Operational Level Agreement

Document control

Document ID OLA(18)001-eduTEAMs-CESNET

Document title CESNET eduTEAMS OLA

https://wiki.geant.org/display/timops/Service+Status+
Definitive storage location
Dashboard

Document owner Christos Kanellopoulos, Service Owner, GÉAMT

Service Owner: Christos Kanellopoulos. Approved 20
December 2018 by email.
Approval
CESNET: Slavek Licehammer. Approved 4 January 2019
by email.
Version 1.0

Last date of change 20 December 2018

Next review due date 31 October 2019

Version & change tracking 1.0 – For approval by GÉANT and CESNET

2/9
Table of Contents
1. General 4
2. Scope 4
3. Description of the Service 4
4. Service hours & exceptions 5
4. Support 5
4.1 Incident handling and response times 6
5. Operational level targets 7
6. Communication, reporting & escalation 7
6.1 General communication 7
6.3 OLA violations 8
7. Information security & data protection 8
9. Termination of Service 9
10. Glossary of terms 9
11. References 9

3/9
1. General
This Operational Level Agreement (OLA) is valid for services provided in the context of eduTEAMS. It is
provided to cover the provision and support of the service as described hereafter.

This OLA applies to the supplier (Service Provider) who provides a service as described in Section 2 to
GÉANT (the Customer).

It is valid from 2018-11-01 to until 2019-10-31 or a newer version is approved by all parties concerned.

Parts of this OLA may be extended or replaced by a more specific agreement.

2. Scope
This agreement describes the provision of a service component or a group of service components, as
described in section 3 "Description of the Service" and referred to hereafter as "The Service" by the
Service Provider. This includes deployment, hosting and support of the underlying infrastructure and
software.

This agreement defines the service levels for the following provisioned service types:

• Shared service
The service is part of the eduTEAMS basic offering available to multiple customers as a shared
platform.

• Dedicated service
The service is provisioned for a single customer only.

3. Description of the Service

CESNET as Service Provider is responsible for the provision of the following service component(s):

• Perun is a service component provisioned by the Service Provider as a Membership

Management Service (MMS) on the eduTEAMS platform. Perun is an Identity and Access
management software that covers management of the whole ecosystem around the users'
identities, groups, resources and services. Perun is well suited for managing users within
organizations and projects, managing access rights to the services. Perun is designed to be
flexible and customizable, therefore it can be easily integrated with other tools or incorporated
into existing workflows. Moreover Perun stresses decentralization of authorization decisions by
empowering end users to manage groups within it and delegate this privilege to other users.

4/9
4. Service hours & exceptions
The Service operates 24 hours per day, 7 days per week (i.e. 365 days or 8,760 hours per year), to
seamlessly operate for the benefit of connected customers. Planned interruptions, which are announced
at least within the advance notice period, may reduce the effective operating time of the service and will
not be taken into consideration in the calculation of the service availability.

The Customer will be consulted to determine the best time window, to minimize disruption to users, as
well as allow service providers to conduct the work efficiently. The Customer will be notified before the
start of the scheduled maintenance period, with a target of 10 working days prior to the start of the
Downtime). In case of urgent maintenance, the notice period will be at least 48 hours. Whenever
possible, maintenance will be scheduled before 9:00 CE(S)T or after 17:00 CE(S)T. The duration of the
planned downtime will be on average one hour or less, and will not exceed 7 hours. Activities
conducted during the downtime are documented and reported to the Customer. The Customer will
receive a notification as soon as the intervention is complete.

In order to ensure that the service component(s) described in Section 3 their agreed functions the
following parameters will be monitored:

Service Component What will be monitored

Perun • The root https endpoints of the service

• The validity of the certificate used by https endpoint of the service
• The LDAP interfaces of the service
• The validity of the certificate used by the LDAP interfaces of the
service

The following exceptions apply:

• Network interruptions outside of the datacentres of the Service Provider

• Outages of the monitoring system itself.

5. Support
Service Support Hours are from Monday to Friday, 09:00 - 17:00 CE(ST) excluding public holidays in the
Czech Republic. Outside of Support Hours, support may be provided on a best effort basis.

Support for the service components described in Section 3 and their related configuration items
includes, but not limited to:

• Operational and capacity monitoring.

5/9
 • Regular maintenance including backups, application of security and OS level updates on own
initiative (preferred), or upon request from the eduTEAMS Service Owner.

• The definition and implementation a Service Continuity Plan in coordination with the eduTEAMS
Service Owner.

• The definition and implementation of a Change Management Plan in coordination with the
eduTEAMS Service Owner

• Handling of change requests.

• Handling of incidents.

• Reporting on maintenance and security and OS level updates periodically.

• Reporting on change request and incident handling.

• Reporting on violations of the service level targets defined in this OLA.

• Participation in Periodic Meeting with the eduTEAMS Service Owner to discuss reports, trends
and impediments.

Incidents and Service Requests must be submitted to the eduTEAMS Service Desk (section 6.1).

4.1 Incident handling and response times

The Service Provider is responsible for the incident management of the service component(s) defined in
Section 3 or related configuration items.

An incident can be an unplanned interruption to or reduction in the quality of the service component(s)
related configuration items OR a failure of a configuration item that has not yet impacted a service.
Incidents can be reported to the Service Provider's Service Desk by the eduTEAMS Service Owner, the
eduTEAMS Service Desk personnel, the eduTEAMS DevOps team or an automated monitoring service.

Incidents will be handled according to an appropriate priority based on the impact and urgency of the
incident. In this context, the following priority guidelines apply:

Priority Description Response Time

Low Common operational issues which do slightly affect the 4d

service quality.

Examples:
• Single functional failure
• Low performance
• Minor software bug

6/9
 Medium An issue that affects the service quality or partly interrupts 2d
the service usage.

Examples:
• Major software bug
• Minor security/privacy issue

High Critical issue that prevents the service usage completely or 0.5d
major security vulnerabilities.

Examples:
• Service downtime
• Service not accessible
• Major security/privacy issue

5. Operational level targets

The following are the agreed operational level targets (measured monthly and yearly) for the service:

Target
Topic Service level parameter

Availability Overall service availability1 99.80%

6. Communication, reporting & escalation

6.1 General communication

The following contact details will be generally used for communications related to the service in the
scope of this agreement:

eduTEAMS / Customer

Service Owner Christos Kanellopoulos

1
The service availability describes the ability of the service to fulfil its intended function (section 4). The Service
availability is calculated as follows: (A - B)/A x 100 = % availability where A: Service Hours (section 3) and B: Outage
of the service, excluding unavailability during planned maintenance (section 3)

7/9
 +31611477919

so@eduteams.org

General Contact support@eduteams.org

Service Provider

Slávek Licehammer

Service Contact slavek@ics.muni.cz

+420 549 497 591

Service Desk perun@cesnet.cz

6.3 OLA violations

Violations of this OLA are documented in the service report and discussed during the regular meeting. In
case of multiple occurrences or major violations of this OLA, the Service Provider must identify the root
cause and provide an appropriate solution design to prevent future violations.

If the Service Provider is not able to provide a suitable solution, the customer is allowed to terminate
this OLA without notice.

7. Information security & data protection

In addition to the rules defined in the Data Processing Agreement signed between the Service Provider
and the Customer, the following rules for information security and data protection apply for all services
covered by this agreement. In accordance to local law, all secrecy and privacy rules defined remain valid
after termination of this agreement.

The Service Provider agrees:

• it is committed to the eduTEAMS Privacy Policy [1]

• it is committed to the Data protection Code of Conduct [2]

The Service Provider is only responsible for data protection of service components within the bounds of
the Support Characteristics described in this OLA.

8/9
9. Termination of Service
Both, the Customer as well as the Service Provider, retain the right to terminate the agreement with a
notice period of 6 months to the end of the month.

Once this agreement terminates, the entire business connection between the Service Provider and the
Customer will end.

The Service Provider commits to perform the following activities:

• Collaborate to the transition to another operational partner, including the transfer of all data,
provision of operational knowledge and documentation in English

• Shutdown the Service at an agreed point in time

• Deletion of all resources and information related to the Service provision once the service
termination is completed (in accordance with applying laws)

10. Glossary of terms

For the purpose of this agreement, the following specific terms and definitions apply:

• Customer
The customer of the Service is the GÉANT Association.
This term does not apply to end users using the service.

• Service Provider
An organization or part of it (commercial or non-commercial) that has a contractual relationship
with GÉANT on the provision of the Service. This term does not refer to technical service
providers in the context of eduGAIN, SAML or OIDC.

11. References

[1] eduTEAMS Privacy Policy

https://wiki.geant.org/display/eduTEAMS/Privacy+Policy

[2] GÈANT Code of Conduct

https://wiki.refeds.org/display/CODE/Code+of+Conduct+for+Service+Providers

[3] ITIL glossary and abbreviations

https://www.axelos.com/Corporate/media/Files/Glossaries/ITIL_2011_Glossary_GB-v1-0.pdf

9/9