Azure Account Administration
– Support requests to Microsoft must be opened by Logicworks’ NOC.
– Windows support is limited to Windows 2008 and later.
– Linux support is restricted to Red Hat Enterprise 6.7+, 7.0+; CentOS 6.3+, 7.0+; and Ubuntu 12.04, 14.04, 16.04, 16.10 or as updated on https://docs.microsoft.com/en-us/azure/virtual-machines/linux/endorsed-distros?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json
– Logicworks may manage other operating systems on Azure at its discretion.
– While clients may choose to schedule the deployment of Operating System Vendor patches, those patches must be applied in a commercially reasonable time frame.
– Critical data that needs to be persistent needs to be on persistent disks or mirrored across instances.
Server and Application Administration
– Client must communicate any changes of a given server’s role to Logicworks (e.g., installing a database management system on a Web server).
– Client is prohibited from modifying server configuration in any way that prevents the server rebooting cleanly and/or requiring manual intervention on startup or the application from restarting on reboot without manual intervention.
– Clients may not disable or alter system settings that may affect monitoring, failover, or administration (e.g., syslog, cron, snmpd for Linux; syslog agent, snmp service, wmi service, windows firewall, remote registry for Windows).
– Logicworks retains a custom role with administrative privileges in a Client’s account.
– Logicworks will issue roles with privileges not including management of billing access and user removal
– At all times Clients are required to use minimal privileges necessary when automating interaction with the Azure API.
– Passwords must conform to generally-accepted best security practices, i.e., must include non-alphanumeric characters, cannot be easily-guessable, and must be greater than 8 characters.
– If root or Administrator level passwords, for Linux and Windows respectively, are changed, the new passwords must be communicated to Logicworks immediately. Accounts with these privileges cannot be named “root” or “Administrator”.
– No passwords should be sent via email. If passwords are sent via email, they will need to be changed immediately.
– Client is prohibited from accessing Websites that are likely to contain malicious code from their servers, and are generally discouraged from accessing the Internet from their servers.
– Any changes to network configuration are subject to Senior Engineering approval.
– Administrative access to servers must be available on standard ports and allowed from Logicworks administrative networks.
– All administrative access (SSH, Remote Desktop, FTP, etc.) must be restricted by IP address, or accessed via VPN.
Backup and Recovery
– Backups are done primarily as Azure Backup.
– For databases installed on virtual machines (eg. not using Azure SQL service) backups must be written to the local file system first, prior to scheduled Azure Backup window, regardless of whether database backups are being performed by a custom agent.
– Logicworks cannot make exclusions from backups.
– All failover scenarios are subject to testing, coordinated by Client and Logicworks within Logicworks normal business hours. Testing must be performed post-turnover and prior to going live (i.e., making the Application available to end users).
– Web servers and application servers which are dependent on high-availability services need to be configured by Client in accordance with Logicworks recommended practices.
– Client is responsible for providing the appropriate parameters (e.g., thresholds, failover conditions, timeouts, etc. set high enough to not cause false failovers) for high availability configurations.
– Clients may not disable or alter system settings that may affect monitoring, failover, or administration (e.g., ucarp, syslog, cron, sendmail, snmpd for Linux; syslog agent, snmp service, wmi, database mirroring, clustering, log shipping, recurring jobs configured by Logicworks for Windows). Client may not alter anything that may affect high availability services without consulting with Logicworks Senior Engineering in advance.
Managed Database (applicable to database services on virtual machines and not using Azure SQL service)
– Replica database servers must be used only for reads when not being used as the live database in a fail-over scenario.
– If replica database servers are used for reporting, enough resources must remain available for the use of the replica server during a fail-over scenario to not be impacted. Client acknowledges that additional users of replica server may impact performance during failover use.
– Client shall be required to provide and maintain, in writing, documentation concerning requested failover procedures.
– Client may be required to maintain separate block devices for log files, data and backups, subject to the direction of Logicworks Senior Engineering.
– Client must notify Logicworks if and when it is performing manual database failovers.
– Client must notify Logicworks of the creation of additional databases as those additions may affect high-availability, backups, or replication (SQL Server only).
Hourly Billable Services
– Services that are billable by the hour must be scheduled in advance.
– Logicworks is entitled to bill for services to repair servers or applications necessitated by Client’s actions (not including restores).
– Logicworks is entitled to bill for application configuration and configuration management beyond standard configurations.
– Logicworks will refer clients to third-parties for services that it does not perform.
– Hourly billable services are provided as-is and as specified at time of scheduling. Further configuration not included in original scope may be subject to additional fees.