TELUS Network Access Management - Service Terms
The terms in this section, called the “service terms”, apply to the group of services described below or a specific service within this group as specified below.
Service Description
TELUS Network Access Management, referred to in these Service Terms as the “NAM Ser-vice”, provides centralized management, enhanced visibility and the ability to apply granular policy based access. The NAM Service is built with Cisco Identity Service Engine (ISE) at the core. Cisco's ISE platform is a leading, identity-based network access control and policy-enforcement system. It is a common policy engine for controlling end-point access and network device administration for enterprises. NAM Service will allow an administrator to centrally control access policies for wired, wireless, and VPN endpoints in the network. This service allows enterprises to gather real-time contextual information from network devices (NADs), users and devices (Endpoints). The administrator can then use that information to make proactive governance decisions and enforce policies by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches.
Service Elements
The following tables describe the elements of the NAM Service that we are responsible for and what you are responsible for. “Security Appliance”, when used in these Service Terms refers to Cisco ISE SNS34x5, SNS35x5, SNS36x5 which could be a Physical Hardware or Virtual Machine based deployment.
Service Element: Hardware and Software | Your Responsibility | TELUS Responsibility | Bill Method | |
Remote pre-configuration of the Security Appliance(s) | No | Yes | Included in one-time charge based on SOW | |
For Customer-provided Security Appliance, grant of right to use license for VPN Client. (if applicable) | Yes | No | . | |
Configuration of network access security policies (policy to be provided by the Customer) | No | Yes | Included in one-time charge based on SOW | |
Implement Security Appliance configuration, and/or removal of appliance | No | Yes | Included in one time charge based on SOW | |
Ensuring that Security Appliance hardware and software are at version levels certified and supported by the applicable vendor and supported by TELUS | No | Yes | Included | |
Provide space, power, cabling and LAN connectivity | Yes | No | . | |
Provide a stable internet access with a static IP address | Yes | No | . | |
Remote pre-configuration of the Security Appliance(s) | No | Yes | Included in one-time charge based on SOW |
Service Element: Use of TELUS Systems & Infrastructure | Your Responsibility | TELUS Responsibility | Bill Method |
Operate a TELUS trouble ticketing system to track and report on current and historical problems for all Security Appliances. | No | Yes | Included |
Service Element: Security Appliance Management | Your Responsibility | TELUS Responsibility | Bill Method |
Monitor (7 x 24) Security Appliance(s) for availability and functioning. | No | Yes | Included |
Monitor (7 x 24) Security Appliance(s): CPU Usage Memory Usage Up/Down Status | No | Yes | Included |
Notification (7 x 24) on threshold exceeded or error condition on Security Appliance CPU Usage Memory Usage Up/Down Status – availability | No | Yes | Included |
Patch Management: Receive and test patches before implementation on the device. Standard Policy is N-1 based (provided the software is supported and approved by the vendor) on TELUS approved patches / versions. Emergency patches are implemented as released by vendor and approved by Customer. Release Management – Major version upgrades are limited to once every two year. Additional requested major version upgrades can be requested via time and material (change request) | No | Yes | Included |
Monthly ISE reports to be provided – Standard out-of-box reports. You will have access to the reports directly from the Security Appliance | No | Yes | Included (Monthly) |
Configuration Changes
Service Element: Scheduled Maintenance; Change Management | Your Responsibility | TELUS Responsibility | Bill Method |
Configuration Changes | . | . | . |
For the NAM Service, standard change requests, as requested by your designated contact. | |||
5 customer-primed changes per month per Security Appliance (or HA Cluster) for the Term. | No | Yes | Included. Additional standard changes are charged based on T&M. Non-standard changes are charged based on SOW and T&M associated with it. |
Scheduled Change Management: Ability to schedule change requests ahead of time to fit your change management process within the following time frames: Mon-Fri 6am to 6pm MST | Yes | Yes | Included |
Ability to schedule change requests to fit your change management process | Yes | Yes | included |
Scheduled Maintenance | . | . | . |
Service Element: Hardware and Software | Your Responsibility | TELUS Responsibility | Bill Method |
Install firmware patches and updates on the Security Appliance(s) as deemed required by TELUS. | No | Yes | Included |
Site Documentation | . | . | . |
Service Element: Service Element: Event Response (Service Assurance) | Your Responsibility | TELUS Responsibility | Bill Method | |
Maintain configuration documentation for any Security Appliance and make accessible to you as requested | No | Yes | Included | |
Single Point of Contact | . | . | . | |
Provide a designated contact with whom TELUS can communicate status of both single ticket events and any systemic problems that are impacting TELUS’s ability to meet Services Levels. | Yes | No | . | |
Provide a single point of contact and create a trouble ticket for each error condition encountered for any Security Appliance, and follow the ticket through resolution and closure on all calls that are TELUS’ responsibility as defined for NAM Service element and the “Scheduled Maintenance and Change Management” element. | No | Yes | Included | |
Appliance Failure | . | . | . | |
If TELUS owns the Security Appliance, in the event of Security Appliance failure, initiate repair or replace. | No | Yes | Included | |
If you own the Security Appliance, in the event of Security Appliance failure, initiate repair or replace. You must authorize TELUS as a managed service provider for vendor support. | No | Yes | Included | |
Valid Vendor Maintenance Agreements | . | . | . | |
If TELUS owns the Security Appliance, have a valid maintenance agreement with the Security Appliance vendor. | No | Yes | Included | |
If you own the Security Appliance, have a valid maintenance agreement with the Security Appliance vendor. | Yes | No | . | |
Software, Managed Services or Configuration Failures | . | . | . | |
First level troubleshooting and problem diagnosis of your application access problems that appear to be impacted by Security Appliance configuration. | Yes | No | . | |
Assist with Security Appliance level troubleshooting and problem diagnosis with approved contact | Yes | No | Included |
Service Element: Security Management | Customer Responsibility | TELUS Responsibility | Bill Method | |
Define business rules for Security Appliance configuration and changes | Yes | Yes | . | |
Notify TELUS single point of contact of customer primed changes that can impact the operation of the Security Appliance(s). | Yes | Yes | . | |
Approve TELUS process to maintain logical access to your LAN for any Security Appliance and provide remote support. | Yes | Yes | . | |
Work with you to ensure proper operation of the Security Appliance when notified of customer primed changes within reasonable and commercial means. | No | Yes | Included |
Charges
There are 3 major components to the NAM Service which are chargeable;
(i) Security Appliance Cost,
(ii) One Time Charge for Installation and Additional Consulting Charges if applicable. A one-time charge for installation will be applied. In the event of additional consulting services required, an additional one-time charge will also be applied.
(iii) Monthly Recurring Charges. A monthly recurring rate charge applies for each Network Access Management service based on your specific service requirements and Service Period.
All such charges are set out on the attached Service Charges form and associated rate sheet for your specific options and associated pricing. We will start the billing cycle for each service location 30 days after the Network Access Management service has been activated in that service location.
Changes
Significant infrastructure upgrades and complex change requests to the NAM Services subsequent to the initial installation required as a result of significant upgrades or changes to your LAN, including new or upgraded servers, hubs, switches, routers, workstations, printers, or firewalls, will be billed on a “T&M” basis and may result in changes to the charges that are set out in the Service Charges table located at the end of these terms.
Other examples of complex change requests which may result in extra charges include (non-exhaustive list):
Creation of a new policy
Addition of new endpoint devices that require a new user profile to be created (e.g. new Security Appliance type or OS type)
Addition of new network devices that require a new profile to be created
Addition of VLANS
Mobile Device Management (MDM) Integration
Configuration of Device Posture Services
Onboarding services (e.g. Certificate Services)
Guest access on Wired deployments
COA (Change of Authorization) Configuration
Cancellation of the Services
When Network Access Management is cancelled, you are required to pay a cancellation charge which compensates TELUS for the costs associated with such cancellation. TELUS calculates the service cancellation charge using the table below, based on the service period you selected. The service cancellation charge is a percentage of the total fixed monthly charges remaining in the service period after cancellation:
Contracted Service Period (months) | % of fixed monthly charges for remaining service period |
0 – 24 months | 100% |
25 – 60 months | 50% |
Service Level Agreement
This table sets out the Service Level Agreement and credit calculation for the NAM Service. These Service Level Agreement numbers are calculated on a per-month and per-site basis. Service Level Agreement results are available to you on your request on monthly basis. Service credits can be claimed by contacting us and any outstanding credits for a month can be claimed for 31-days after the month’s results are made available to you.
We will make commercially reasonable efforts to meet the Service Level Agreements de-scribed below, but any failure to meet a Service Level Agreement is not a breach or default of this Agreement and the award of Service Level Credits is your sole remedy for any such failure. All averages are measured over a calendar month.
Measure | Indicator | Service Level Agreement: Single Security Appliance | Service Level Agreement: Redundant Security Appliance (HA) |
Service Availability of Security Appliance (1) | Number of Minutes per Month – Unscheduled Downtime in Minutes per Month + (Excusable Downtime and Scheduled Maintenance)] / Number of Minutes per Month | 99.7% | 99.97% |
Service Level Availability
Applies to Service availability only (not connectivity between Security Appliance, Active Directory, Radius Servers and other LAN components or connectivity to Internet).
Excusable Downtime include any portion of the Security Appliance outage that is caused by one of the following causes
Acts or omissions by you or a your vendor (other than TELUS pursuant to this Agreement) that adversely affect TELUS’ ability to meet the Service Level Agreement
TELUS cannot access your site where required to carry out TELUS’ responsibilities;
Your designated contact or your managed third party (excluding TELUS) either (1) is not available to receive or install equipment, (2) does not complete remedial work or such work impacts Service Levels, or (3) fails to provide TELUS with accurate and timely information that may be required to enable TELUS to carry out its responsibilities;
Your supplied hardware and software is not kept at version levels that are certified and supported by the applicable vendor.
Hardware, software or facilities that are not TELUS’ responsibility adversely affects TELUS’ ability to meet the Service Level Agreement.
An event of force majeure adversely affects TELUS’ ability to meet the Service Level Agreement.
Scheduled Maintenance will take place between 3:00 A.M. – 5:00 AM EST/EDT on Thursdays and 1:00 A.M. – 4:00 A.M. EST/EDT on Sundays, although TELUS may change these time periods at any time with prior notice to you. These scheduled outage periods are excluded from availability calculations. TELUS reserves the right to execute emergency changes to ensure service availability without your prior approval.
Service Level Credits
Service Level Credits are calculated by taking the difference between the actual Service Availability of Security Appliance achieved and the applicable Service Level Agreement for the applicable Security Appliances. The Service Level Credit is a percentage (as specified in Table C below) of the fixed monthly charges for the applicable NAM Services (not including any variable or usage-based charges). Requests for Service Level Credits must be made by you within thirty one calendar days following the end of the month during which the outage has occurred. Requests must be made in writing to the address provided by TELUS to you during implementation of the Services detailed in the Solution Details.
If difference between actual Service Level achieved and target in a month is | Single Security Appliance | Redundant Security Appliance (HA) | Total Monthly Credits (not prorated) |
2% below target | >97.7% - <99.7% | >97.97% - <99.97% | 10% |
4% below target | >95.7% - 97.7% | >95.97% - 97.97% | 20% |
6% below target | >93.7% - 95.7% | >93.97% - 95.97% | 30% |
8% below target | >91.7% - 93.7% | >91.97% - 93.97% | 40% |
8% or more below target | <91.7% | <=91.97% | 50% |
Table C – Service Level Credit* |
Prevention of Virus Propagation
The NAM Services do not include the installation, configuration and maintenance of anti-virus software, and without limiting anything else in this agreement, we make no warranties relating to, and are not responsible for, the detection or prevention of viruses or the effect of any viruses on the your hardware, software, LAN or facilities, even if the introduction of the viruses is related to the provision of the NAM Services.
Change Management
The NAM service provide ITIL based change management process for all configuration changes included in the service.
The following table outlines the Network Access Management Change Management Service Level Objectives (SLOs). TELUS will make reasonable commercial efforts to achieve these SLOs but any failure to do so will not constitute a breach of this agreement, will not result in any Service Level Credits and will not permit you to claim any amount of harm or damage.
Measure | Indicator SLO: Business Hours | SLO: After Business Hours | ||
Response and completion for standard change request | Elapsed time from reception of your change request to initial acknowledgement of receipt by TELUS | 15 Minutes | 16 Business Hours | |
Response and completion for standard change request | Elapsed time notification back by TELUS to completion (unless parties agree that the change shall be made during Scheduled Maintenance) | 15 Minutes | 16 Business Hours | |
Response and completion for expedited change request | Elapsed time from reception of your change request to initial acknowledgement of receipt by TELUS | 15 Minutes* | 12 Business Hours | |
Response and completion for expedited change request | Elapsed time notification back by TELUS to completion (unless parties agree that the change shall be made during Scheduled Maintenance) | 15 Minutes* | 12 Business Hours | |
Response and completion for emergency change request** Elapsed time from reception of your trouble ticket priority of SEV2 by TELUS | 15 Minutes* | 2 Hours | ||
Response and completion for emergency change request** | Elapsed time notification back by TELUS to completion (unless parties agree that the change shall be made during Schedule Maintenance) | 15 Minutes* | 2 Hours |
*Acknowledgement of change request within a calendar month does not exceed an average of 15 minutes.
**Emergency change requests are implemented following the incident man-agement process and are implemented with 2 hours and following the pre-qualified assessment. Emergency changes requested through Incident man-agement may have billable time associated to the change if the Emergency is related to a root cause outside of our responsibility or ownership.
*** Scheduled Maintenance will take place between 3:00 A.M. – 5:00 AM EST/EDT on Thursdays and 1:00 A.M. – 4:00 A.M. EST/EDT on Sundays, alt-hough we may change these time periods at any time with prior notice to you. These scheduled outage periods are excluded from any availability calcula-tions. We reserve the right to execute emergency changes to ensure Service Availability without prior Customer approval.