EMC DOCUMENTUM AS A SERVICE Se rvices Capabilities Overview
by user
Comments
Transcript
EMC DOCUMENTUM AS A SERVICE Se rvices Capabilities Overview
EMC MSOD - Services Brief EMC DOCUMENTUM AS A SERVICE Services Capabilities Overview SERVICES CAPABILITIES OVERVIEW TABLE OF CONTENTS THE NECESSITY AND CHALLENGE OF ENTERPRISE CONTENT MANAGEMENT ...................................................... 3 WHAT IS EMC DOCUMENTUM AS A SERVICE? ................................................................................................ 4 EMC DOCUMENTUM AS A SERVICE CATALOG ................................................................................................ 9 APPLICATION MANAGED SERVICES ........................................................................................................... 14 UPGRADE, UPDATE, & PATCH MANAGEMENT .............................................................................................. 16 SOFTWARE UPDATE PROCESS .................................................................................................................. 18 TRANSITIONING TO EMC DOCUMENTUM AS A SERVICE ................................................................................. 23 NETWORK CONNECTIVITY REQUIREMENTS ................................................................................................. 25 EMC DOCUMENTUM AS A SERVICE ROLES AND RESPONSIBILITIES ................................................................. 26 EMC DOCUMENTUM AS A SERVICE SECURITY ............................................................................................. 30 2 EMC Documentum As A Service – Services Capabilities Overview The Necessity and Challenge of Enterprise Content Management Every business is now in the information business. No matter what its product or service, an organization that learns to manage and capitalize on the ever-increasing flow of chat, images, video, voice, posts, blogs, email, documents and scans in today’s Digital Enterprise will prosper. An organization that fails to capture, manage, analyze, communicate, and properly govern their information, will fall behind. “Effective Enterprise Content Management can transform IT from a cost center to a growth engine.” Successful transformation to a digital enterprise means the role of the IT professional—as we know it today—has changed, and changed dramatically. Every IT department must now go beyond merely enabling and protecting information, to harvesting and leveraging it for business advantage. For larger organizations, the crucial transformation comes with the deployment of true Enterprise Content Management (ECM). Only an enterprise-class ECM solution can capture, locate, govern, create and leverage content for the global digital enterprise. The business challenges of supporting enterprise-scale, mission critical ECM applications can be daunting, including how to: • Make systems rapidly available to decrease the time to value of ECM solutions • Reduce costs to manage systems and combat increasingly high IT chargeback costs associated with enterprise applications • Increase competitiveness and improve speed to market of new business processes • Improve performance to increase user satisfaction and customer responsiveness • Use operating expense (OPEX) funds for both the licensing and running of the ECM system versus hard to come by capital expense (CAPEX) funds Enter Managed Services For most companies, the answer will eventually lie in outsourcing the management of the ECM environment along with the critical ECM applications and solutions. As we move forward, it has become clear that only an “as-a-Service” model will adequately and costeffectively cope with the challenge of managing enterprise-scale ECM systems, let alone the added value of managing in the cloud to capitalize on the data explosion experienced by the digital enterprise. Only this software deployment model provides an optimal ROI that’s both manageable and predictable. Think of it as historic symmetry: The Internet created the situation, and the Internet must solve it. “As-a-Service” in the cloud refers to any IT service provided over the Internet and available to any computer, any time. Specifically, EMC® Documentum® as a Service delivers an entire platform and set of applications and solutions that can be offered as a service for public, private or hybrid clouds or can solely focus on the management of onpremise ECM applications. 3 Enterprise-Class Content Management in the Cloud Many vendors offer simple file storage in the cloud or provide portals and platforms for customers to develop their own content solutions. While many cloudbased content management solutions provide useful services to their users, it’s important to understand the difference between these products and Enterprise Content Management systems built to support mission critical business processes. Enterprise class ECM provides governance, security, and (most importantly), context for all forms of information: not just documents, but blogs, chat, email, audio, video, and rich media. Silos, in which information is typically stored by legacy applications (e.g. ERP) or cloud-based filing systems (e.g. DropBox), disappear providing a central repository for all content, including federated search, and enforces information policies automatically as content is created. If major organizations fail to provide this level of content management in the cloud, users are likely to create their own ungoverned accounts with public services, further scattering corporate information. EMC Documentum As A Service – Services Capabilities Overview What is EMC Documentum as a Service? When EMC set out to offer their flagship EMC® Documentum®, EMC® Captiva®, EMC® InfoArchive® and EMC® Document Sciences xPression® products as services delivered from the cloud, the EMC Enterprise Content Division (ECD) teamed up with Storage and RSA® Security divisions and with VMware® to create a revolutionary “Purpose-Built” cloud offering unlike anything else available in the market. This “Purpose Built” cloud offering encompasses the following characteristics often deficient in the cloud marketplace: • Minimizes Installation of EMC Technology: Virtualize the server side of our products as well as the desktop side • Provides the Highest Level of Security: Must be as solid as the most hardened on-premise data centers • Ensures that Everything is Pre-installed and Optimally Configured for Rapid Startup: You no longer have to wait months for access to a fully functional baseline EMC deployment • Integrates with Existing Filing and Collaboration products: Allows you to leverage your existing investments • Offers Freedom of Use: Provides you the flexibility to configure application like a traditional on-premise installation The last point is crucial. Cloud-as-a-Service typically force-fits organizations into a standard way of building applications, leaving little room for the kind of flexibility required in enterprise-class deployments. We created a balance that enables enterprises and partners to build fully customized solutions while ensuring a solid, pre-built backend infrastructure managed by EMC experts. Advantages of the ‘As A Service M odel’ The “As a Service” model, offered by EMC, is remotely managed by product and operational EMC experts and may be hosted in the cloud or deployed on premise. It offers you the best opportunity to cut business risk and accelerate the benefits of Enterprise Content Management. A fully managed stack offers quicker start-up, expert administration, a lower Total Cost of Ownership (TCO), dynamic scalability, and Service Level Agreements (SLAs) for disaster recovery and high availability. In the end, it’s all about leverage. Only EMC Documentum as a Service allows you to fully leverage a common infrastructure for ECM, leverage pre-tested configurations, and leverage outside expertise. You don’t have to worry about the mechanics of server farms and product configurations. Your own best people are freed from patching, monitoring, and routine maintenance so they can turn their attention to more productive work—like building specific solutions for business users and seeking innovative strategies to continually move business forward. W hy EMC Documentum as a Service? The cost and complexity of implementing and maintaining a mission critical enterprise ECM system can be overwhelming. Factors include not just a enterprise content management solution, operating systems, database servers, and virtualization infrastructures, but also security administration, scalability, upgrades, disaster planning, third-party application purchases, application integration, support, recruiting, and retaining expertise. EMC Documentum as a Service brings Documentum, Captiva, InfoArchive and Document Sciences xPression to the cloud, leveraging the strengths of EMC, RSA® and VMware® in cloud information management, storage, security, and virtualization. You can now capitalize on the benefits of cloud, backed by EMC experts who eliminated the hassle of deploying, upgrading and managing an optimized ECM environment. 4 EMC Documentum As A Service – Services Capabilities Overview Some key business benefits of EMC Documentum as a Service include: • Single Point Accountability – EMC who built the software provides expertise for the partial or entire stack including applications and solutions • Simplicity – Fully optimized, pre-configured system, fully managed by EMC experts alleviates the hassles of inhouse management and operation • Agility – Rapid realization of business value and ability to easily scale to meet your business demands • Security – Highly secure environments employing latest security technologies with the necessary data center certifications and compliance • Cost – Eliminate hefty upfront capital outlays to a manageable and predictable operating expense and lowers your overall TCO • Flexibility – Choice of cloud deployment and service models to meet your IT requirements allow you to focus on providing additional value add for your business EMC Documentum as a Service solves the following challenges faced by any IT organization: • Upfront capital costs required to implement new or upgrade in-house systems • High operating costs (labor, infrastructure and overhead) required to develop, manage and maintain in-house systems • Mandates to increase ROI and business value from existing technology investments • End-user dissatisfaction with the timeliness or performance of ECM deployments • Hard to find skills and expertise to develop and manage ECM solutions • Need to deliver the highest level of security and reliability for ECM applications and improve availability and disaster recovery preparedness Leverage as M uch Technology and Service as Needed EMC Documentum as a Service provides the flexibility to manage any or all components of the stack, from Infrastructure through ECD software to the application. You can choose services using hardware owned by EMC in both an on-premise and off premise data center model, or the service can run on customer-owned hardware in an on-premise data center model. This allows EMC to work with you to tailor solutions that best fit your IT and business requirements. 5 EMC Documentum As A Service – Services Capabilities Overview The different components within the stack that may be managed by EMC Documentum as a Service are: • Data Center: Facility where hardware infrastructure resides • Hardware Infrastructure: All physical hardware used for the service • Platform Software: Software required to run and administer the service • ECD Software: ECD software products • Application: All components associated with your specific solution The service operations that can be provided by EMC Documentum as a Service are: • Request Fulfillment: Provides a mechanism for users to request and receive administrative assistance • Incident & problem Management: Focuses on restoring service that has been disrupted by an adverse event (Incident Management) and determines the root cause of major incidents, with the aim of taking preventive action to avoid future occurrences (Problem Management) • Change, Release & Configuration Management: Manages the approval and deployment of Change Requests, while maintaining site documentation and configuration information • Event Monitoring & alert response: Provides a “finger on the pulse” of key system performance and health indicators to enable the early detection of issues and enable system administrators to take preventive measures to avoid incidents • Provisioning, Upgrading & Patching; Provisioning of new environments and the installation, upgrade and patching of solution components • Capacity, Performance & Availability Management: Delivers a regular review of capacity and performance metrics to maintain optimal system stability and performance • Access & Security Management: Manage access to the Customer Systems and/or EMC ECD Cloud Services in accordance to the Customer Policies and Customer Service Management Processes • Backup, Recovery & Disaster Recovery: Technology and processes to protect Customer systems and data against system failures or disasters Cloud Deployment Options EMC offers you choice when it comes to deploying ECD content management applications and solutions. You can deploy and rollout ECM environments in the cloud through one of the following four cloud deployment models: 1. Off Premise Cloud 2. On-premise Cloud - EMC owned infrastructure platform 3. On-premise Cloud - Customer owned infrastructure platform 4. Hybrid Cloud Off Premise Cloud In this cloud deployment mode, the Off Premise data centers are managed by EMC via a third-party colocation agreement. These agreements are for dedicated physical (caged) space, network, and power. The contracted third-party data center providers guarantee 100% uptime for network connectivity, power, and relevant environmental controls. EMC owns all hardware components within this dedicated space. Our data center providers have SSAE 16 certification reports that can be shared with you under a Non-Disclosure Agreement (NDA). EMC owns and manages the infrastructure platform within the data centers. Note: EMC Documentum as a Service has separation of duties in the form of data center operations, information security and networking, and application support. Permissions to specific administrative functions are only provided to personnel in charge of the systems and networks they support. On-Premise Cloud – EMC-Owned Infrastructure Platform On-premise data center facilities are owned and managed by you or a third-party facility that is contracted by you. EMC does not own the facility or contract with the third-party data center provider. The party responsible for the data center is responsible for providing EMC with dedicated 6 EMC Documentum As A Service – Services Capabilities Overview physical space, appropriate environmental controls, network, and power in order for EMC to install, configure, and manage the EMC-owned hardware and platform software. Note: EMC recommends that on-premise data centers have a Tier 3+ rating holding a current SSAE 16 SOC I Type II certification that is renewed annually. On-Premise Cloud – Customer-Owned Infrastructure Platform On-premise data center facilities and infrastructure platforms are owned and managed by you or a third-party facility that is contracted by you. EMC does not own the facility or infrastructure platform. The parties responsible for the data center and infrastructure platform are responsible for providing EMC with hardware and platform software in order for EMC to install and configure the ECD software products. EMC works with you to refine the requirements of the infrastructure platform based on the ECD software and overall system volumes. Note: EMC recommends that on-premise data centers have a Tier 3+ rating holding a current SSAE 16 SOC I Type II certification that is renewed annually. Hybrid Cloud Model This flexible deployment option allows you to use an on-premise data center for a primary environment and an off premise data center for a secondary environment. Documentum as a Service Options EMC Documentum as a Service offers you flexible managed service options when it comes to leveraging EMC expertise to manage ECD software and applications. There are three service models below giving you choice on which service best meets your business and IT requirements. The first two service models must be combined with any one of the four cloud deployment models above while EMC Application Managed Services is provided as a standalone service, separate from any of the EMC cloud deployment models. Management of ECD Software and Applications In this service management model, EMC manages the ECD software stack and the applications developed on ECD software products. This service, when coupled with a cloud deployment model in which EMC owns the infrastructure platform, provides you the most comprehensive set of enterprise class services. EMC manages the complete stack, either in an EMC or customer-controlled data center, from infrastructure platform and ECD software to the administration of applications. You do not need to staff full-time experts to deploy, manage, update, or administer ECD software allowing you to focus resources on critical business needs such as the design and development of new solutions to drive incremental business value. 7 EMC Documentum As A Service – Services Capabilities Overview Management of ECD Software EMC manages, patches, upgrades and optimizes the ECD software products. You do not need to staff full-time experts to deploy, manage, or update/upgrade ECD software. However, you are responsible for the design and development of all application-specific configurations and customizations. EMC will deploy the application-specific customizations as part of the service. Additionally, you are responsible for user management and the operation of the administrative tools for your applications. EMC Application Managed Service EMC Application Managed Services is a standalone offering that can be combined with any of the EMC cloud deployment options. It provides operational support and administrative assistance for the ECD software, your application layer and business users for existing in-house implemented ECD products and solutions. Refer to the section on Application Managed Services to learn more about what is included. . 8 EMC Documentum As A Service – Services Capabilities Overview EMC Documentum as a Service Catalog EMC offers a comprehensive set of enterprise class options that allow you to uniquely tailor the services to best fit your business and IT requirements. This service catalog highlights standard features included in EMC Documentum as a Service and the various services options in addition to opportunities for customization. Table Legend • EMC Documentum as a Service: EMC is responsible for and manages the complete solution from the infrastructure through to the ECD software platform and business specific application configurations. This is available both on premise and off-premise. • EMC Application Managed Services: EMC is responsible for and manages the application and platform on customer provided infrastructure. For both of these service offerings we also support customers taking on the responsibility for management of their applications. In this model, EMC management expertise is focused on maintaining the integrity of the Documentum platform and associated components, while customer resources focus on managing the application specific configurations and customizations. Service Level Objectives The Service Level Objectives (SLOs) only cover EMC Documentum as a Service running in EMC On-Premise or EMC Off-Premise data centers as indicated in the tables below. If customer provides the infrastructure, SLAs/SLOs relating to the infrastructure will need to be incorporated into the EMC service agreement before EMC SLOs can apply. These SLOs do not replace or augment your existing EMC Software warranty and/or maintenance agreement in any way. DOCUMENTUM AS A SERVICE STANDARD SERVICE LEVEL OBJECTIVES (SLOS) AVAILABILITY EXCLUDING MAINTENANCE *99.90% AVAILABILITY INCLUDING MAINTENANCE *98.0% RECOVERY POINT OBJECTIVE (RPO) *24 hours (customizable to 4 hours) RECOVERY TIME OBJECTIVE (RTO) * -3 days (customizable to 4 hours) ENCRYPTED ONSITE BACKUP: PRIMARY DATA CENTER Environment and Data ENCRYPTED OFFSITE BACKUP: SECONDARY DATA CENTER Environment and Data BACKUP RETENTION CONNECTION TYPE NUMBER OF ENVIRONMENTS *1 Month (customizable to 12+ months) *Private DEV, TEST, & PROD * * Customized to customer requirements Service Definitions Each item in the above Service Level Objectives table is defined as follows: • “Availability” is measured as the number of minutes a resource is available within a given month divided by the number of total minutes within the same calendar month. For example, 9 o 44,640 minutes in July – 10 minutes of resource downtime = 44,630 minutes of availability o 44,630 / 44,460 = 0.9998 EMC Documentum As A Service – Services Capabilities Overview o The availability for the resource in the month of July is 99.98% • “Availability Excluding Maintenance” is measured as the number of minutes a resource is available outside of scheduled maintenance within a given month divided by the number of total minutes within the same calendar month. For example, o The resource was unavailable for 60 minutes in July due to scheduled maintenance activities o The resource did not have any unscheduled downtime in July o The resource availability, excluding maintenance, for July is 100% • “Availability Including Maintenance” is measured as the total number of minutes a resource is available, including scheduled maintenance, within a given month divided by the number of total minutes within the same calendar month. For example, o The resource was unavailable for 60 minutes in July due to scheduled maintenance activities o The resource had 10 minutes of unscheduled downtime in July o 44,640 minutes in July – 70 minutes of resource downtime = 44,570 minutes of availability o 44,360 / 44,460 = 0.9998 o The availability for the resource in the month of July is 99.84% Availability calculations inside of Scheduled Maintenance Windows are exclusive of downtime due to any customer requested Category 4 event and regularly scheduled Category 5 events as defined in the Update Categories table in the Upgrade, Update, & Patch Management section of this document. • “Recovery Point Objective (RPO)” is the maximum period in which data might be lost due to a targeted event • “Recovery Time Objective (RTO)” is the duration of time for full system restore of the Production environment in off-site (recovery/secondary) data center post the declaration of a catastrophic failure of a primary data center Robust Data Center Infrastructure In order to avoid disasters, it is important to have robust data centers that offer infrastructure with built-in physical protection and redundancy. EMC requires that all data centers used for EMC Documentum as a Service be rated as minimally Tier 3 data centers with current SSAE 16 compliance. DOCUMENTUM AS A SERVICE STANDARD SERVICE ACCESS CONTROL & PHYSICAL SECURITY ü ENVIRONMENTAL CONTROLS & FIRE SUPPRESSION ü POWER & NETWORK ü COMPUTER INFRASTRUCTURE & REDUNDANCY ü TIER 3+ DATA CENTERS ü HIPAA ü SSAE 16 REPORTS ü LOCATIONS 10 USA – Eastern, USA – Western Netherlands – Amsterdam, Germany – Nuremberg Customer Premise EMC Documentum As A Service – Services Capabilities Overview The data center infrastructure for EMC Documentum as a Service includes, but is not limited to: Access Control and Physical Security • 24-hour manned security, including foot patrols and perimeter inspections • Dedicated concrete-walled data center rooms • Documentum as a Service equipment in access-controlled steel cages • Video surveillance throughout the facility and perimeter • Building engineered to withstand local environmental risks, such as strong winds, flooding, seismic events, etc. Environmental Controls • Humidity and temperature control • Redundant (N+1) cooling system Power • Underground utility power feed • Redundant (N+1) CPS/UPS systems • Redundant (N+1) diesel generators with on-site diesel fuel storage • Fully redundant power distribution units (PDUs) Network • Fully redundant internal networks • Carrier neutral; connects to all major carriers and located near major Internet hubs • High bandwidth capacity Fire Detection and Suppression • Very early smoke detection apparatus and fire suppression Multi-Vendor Data Center Approach • Primary and secondary data centers are provided by different vendors to prevent propagation of procedural failures Computer Infrastructure Quality and Redundancy • Scalable compute resources • At least N+1 redundancy • Enterprise-class EMC Storage • Multipath fiber connectivity • Enterprise-class networking components • Multipath switch connectivity • Hardware failures are repaired or replaced within 4 hours • Cold spares for critical components 11 EMC Documentum As A Service – Services Capabilities Overview Infrastructure Services 1 DOCUMENTUM AS A SERVICE STANDARD SERVICE COMPUTER HARDWARE MAINTENANCE & UPGRADES ü NETWORK HARDWARE MAINTENANCE & UPGRADES ü INFRASTRUCTURE SOFTWARE MAINTENANCE & UPGRADES • QUARTERLY SCHEDULED MAINTENANCE WINDOW ü EMC SOFTWARE MAINTENANCE & UPGRADES • UPDATES: PATCHES & HOTFIXES • UPGRADES: NEW SOFTWARE VERSIONS ü MONITORING: STORAGE & NETWORK HEALTH 2 • HOST AVAILABILITY • CPU CONSUMPTION • MEMORY CONSUMPTION • DISK CONSUMPTION ü MONITORING: TRAFFIC, UTILIZATION, & BANDWIDTH ü MONITORING: APPLICATION HEALTH ü MONITORING: SECURITY HEALTH ü VIRUS & MALWARE DETECTION ü Monitoring includes both point in time (e.g., exceeding threshold, status) and trending over time (changes in normal behavior) MONTHLY REPORTS 3 AVAILABILITY ü CAPACITY TRENDING ü Ongoing Environment Monitoring Extensive, ongoing monitoring of data center resources is provided to proactively identify any issues with the Documentum as a Service environment. Comprehensive Backup Procedures The EMC Administration team follows rigid backup procedures to protect content, metadata and search indexes, as well as any special code or configurations within your Documentum as a Service environment. Availability Report EMC Documentum as a Service offers a standard monthly “Availability Report” that contains server name, number of hours of available time in month, number of total hours in month, number of hours of scheduled maintenance activities in month, Availability exclusive of scheduled maintenance, and Availability inclusive of scheduled maintenance. 12 EMC Documentum As A Service – Services Capabilities Overview Resource Name Downtime Including Maintenance (minutes) Uptime Including Maintenance Downtime Excluding Maintenance (minutes) Uptime Excluding Maintenance CTSTD-CUSTX 60 99.87% 0 100% CTSTP-CUSTX 70 99.84% 10 99.98% Service Governance The Service Governance Controls for EMC Documentum as a Service include, but are not limited to: DOCUMENTUM AS A SERVICE STANDARD SERVICE SECURITY & RISK MANAGEMENT • SECURITY-HARDENED CONFIGURATIONS • ANTI-MALWARE OPTIMIZED FOR VIRTUAL ENVIRONMENTS • GRANULAR ACCESS CONTROL AND AUDITING CAPABILITIES • CHANGE CONTROL FOR ANY ALTERATIONS BY EMC STAFF • KEY PROCESSES ENABLED FOR CENTRAL MONITORING • RESOURCE CONSUMPTION MONITORING (CPU/RAM/DISK) • PATCHED ACCORDING TO RISK ü POLICY & COMPLIANCE MANAGEMENT ü INCIDENT & PROBLEM MANAGEMENT ü CHANGE MANAGEMENT ü IQ/OQ DOCUMENTATION FOR LIFE SCIENCES ü ACTIVE DIRECTORY (LDAP/LDAPS) SYNC ü SAML 2.0 SUPPORT ü DOCUMENTUM INLINE USERS ü SSAE SOC I TYPE II CERTIFICATION ü SSAE SOC II TYPE II CERTIFICATION * HIPAA/HITECH ü * Planned but not yet available. 13 EMC Documentum As A Service – Services Capabilities Overview Application Managed Services Application Managed Services provides operational support and administrative assistance for your application layer and its users. APPLICATION MANAGED SERVICES STANDARDS REQUEST FULFILLMENT ü INCIDENT MANAGEMENT ü END USER ASSISTANCE ü APPLICATION SUPPORT ü PROBLEM MANAGEMENT ü CHANGE AND RELEASE MANAGEMENT ü SERVICE MANAGEMENT ü PROGRAM OF WORK MEETING Weekly SERVICE REVIEW MEETING Monthly GOVERNANCE MEETING Annually Request Fulfillment This service element enables you to log requests for administrative assistance. Requests are of two types, Standard Requests and Non-Standard Requests. A Standard Request is defined as part of a Standard Request Catalog. The type of request that can be made will depend on the installed products, but example Standard Request Catalogs are available for each product or solution covered by the service. Below is an example of a Standard Request Catalog for a Documentum D2® Life Sciences solution: • Create new User • Modify user Properties or Re-assign or Inactivate existing user in Documentum • Create new group/ new role in Documentum • Modify / Reassign existing group in Documentum • Create new ACL/Permission set in Documentum • Modify or Delete Permission set • Apply existing ACL/permission set to multiple folders or documents • Unlock single “Checked-out” document • Change the owner of documents or folders • Create a new Folder (Single Folder) • Delete an existing folder (Single Folder) • Restore a single document (Prior to DMClean run) • Add user to a Group/Role • Documentum User Access Level Report (Documents or Folders) • Workflow-related (Aborting, Resuming, Delegating, Changing the WF supervisor) • Report generation for preexisting report types 14 EMC Documentum As A Service – Services Capabilities Overview Non-Standard Requests are often complex in nature and may require analysis and scoping to determine efforts required to execute them. As a result they are generally deemed out of scope; however, EMC can manage the qualification, approval and execution of Non-Standard Requests with the work being undertaken on a time and materials basis. The list below provides examples of some activities that would be deemed NonStandard Requests: • Ad-hoc Report generation using DQL’s Or Using MyInsight for Documentum (formerly eDRG) from Amplexor (formerly named Euroscript). E.g. o Doc Expire report o Creation and Approval report o Print Report • Audit trail reports (Multiple Documents) • Creation/deletion of multiple Folder structures and ACLs • Bulk creation or deletion of users, groups • Change owner of multiple documents or folders • Apply existing ACL to multiple folders or documents • Bulk updates of metadata for folders or documents • Add document type or folder types • LSSV Bulk upload • Any changes to D2 –Configuration, e.g. Manage Pick list values (Adding/remove/modify Values), etc. End User Assistance and Application Support End User Assistance and Application Support provides a mechanism for your business users to log assistance requests and issues they encounter in relation to their use of your application. These may range from simple “how to” type questions to issues with customizations or application specific processes. The inclusion of Application Support in a Documentum as a Service engagement enables EMC to capture and manage application specific administration tasks, such as managing jobs or executing application specific administrative tasks, such as procedures for regular data uploads. Problem Management For major Incidents or recurring incidents that collectively result in significant disruption to business users, Problem Management will conduct a Root Cause Analysis to identify the underlying cause(s) and provide recommendations to eliminate them from the application environment. Change and Release Management Application Managed Services will: • Participate in your Change Management process to evaluate the impact of any change that may affect in-scope applications • Develop technical release plans for implementing approved changes • Deploy approved changes and perform system testing in pre-production and production environments Benefits of Application M anaged Services Application Managed Services improves the adoption of new business solutions by improving your user experience. EMC does this through a combination of: • Proactive application management to increasing solution stability • Effective resolution processes combined with a depth of experience to reducing the impact of issues on the business • Efficient execution of administrative tasks to provide a responsive service to business users Experience has shown that such an environment helps drive confidence and innovation in an organization’s use of EMC’s technologies. The result is a platform that evolves with the business and an increased return from the investment made in EMC products and solutions. 15 EMC Documentum As A Service – Services Capabilities Overview Upgrade, Update, & Patch Management EMC has a first-class process for ongoing maintenance that keeps all environments in Documentum as a Service highly available, stable, and secure. EMC partners with you to identify and agree upon outage windows and notification procedures to ensure that any necessary downtime for updates does not adversely impact your business. The following items are included in maintenance activities completed as part of Documentum as a Service: • Hardware Updates o Infrastructure Software Updates: o Operating Systems, Application Servers, and RDBMS o Relevant Dependent Vendor Third-Party Software: e.g. Java, ActiveX o Virtualization Software o Security & Monitoring Software o Administration Software for Hardware Components • Documentum as a Service Portal Updates • EMC ECD Product & Solution Updates deployed in Documentum as a Service • EMC Partner Product & Solution Updates deployed in Documentum as a Service Update Categories The following table describes the categories of updates included in Documentum as a Service: Details Categories Description Example Updates Outage Characteristics Customer Influence Notice 1 Expected Frequency 2 EMC Documentum as a Service Platform Updates Category 1: Critical EMC Documentum as a Service Platform Updates Category 2: Optimal EMC Documentum as a Service Platform Updates and Upgrades • Patches required to maintain a highly available and secure software/hardware platform • Emergency hardware maintenance • Critical Operating system patches • Virus signature and engine updates • Rare • Rolling outage is planned during customer’s predefined maintenance window • None • Updates are deployed per schedule in order to ensure continued security and operation of the EMC Documentum as a Service platform Minimum 3 days 4x per year • Patches or upgrades required to optimize or harden the software or hardware platform • May provide platform improvements and new features • Upgrades to keep components in a supported state • Hardware replacement/ upgrades/updates • EMC Documentum as a Service Portal upgrades • vShield firewall upgrade • VMware View remote desktop upgrade If an outage is required and can be done with a rolling outage, customers will be allowed to reschedule the outage window within a 4 week timeframe during a regular maintenance window • None • Customer must take the update Minimum 30 days 4x per year Solution provider controlled but applied on a rolling basis within the customer’s maintenance window Minimum 30 days Maximum 1x per year EMC Express Solutions Category 3: Optimal EMC Express Solution Updates and Upgrades 16 • Patches or upgrades required to optimize the solution • May provide solution improvements & new features • Upgrades to keep solutions in a supported state • Capital Express Solution service packs or version upgrades • Life Sciences Solution service packs or version upgrades One application environment at a time would be taken down to apply the update EMC Documentum As A Service – Services Capabilities Overview EMC Product Category 4: Critical EMC Product Updates Category 5: Optimal EMC Product Updates • Patches to maintain a highly available and secure product upon which to construct an application • xPression single package hot fix • Captiva, Documentum, out of cycle hot fix One environment at a time would be taken down to apply the update • When resolving critical product issues, upon customer request only • As required by a Category 1 or 2 Update Minimum 3 days or by customer request 4x per year or by customer request • Patches and upgrades to optimize the product • May provide product improvements & new features • Upgrades to keep products in a supported state • xPression 4.5 patch 1 to xPression 4.5 patch 2 • Captiva InputAccel Server 7.0 to Captiva InputAccel 7.1 • Documentum Content Server 7.1 to Documentum Content Server 7.1 SP1 One environment at a time would be taken down to apply the update Updates may be postponed based on custom class of service, such as what is negotiated and defined by a customized agreement. Minimum 30 days Maximum 1x per year 1. Notice via approach defined in the section pertaining to SLOs and will include description of affected servers, services, and components as well as expected downtimes for each. 2. Expected Frequency is a general estimate. Due to the dependencies on third-party products (such as operating systems, application servers, databases, hardware components, etc.) the frequency of updates is very difficult to predict. We will strive to consolidate updates to reduce the overall frequency of scheduled downtimes, but reserve the right to require scheduled activities during our published downtime window as frequently as required to maintain the secure, reliable operation of the EMC Documentum as a Service. Scheduled Maintenance W indows Each customer contract contains a mutually acceptable Scheduled Maintenance Window that Documentum as a Service may utilize for deployment of planned updates. Maintenance is conducted during the scheduled window and is not expected to use the entire window every week. The standard monthly availability for production environments with scheduled maintenance is 98%. Availability calculations inside of Scheduled Maintenance Windows are exclusive of downtime due to customer-requested Category 4 events and regularly scheduled Category 3 and Category 5 events. Non-Service Interruption Infrastructure Updates Updates to the supporting infrastructure of the Documentum as a Service environment that do not require service interruption will be completed at the discretion of the EMC administration team without maintenance notification as a standard practice. 17 EMC Documentum As A Service – Services Capabilities Overview Software Update Process This following provides an overview of the EMC Documentum as a Service process for upgrading and patching all deployed software: Research: Gather Inform ation on New Software Releases Documentum as a Service will maintain a comprehensive record of all deployed software, including infrastructure software and the software stack deployed in your environment. In order to determine what updates are available, assigned subject matter experts (SMEs) review standard software product update tools and information available to all licensed customers. These tools vary by software product, yet can be automated update verification tools such as Windows Update or EMC Tech Alerts sent via product specific support advisory subscriptions. Once this information has been gathered, it is categorized into a release type and submitted for review as part of the Analyze phase. Infrastructure Software Release Terminology Example Release Type Description Major A major release contains an architectural change and/or several significant features. Minor A minor release contains one significant feature or several small ones. Service Pack A service pack contains two or more bug fixes. It may not contain new features. Hotfix A hotfix is a single bug fix. EMC ECD Release Definitions EMC Documentum as a Service deploys the same General Availability (GA) software releases that EMC customers can download from the download center (https://emc.subscribenet.com). Special software builds are not created for Documentum as a Service environments. This means that the EMC administration team is dependent on the same ECD software release cycles and availability as On-Premise customers. Understanding ECD’s software release process is necessary to better understanding the flow and availability of software to environments managed by EMC. 18 EMC Documentum As A Service – Services Capabilities Overview The following tables describe the applicable software categories used for analysis: ECD Software Release Terminology Release Type Example Description Major 7.x, 8.x Software that includes significant features and code corrections. May include architectural changes. Minor 7.1, 7.1.1 Software that includes minor features and code corrections. May include significant features. Service Pack 7.1 SP2 Software that includes code corrections. Not intended to include features, but may include minor features upon exception. Patch Rollup 7.1 SP2 P01 Software that is a group of code corrections. Does not include new features. Out of cycle hotfix /Hotfix 7.1 SP2 P01 HF1 Software that is a single code correction for a specific issue. Does not include new features. 1) Major Release – 7.x, 8.x: A Major Release is ECD software that includes significant features and code corrections. A Major Release may include architectural changes. In most scenarios, ECD will release all primary components of an ECD software solution stack as part of a Major Release. These releases generally include supportability with more current releases of operating systems, databases, applications, and platform software such as Java. EMC Partner and other third-party add-ons for ECD software typically require a corresponding update in order to be compatible with a Major Release. 2) Minor Release – 7.1, 7.1.1: A Minor Release is ECD software that includes minor features and code corrections. A Minor Release may not include architectural changes, but may include significant features. In most scenarios, EMC will release all primary components of an ECD software solution stack as part of Minor Release. These releases generally include supportability with more current releases of operating systems, databases, applications, and platform software such as Java. EMC Partner and other third-party add-ons for ECD software typically require a corresponding update in order to be compatible with a Minor Release. 3) Service Pack Release – 7.1 SP1, 7.1 SP2: A Service Pack is ECD Software that includes code corrections applicable to a Major Release. Service Pack releases are not intended to be a feature release, but may include minor features upon exception. These releases may include supportability with more current releases of operating systems, databases, applications, and platform software such as Java. Service Pack Releases may require updates to multiple products in order to achieve a software stack documented as supported and compatible. EMC Partner and other third-party add-ons for ECD software may require a corresponding update in order to be compatible with a Service Pack Release. The code corrections and any features included in Service Pack Releases are included in subsequent Major and Minor Releases. 4) Patch Rollup Release – 7.0 SP2 P01 A Patch Rollup is software that contains a group of code corrections and does not include new features. This type of release typically does not adversely impact other software components in the software stack, including EMC Partner and Third-Party add-ons. The code corrections included in Patch Rollup Releases are included in subsequent Major and Minor Releases. Out-of-cycle Hot Fix and Hot Fixes – 7.0 SP2 P01 HF1 An out-of-cycle Patch and Hot Fixes are code corrections for specific urgent customer-specific issues. Not all issues result in an Out-of-cycle or hot fix due to the complexity of the fix. If the software problem encountered is part of the GA software, then the fix will be included in the subsequent Patch Rollup Release. If the code correction is not generally applicable to all customers, then it may not necessarily be included in the subsequent Patch Rollup Release. 19 EMC Documentum As A Service – Services Capabilities Overview Analyze: Determine Upgrade & Update Viability There are several factors to consider when determining timely and appropriate updates for environments managed by the EMC. Some of these factors include, but are not limited to, the following: • Documentum as a Service Update Category o Categories 1-5 • Complexity Associated with Release Type o Major, Minor, Service Pack, and Patch Rollup Release • End of Service Life (EOSL) Date of the Product Version that is Currently Deployed • Enterprise Software Customer Adoption of Infrastructure Software Releases • EMC Customer Adoption of New Software Version o New Deployments and Upgrades o On-Premise and Documentum as a Service • Impact on the Full Software Stack o Infrastructure Software Updates: Optional and Required o Compatibility with Other Deployed ECD Software o Compatibility with Other Deployed EMC Partner and Third-party Add-On Software o ECD Software Updates: Optional and Required o EMC Partner and Third-Party Add-On Software • Risks associated with an Upgrade • Anticipated Impact to the Customer o Compatibility with New and Existing Customizations o Regression Testing: Planning and Execution o Anticipated Duration of Downtime for Upgrade Once these factors are investigated, relevant updates are designated as candidates for scheduled maintenance. EMC has a team of experts that meet frequently to review and plan scheduled maintenance activities. This review includes existing candidates for scheduled maintenance in addition to new candidates designated as relevant via research activities. A package of software patches and/or upgrades is approved for verification at the end of the Analyze phase for scheduled maintenance. EMC ECD Product Information You can keep up-to-date with EMC ECD product notifications, service life information, and other important product specific information via the “Support by Product” section of https://support.emc.com. All EMC ECD products managed by EMC within Documentum as a Service must be in a supported state with a minimum of Enhanced Support in order to ensure complete 24x7 coverage for products and services. Products that are designated EOSL are eligible for additional Extended Support Services. Verify: Testing and Confirm ation of Updates & Upgrades In order to maximize the efficiency, minimize risks, and verify overall applicability of a software upgrade within a Documentum as a Service environment, members of the EMC R&D team will verify the documented deployment process of the GA software in an internal lab environment. The environments managed in the lab contain a representative sample of the core ECD products installed in applicable Documentum as a Service environments in order to assess compatibility risks with the new product. Only default product configurations are tested. Therefore, when you approve the upgrade you are still required to adequately plan time and resources to test the compatibility of customizations deployed within your environment. 20 EMC Documentum As A Service – Services Capabilities Overview The types of changes included in Major Releases, Minor Releases, and Service Packs typically include a level of complexity that requires deployment testing in order to minimize risks. Before Major Releases are considered for availability within Documentum as a Service, the GA product documentation is used by members of the R&D team to verify installation and upgrade steps in the Documentum as a Service lab. This testing process is designed to verify installation procedures and compatibility between software components in the core ECD software stack deployed within Documentum as a Service environments. EMC performs additional sanity testing to further ensure quality and stability. Once the deployment testing has been deemed successful, the installation and upgrade steps are scripted to ensure consistency in deployment, reduce chances of human error, and minimize system downtime for you. Major Releases, Minor Releases, and Service Packs typically require extended downtime for deployment. The extended downtime would need to be precisely planned and include time for installation, your specific configuration changes, customization upgrades for tailored usability and functionality, and extensive regression testing by you. As a result, you may not desire to upgrade to every new release upon GA. Therefore, not all Major Releases, Minor Releases, and Service Packs are pre-approved for availability within the Documentum as a Service environment. Patch Rollup Releases have a lower level of regression and compatibility impact to the deployed environment and related customizations. Before Patch Rollup Releases are considered for availability within Documentum as a Service, the GA product documentation is used by members of the R&D team to verify installation and upgrade steps in the Documentum as a Service lab. This testing process is designed to verify installation procedures and compatibility between the affected software components of EMC ECD software deployed within Documentum as a Service environments. The GA documentation can be verified in the lab without any need for scripts and can be approved for deployment within Documentum as a Service environments quickly and efficiently. Unlike larger feature inclusive releases, the downtime required for the deployment of Patch Rollup Releases typically can be kept within standard maintenance windows. Given the reduced deployment risk of these types of releases, you should only need to regression test the items listed in the GA Release Notes published for that specific Patch Rollup Release. All Patch Rollup Releases can be made available for deployment within Documentum as a Service at your request. Out-of-Cycle Patches and Hot Fixes have the least amount of risk of any type of software upgrade. Before Out-of-Cycle Patches and Hot Fixes are considered for availability within Documentum as a Service, the GA product documentation is used by members of the R&D team to verify installation and upgrade steps in the Documentum as a Service lab. This testing process is designed to verify installation procedures and compatibility between the affected software components of ECD software deployed within Documentum as a Service environments. The GA documentation can be verified in the lab without any need for scripts and can be approved for deployment within Documentum as a Service environments quickly and efficiently. Given the significantly reduced deployment risk of these types of releases, you should only need to regression test any items affected by the release. EMC ECD R&D may not be able to create an Out-of-Cycle Patch or Hot Fix if the complexity of the issue requires a larger and more comprehensive software release. Schedule: Coordinate with Custom ers An ECM Service Delivery Manager works with you to get prior approval for any software update that affects your application usage. Please refer to previous Update Categories table for details on when you would be notified. Customer Responsibility Pre-Deployment You need to get an internal change request approved if needed as per your process. The update should be reviewed and test plan created accordingly. Release notes for the update should be reviewed and any configuration or customization updates required should be considered and planned. Deployment plan for all environments should be created. Deploy: Implementation of Updates & Upgrades After the update is successfully tested in the Documentum as a Service lab environment, deployment in your environment can proceed. An EMC Service Delivery Manager will manage the update as per the mutually agreed upon deployment plan. An EMC Product Specialist will take the snapshot of the environment prior to any update. Each environment update starting from sandbox/dev, test and production is done separately and one at a time. After each environment is smoke tested, it is handed over to you for regression testing. After you confirm that deployment is successful then the subsequent environment is updated as per the schedule defined in the deployment plan. Snapshot is deleted after the environment is successfully tested and confirmed. 21 EMC Documentum As A Service – Services Capabilities Overview Customer Responsibilities Post Deployment As per the pre-defined test plan, an environment should be tested by you. Based on the release notes review, all test cases should be considered. Upon successful completion of testing, approval to deploy the update in subsequent environment should be given. If testing fails, you would need to work with EMC Cloud Services resources and ECD Support to find the root cause of the issue and the resolution. Record All new customer Service Requests (SR) are entered in Oracle/CSI to track the progress and activities of the fix. This service request will be owned by the EMC team and is separate from the service request owned by ECD product support. The update SR is to remain open until the update has been successfully promoted to your Documentum as a Service environment(s). Once you confirm by successfully testing the environments, then the SR can be closed. Notify All customer communications are coordinated by an EMC Service Delivery Manager and an EMC Services Product Specialist for software updates. You will be notified after each environment’s deployment and smoke testing is completed. The specific open Service Request will be closed upon successful deployment in all environments and communication sent to you. Customer Customization Updates You are responsible for configuration management and versioning control of customized files. You have specific access permissions to each environment. Refer to proceeding Documentum as a Service Access section in this document for details on access allowed. You can deploy customized updates to the development environments and perform the testing. Upon successful testing, you can request to deploy the updates into the test and production environments. This is done by creating a new SR providing details of what needs to be deployed and in what environment. Proceed with caution when requesting changes in the production environment. It should only be requested after the updates have been thoroughly tested in the DEV and TEST environments. The test plans should be all inclusive of all scenarios to avoid any issue in the production system. The EMC Cloud Services Product Specialists will record the activities in the open SR and deploy the updates as per your instructions in the requested environment. The EMC Cloud Service Product Specialists will verify that all environments have the same updates and there is no discrepancy. Once the updates are completed in all environments and successfully tested, the SR can be closed. 22 EMC Documentum As A Service – Services Capabilities Overview Transitioning to EMC Documentum as a Service EMC Professional Services, an EMC certified partner or you may design the migration approach and perform the migration services. EMC Professional Services specializes in designing and performing migration services by leveraging the technical resources within the organization that developed and supports the migration application. You can leverage this expertise by using EMC Professional Services to assist with the design and performance of the migration services. Copying the Repository from the Customer Environment EMC recommends that EMC Professional Services be engaged to design the approach and perform the migration services. Content files and the Database data files can be copied into the Documentum as a Service production environment over the private VPN connection. If the filestore size is significant, we recommend using a differential copy program like Robocopy to start the copying process early on in the project timeline. A final differential copy should be run on the go-live day to ensure that all content has been moved over to the Documentum as a Service environment. The filestore size and timeline should be considered in formulating the migration approach defined in the contract. The time it takes to load should be tested and verified to ensure it meets the customer required timeframe. Integrity of the data is verified by the customer. This model assumes that the source (your environment from where we are migrating) and Target (Documentum as a Service environment) match exactly: • OS and version of the Documentum Content Server match exactly • OS and DB version match exactly • Docbase Repository name and ID match exactly • Docbase meets the Documentum as a Service guidelines (cleanup performed and clear of consistency check errors) Loading Using a Tool EMC Professional Services, an EMC certified partner or you may design the migration approach and perform the migration services. In this model, migration is from source to target using a migration tool that performs extract, transformation and load. Loading should be specific to Documentum version and the SQL database deployed in the Documentum as a Service environment. Integrity of the data should be verified and is not the responsibility of the EMC Cloud Services team. There are certain limitations when running the migration tool: • A temporary database repository owner password can be provided for the migration period. This password would be changed after the migration is finished. • Temporarily the customer share is mounted on Documentum as a Service but not Documentum as a Service storage on customer side. • Ongoing migration requiring super user access is not allowed. • If the ongoing migration can be done by just using Documentum admin rights (not Windows system admin rights) with the migration tool, then it can be configured. M igration Tool Deploym ent Documentum as a Service has a pre-built catalog of applications that EMC takes responsibility for installing, configuring, monitoring, scaling, tuning, patching, and upgrading. The team also leverages the technical resources within the organization that developed the application and is responsible for supporting it. This enables EMC to meet the contractual level of system availability and maintainability. The Migration tool is not included in this pre-built catalog of applications. EMC’s recommendation is for you or EMC Professional Services to install it on VMs on your side to communicate with Documentum as a Service servers. By having this on-premise, you have full control to make any changes and customizations when needed. 23 EMC Documentum As A Service – Services Capabilities Overview Deploying either an EMC developed migration tool or third-party tool to Documentum as a Service would require a contractual agreement on cost and deliverables. Any third-party tool installation in a Documentum as a Service environment needs to go through rigorous change management process ensuring the feasibility, compatibility and maintenance of the tool to ensure the security and system availability EMC promises. The deployment and working of the tool within the Documentum as a Service environment has to follow the access defined in the next section. If the tool requires access beyond what is allowed, then it is not feasible for it to be deployed in a Documentum as a Service environment. Documentum As A Service Access Documentum as a Service has achieved the highest level of data center certifications in the entire EMC ecosystem. We are unable to retain these certifications should we grant administrator or super user access outside of the EMC Cloud Services team. Doing so would break documented processes and procedures. Breaking those procedures would result in failure of audits against our certifications, loss of certifications, and loss of customers relying upon us to retain those certifications. For example, a fundamental standard for running data centers and Information Technology is change management and tracking. Before EMC makes any change to a data center for any reason, even a development environment, we create a change control record and document the changes. When we grant administrator rights outside of EMC Documentum as a Service, we lose that control, and there is no way to guarantee all changes are properly documented, as EMC is not performing the changes. No super user access can be given to you in the Documentum as a Service Test and Production environments. • A temporary Database repository owner password can be given before the production starts to migrate. After migration, the password would need to be changed. • A Windows system admin right for any environment is not allowed. However, Documentum admin rights are given. 24 EMC Documentum As A Service – Services Capabilities Overview Network Connectivity Requirements EMC Documentum as a Service provides both on-premise and off premise cloud models. For on-premise models, EMC connects the your data directly with our on-premise equipment to enable ongoing monitoring and management of the environment. For off premise models, you are provisioned within one of EMC’s shared clouds, such as VPN-over Internet, MPLS, or a leased line. Off Prem ise M odel If you desire to be provisioned within one of EMC’s shared clouds, EMC provides for three multiple private network connections into your Documentum as a Service virtual private cloud. Factors to consider when choosing type of connectivity are outlined in the table below. Approach Cost Reliability Scalability Security VPN-overInternet Low Subject to the variability and congestion of the Internet Requires increasing Internet capacity, which may be complex for some organizations End-to-end IPSEC encryption MPLS Moderate Allows prioritization of traffic and establishment of quality of service levels Can be easily scaled depending on endpoint connection selected Not typically encrypted, relies on network carrier for isolation and security Leased Line High Committed and predictable Most difficult to scale due to dedicated nature of the connection Very secure since no aspect of the circuit is shared Most Documentum as a Service customers opt for the VPN-over-Internet approach for connectivity. VPN provides a low cost approach that is typically quick and easy to get started with. Other options can always be deployed later as use cases change or if issues arise with latency, bandwidth, etc. 1 - Typical Off Premise Networking Connectivity On-Prem ise M odel If you desire an on-premise deployment of your Documentum as a Service, network connectivity is a bit different. In this case, EMC will provision a management circuit that will connect directly with our on-premise equipment to enable ongoing monitoring and management of the environment. You would provide a resilient network uplink into the EMC equipment. This connection is typically firewalled from your primary network as illustrated in the on-premise networking model. You would also provide connectivity between EMC equipment located at the primary site and located at the recovery site, which would be used for data replication in the event of a disaster. This connectivity is optional as EMC can also provide interconnection as part of our service. 25 EMC Documentum As A Service – Services Capabilities Overview EMC Documentum As A Service Roles and Responsibilities EMC Documentum as a Service provides various options for management and control of your data. The following table outlines the variety of services activities that relate to the products/business solutions. Note: Assume service activities relate to the products/business solutions covered by the EMC scope of service Activity Group Incident Management Critical Situation Management Problem Management Note: For OD only engagements, the Client is responsible for diagnosing the root cause of issues in the business logic layer. This can be done with the assistance of EMC Product Support # 'Platform' refers to infrastructure layers, up to and including the ECD product layer Operational Change and Release Management TYPE Application Managed Services Documentum as a Service -EMC responsible for management of platform only Documentum as a Service -EMC responsible for management of platform and application Off Prem On Prem Off Prem Client Infra On Prem Off Prem Client Infra Service Desk Client Client Client Client Client Client Client Level 1 Support Client Client Client Client Client Client Client Level 2 and 3 Support EMC Client Client Client EMC EMC Shared End User Assistance EMC Client Client Client EMC EMC EMC Event Management Client EMC EMC Client EMC EMC Client Service Restoration EMC EMC EMC EMC EMC EMC EMC Shared Shared Shared Shared Shared Shared Shared Application / Business Solution RCA EMC Client Client Client EMC EMC EMC Platform RCA # EMC EMC EMC EMC EMC EMC EMC Initiate Corrective Actions Application / Business Solution EMC Client Client Client EMC EMC EMC Initiate Corrective Actions ECD Solution Stack EMC EMC EMC EMC EMC EMC EMC Initiate Corrective Actions Infrastructure Client EMC EMC Client EMC EMC Client Request Logging Client Shared Shared Shared Shared Shared Shared Evaluate/Impact Analysis Shared Shared Shared Shared EMC EMC Shared Problem Control Authorize Client Client Client Client Client Client Client Schedule Shared Shared Shared Shared Shared Shared Shared Deploy Application / Business Solution EMC Client Client Client EMC EMC EMC Deploy ECD Solution Stack EMC EMC EMC EMC EMC EMC EMC Deploy Infrastructure Stack Client EMC EMC Client EMC EMC Client Configuration Management Asset tracking (CMDB) Client EMC EMC Shared EMC EMC Shared Application Request Logging Client Client Client Client Client Client Client Note: This section refers to Operational Changes (not changes to application functionality) that may impact the availability of the system. 26 EMC Documentum As A Service – Services Capabilities Overview Note: Assume service activities relate to the products/business solutions covered by the EMC scope of service Change and Release Management Application Managed Services Documentum as a Service -EMC responsible for management of platform only Documentum as a Service -EMC responsible for management of platform and application Evaluate/Analysis Develop Business Case Client Client Client Client Client Client Client Note: Solution development activities are the responsibility of the client. EMC will execute the deployment of application changes in Test and Production environments upon receipt of an installation package and an authorized Change Request Authorize Client Client Client Client Client Client Client Design and build, customize, configure Client Client Client Client Client Client Client Regression, Performance and Acceptance Testing Client Client Client Client Client Client Client Shared Shared Shared Shared Shared Shared Shared Production Deployment EMC EMC EMC EMC EMC EMC EMC Request Fulfillment Service Desk Client Client Client Client Client Client Client Process Management Client Client Client Client Client Client Client User Account Management Client Client Client Client Client Client Client Standard Work Requests EMC Client Client Client EMC EMC EMC Non Standard Work Requests EMC Client Client Client EMC EMC EMC Administration EMC Client Client Client EMC EMC EMC Monitoring & Event Response Client EMC EMC EMC EMC EMC EMC Patching EMC EMC EMC EMC EMC EMC EMC Upgrade Client EMC EMC EMC EMC EMC EMC System & Integration Testing EMC Client Client Client EMC EMC EMC Regression & Acceptance Testing Client Client Client Client Client Client Client Administration Client EMC EMC EMC EMC EMC EMC Monitoring & Event Response Client EMC EMC EMC EMC EMC EMC Patching Client EMC EMC EMC EMC EMC EMC Upgrade Client EMC EMC EMC EMC EMC EMC Pre-Production Deployment Action Requests IT Operations EMC Product/Solution Stack Management Testing Software Infrastructure Management Testing 27 EMC Documentum As A Service – Services Capabilities Overview Note: Assume service activities relate to the products/business solutions covered by the EMC scope of service Virtualization Layer Management Application Managed Services Documentum as a Service -EMC responsible for management of platform only Documentum as a Service -EMC responsible for management of platform and application System & Integration Testing Client EMC EMC EMC EMC EMC EMC Regression & Acceptance Testing Client Client Client Client Client Client Client Administration Client EMC EMC Client EMC EMC Client Monitoring & Event Response Client EMC EMC Client EMC EMC Client Patching Client EMC EMC Client EMC EMC Client Upgrade Client EMC EMC Client EMC EMC Client System & Integration Testing Client EMC EMC Client EMC EMC Client Administration Client EMC EMC Client EMC EMC Client Monitoring & Event Response Client EMC EMC Client EMC EMC Client Patching Client EMC EMC Client EMC EMC Client Upgrade Client EMC EMC Client EMC EMC Client System & Integration Testing Client EMC EMC Client EMC EMC Client Administration Client EMC EMC Client EMC EMC Client Monitoring & Event Response Client EMC EMC Client EMC EMC Client Patching Client EMC EMC Client EMC EMC Client Upgrade Client EMC EMC Client EMC EMC Client System & Integration Testing Client EMC EMC Client EMC EMC Client Monitoring & Event Response Client EMC EMC Client EMC EMC Client SIEM Client EMC EMC Client EMC EMC Client Penetration Testing Client EMC EMC Client EMC EMC Client Anti-virus & Antimalware Client EMC EMC Client EMC EMC Client Physical Facilities Client EMC EMC Client EMC EMC Client Utilities Client EMC EMC Client EMC EMC Client Physical Security Client EMC EMC Client EMC EMC Client Personnel Client EMC EMC Client EMC EMC Client Primary Site Backup Client EMC EMC Client EMC EMC Client Off-site Replication Client EMC EMC Client EMC EMC Client Provision DR Site Client EMC EMC Client EMC EMC Client Testing Hardware Infrastructure Management Testing Network Operations Testing Security Administration Data Center Services BACKUP AND DR MANAGEMENT 28 EMC Documentum As A Service – Services Capabilities Overview Note: Assume service activities relate to the products/business solutions covered by the EMC scope of service 29 Application Managed Services Documentum as a Service -EMC responsible for management of platform only Documentum as a Service -EMC responsible for management of platform and application EMC Documentum As A Service – Services Capabilities Overview EMC Documentum As A Service Security EMC Documentum as a Service has a multi-layer security approach that sets these services apart from a typical cloud provider. We have multiple layers of security implemented inside and outside of our infrastructure, with all pieces working together as one system instead of functioning as a collection of independent parts. Security has been architected into the Documentum as a Service solution allowing technologies to be applied at inception and become integrated components in the solution. ECD worked with experts from RSA, VMware, VCE, and EMC to choose best-of-breed technologies to apply to the Documentum as a Service solution. From Security Information and Event Management (SIEM) tools to virtualization-optimized anti-malware and Data-At-Rest-Encryption, ECD selected technologies and layered them into the architecture. In addition, ECD supported all those foundational technologies with strong ITIL controls, routine audits, penetration testing, and more to ensure on-going management and continual improvements into the Documentum as a Service solution. Data Center Security Tier 3 & 4 Data centers SSAE16 Segregated cages Provides physical separation and containment Physical access to authorized personnel only Access list reviewed regularly to ensure it is current and accurate Detailed access audit trail Audit logs are reviewed regularly to ensure compliance with access control Employee background checks Performed at hiring and periodically thereafter Security monitoring 24x7x365 Staffed security onsite at data center EMC data centers and controls are designed with superior physical security in mind to prevent unauthorized access. Network Security Redundant perimeter firewalls Allows for routine patches and updates to OS without impact to platform Intrusion detection on physical components Physical layer intrusion attempts are monitored and relayed to SIEM tool Security log aggregation, correlation, and analysis SIEM tool applied to entire site and aggregated between sites for enhanced security intelligence Intrusion detection on virtual networks Intrusion detection for all virtual servers deployed in environment, events are monitored and relayed to SIEM tool Strong virtual network separation Use of virtual network separation allows for only defined group of MAC addresses to participate in network Regular penetration testing Ensures ongoing viability of perimeter defenses and internal controls Routine vulnerability scanning and remediation Validates patching and configuration of physical and virtual resources and feeds information into patch management process Server Security Hardened operating systems and databases Apply industry standard validation to OS and database configuration Managed OS patches and updates Routinely assess available patches and apply according to risk Virtual patching technology for Microsoft security issues Virtual IPDS tool updates rule set to profile network patterns from known vulnerability exploits, effectively “patching” against Microsoft vulnerabilities as soon as they are released 30 EMC Documentum As A Service – Services Capabilities Overview Hardened VMware hypervisors Apply industry standard validation to hypervisor configuration Unnecessary services disabled Only required services are enabled on servers to reduce their attack vectors Password security policies Strong password security is enforced across all resources Malware protection optimized for virtual environments Virtually optimized anti malware platform eliminates virus storm issues and ensure that all servers are automatically protected Resource availability monitoring Detects anomalies in resource consumption (CPU/RAM/Disk) which could be the result of malware or attack Data at rest encryption Available data at rest encryption for any virtual server to help ensure compliance requirements are met Blocking malicious activity at the network perimeter prevents suspicious and malicious traffic from ever entering our infrastructure. These security measures add protection and increase performance by eliminating unwanted traffic to servers. Security for the network layer is crucial to prevent and monitor unauthorized access, misuse, or modification of network-accessible resources. All customer environments are isolated and secured at the network level. The server is the layer of defense closest to the application. Ensuring attack vectors are limited and points of entry are hardened is extremely important in solidifying overall security posture and keeping important data safe. Every server is hardened at deployment exceeding compliance mandates. Application Security Discrete application deployment You have your own discrete set of servers deployed for your applications. We don’t share virtual servers among multiple customers. Application performance monitoring Detects anomalies in application performance which could be the result of malware or attack Secured communication protocols All protocols can be secured to ensure end-to-end data protection Principle of least access applied to data flows Discrete firewall rules are applied to allow only defined traffic to flow in and out of the environment Using best practice application deployments that have been tuned through years of experience helps ensure your Documentum as a Service environments will be there when you need them. By layering in additional controls for end-to-end encryption and restricting traffic, we provide additional layers of security beyond a typical on-premise installation. Administrative Security Site-to-site IPSEC VPN Allows private connection with relatively inexpensive bandwidth. (See Networking Section of this document for details.) MPLS termination Allows private connection with predictable bandwidth and latency. (See Networking Section of this document for details.) Secure portal for user management Enables self-service administration of the small community of user identities maintained for your Documentum administration personnel, xPression designers, and Captiva operators. Bastion host for EMC administration access Provides an air gap between the EMC network and the Documentum as a Service data centers. Also allows for blocking of services like file transfer into and out of our environments. As a private cloud, we rely on private connections to allow your users access to the Documentum as a Service environments. To that end, we enabled several connection methodologies detailed in the Networking Section of this document. We also ensured the EMC administration team could safely and effectively manage our environments while maintaining strong separation from EMC’s other networks and resources. 31 EMC Documentum As A Service – Services Capabilities Overview Governance Complete incident lifecycle management Utilizing standard ITIL practices for incident and problem management, including continuous improvement Rigid change control process Ensures that changes are documented, vetted, reviewed, scheduled, and implemented following standard industry practices Documented Standards, Policies, and Procedures Provide for consistent, controlled management of the entire service SSAE16 certification via annual audit Provides third part attestation that controls are in place and followed Specialized security incident response team Enables fast response to any detected incident to shut down any attack and ensure you are notified of any potential data loss as well as providing for investigation and analysis Rigid and responsible governance is core to delivering a secure, reliable, and available service, but these are not static processes either; they evolve as you do as we develop better approaches and apply new technologies. End User Authentication EMC Documentum as a Service supports the LDAP/LDAPS mechanism of directory servers that have been certified with EMC Documentum Content Server. This requires you to open your firewall to the Documentum Server running in the EMC Documentum as a Service data center facility to your on-premise LDAP system via LDAP or LDAPS connection in order to synchronize userids, user groups, and to authenticate userid/passwords. You must create an LDAP service account with privileges as documented in the standard EMC Documentum Content Server documentation to perform these functions. For select Documentum clients (for example, recent versions of Documentum Webtop and D2), EMC Documentum as a Service supports integration with your Identity Provider (IdP) through support for the SAML 2.0 standard. This support still requires Documentum LDAP/LDAPS sync to manage user accounts in Documentum and will not function properly without it. However, SAML integration offers two significant advantages over using LDAP/LDAPS sync alone: 1. User credentials are not entered into the Documentum Clients and sent through the network. User credentials are entered into your choice of IdP on your network. They are not sent to EMC Documentum as a Service. 2. Once a user enters credentials into your IdP, you can set up the system to authenticate to any number of systems, including EMC Documentum as a Service, in a single-sign-on fashion. Should you configure your systems properly, Documentum users will not need to enter their credentials again. EMC Documentum as a Service supports the LDAP mechanism of directory servers that have been certified with EMC Document Sciences xPression. This requires you to open your firewall to the xPression Server running in the EMC Documentum as a Service data center facility to your on-premise LDAP system via LDAP connection in order to authenticate userid/passwords and retrieve group assignments. You must create an LDAP service account with privileges as documented in the standard EMC Document Sciences xPression documentation to perform these functions. 32 EMC Documentum As A Service – Services Capabilities Overview Summary In this document we’ve tried to show how you can rapidly and securely leverage the economies of the cloud by deploying Enterprise Content Management (ECM) through EMC Documentum as a Service. EMC Documentum as a Service eliminates the need for in-house expertise and expanded infrastructure, because it’s fully managed and dynamically scaled by EMC—whether delivered from our site or yours. With Documentum as a Service, we believe that any enterprise can better capitalize on its information assets while streamlining its operations. Put succinctly, it will help you “save, simplify, and transform.” EMC Documentum as a Service brings together the leaders in content management: EMC Documentum, EMC Captiva, EMC InfoArchive, and EMC Document Sciences from EMC Enterprise Content Division; EMC storage; EMC security from RSA; virtualization from VMware; and Vblock partners Cisco and Intel—all under one roof, and available to you where and when needed. It’s a new era for Enterprise Content Management in the cloud as organizations transform into the digital age to gain competitive advantage and provide an uncompromising user experience. About ECD Services EMC Enterprise Content Division (ECD) Services accelerates today’s digital enterprise through world-class technical and industry expertise coupled with end-to-end service capabilities that deliver content management cloud solutions, empower end users, and enable successful project implementations while mitigating risk. Our 500+ services experts worldwide, plus global network of partners, have the skills, knowledge, and experience organizations need to get the maximum value from their EMC software investments. CONTACT US To learn more about how EMC products, solutions, and services can help solve your business and IT challenges, contact your local representative. Solution Principal or email us at [email protected] or visit us at www.EMC.com/Documentum. 33 EMC2, EMC, the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware are registered trademarks or trademarks of VMware, Inc., in the United States and other jurisdictions. All other trademarks used herein are the property of their respective owners. © Copyright 2016 EMC Corporation. All rights reserved. Published in the USA. 1/2016 EMC Documentum As A Service Service Capabilities Brief H12128.3 EMC believes the information in this document is accurate as of its publication date. The information is subject to change without notice.