-availability, backups, or replication (SQL Server only).
Hourly Billable Services
– Services that are billable by the hour must be scheduled in advance.
– Logicworks is entitled to bill for services to repair servers or applications necessitated by Client’s actions (not including restores).
– Logicworks is entitled to bill for application configuration and configuration management beyond standard configurations.
– Logicworks will refer clients to third-parties for services that it does not perform.
– Hourly billable services are provided as-is and as specified at time of scheduling. Further configuration not included in original scope may be subject to additional fees.