...

EMC DOCUMENTUM AS A SERVICE Se rvices Capabilities Overview

by user

on
Category: Documents
27

views

Report

Comments

Transcript

EMC DOCUMENTUM AS A SERVICE Se rvices Capabilities Overview
EMC MSOD - Services Brief
EMC DOCUMENTUM AS A SERVICE
Services Capabilities Overview
SERVICES CAPABILITIES OVERVIEW
TABLE OF CONTENTS
THE NECESSITY AND CHALLENGE OF ENTERPRISE CONTENT MANAGEMENT ...................................................... 3 WHAT IS EMC DOCUMENTUM AS A SERVICE? ................................................................................................ 4 EMC DOCUMENTUM AS A SERVICE CATALOG ................................................................................................ 9 APPLICATION MANAGED SERVICES ........................................................................................................... 14 UPGRADE, UPDATE, & PATCH MANAGEMENT .............................................................................................. 16 SOFTWARE UPDATE PROCESS .................................................................................................................. 18 TRANSITIONING TO EMC DOCUMENTUM AS A SERVICE ................................................................................. 23 NETWORK CONNECTIVITY REQUIREMENTS ................................................................................................. 25 EMC DOCUMENTUM AS A SERVICE ROLES AND RESPONSIBILITIES ................................................................. 26 EMC DOCUMENTUM AS A SERVICE SECURITY ............................................................................................. 30 2
EMC Documentum As A Service – Services Capabilities Overview
The Necessity and Challenge of Enterprise Content Management
Every business is now in the information business. No matter what its product or service,
an organization that learns to manage and capitalize on the ever-increasing flow of chat,
images, video, voice, posts, blogs, email, documents and scans in today’s Digital
Enterprise will prosper. An organization that fails to capture, manage, analyze,
communicate, and properly govern their information, will fall behind.
“Effective Enterprise
Content Management can
transform IT from a cost
center to a growth engine.”
Successful transformation to a digital
enterprise means the role of the IT
professional—as we know it today—has
changed, and changed dramatically. Every IT
department must now go beyond merely
enabling and protecting information, to
harvesting and leveraging it for business
advantage.
For larger organizations, the crucial transformation comes with the deployment of true
Enterprise Content Management (ECM). Only an enterprise-class ECM solution can
capture, locate, govern, create and leverage content for the global digital enterprise.
The business challenges of supporting enterprise-scale, mission critical ECM
applications can be daunting, including how to:
•
Make systems rapidly available to decrease the time to value of ECM solutions
•
Reduce costs to manage systems and combat increasingly high IT chargeback costs
associated with enterprise applications
•
Increase competitiveness and improve speed to market of new business processes
•
Improve performance to increase user satisfaction and customer responsiveness
•
Use operating expense (OPEX) funds for both the licensing and running of the ECM
system versus hard to come by capital expense (CAPEX) funds
Enter Managed Services
For most companies, the answer will eventually lie in outsourcing the management of
the ECM environment along with the critical ECM applications and solutions. As we move
forward, it has become clear that only an “as-a-Service” model will adequately and costeffectively cope with the challenge of managing enterprise-scale ECM systems, let alone
the added value of managing in the cloud to capitalize on the data explosion
experienced by the digital enterprise. Only this software deployment model provides an
optimal ROI that’s both manageable and predictable. Think of it as historic symmetry:
The Internet created the situation, and the Internet must solve it.
“As-a-Service” in the cloud refers to any IT service provided over the Internet and
available to any computer, any time. Specifically, EMC® Documentum® as a Service
delivers an entire platform and set of applications and solutions that can be offered as a
service for public, private or hybrid clouds or can solely focus on the management of onpremise ECM applications.
3
Enterprise-Class Content
Management in the Cloud
Many vendors offer simple file storage in
the cloud or provide portals and
platforms for customers to develop their
own content solutions. While many cloudbased content management solutions
provide useful services to their users, it’s
important to understand the difference
between these products and Enterprise
Content Management systems built to
support
mission
critical
business
processes.
Enterprise
class
ECM
provides
governance,
security,
and
(most
importantly), context for all forms of
information: not just documents, but
blogs, chat, email, audio, video, and rich
media. Silos, in which information is
typically stored by legacy applications
(e.g. ERP) or cloud-based filing systems
(e.g. DropBox), disappear providing a
central repository for all content,
including federated search, and enforces
information policies automatically as
content is created.
If major organizations fail to provide this
level of content management in the
cloud, users are likely to create their own
ungoverned
accounts
with
public
services, further scattering corporate
information.
EMC Documentum As A Service – Services Capabilities Overview
What is EMC Documentum as a Service?
When EMC set out to offer their flagship EMC® Documentum®, EMC® Captiva®, EMC® InfoArchive® and EMC® Document Sciences xPression®
products as services delivered from the cloud, the EMC Enterprise Content Division (ECD) teamed up with Storage and RSA® Security divisions
and with VMware® to create a revolutionary “Purpose-Built” cloud offering unlike anything else available in the market.
This “Purpose Built” cloud offering encompasses the following characteristics often deficient in the cloud marketplace:
• Minimizes Installation of EMC Technology: Virtualize the server side of our products as well as the desktop side
• Provides the Highest Level of Security: Must be as solid as the most hardened on-premise data centers
• Ensures that Everything is Pre-installed and Optimally Configured for Rapid Startup: You no longer have to wait months for access to a fully
functional baseline EMC deployment
• Integrates with Existing Filing and Collaboration products: Allows you to leverage your existing investments
• Offers Freedom of Use: Provides you the flexibility to configure application like a traditional on-premise installation
The last point is crucial. Cloud-as-a-Service typically force-fits organizations into a standard way of building applications, leaving little room for the
kind of flexibility required in enterprise-class deployments. We created a balance that enables enterprises and partners to build fully customized
solutions while ensuring a solid, pre-built backend infrastructure managed by EMC experts.
Advantages of the ‘As A Service M odel’
The “As a Service” model, offered by EMC, is remotely managed by product and operational EMC experts and may be hosted in the cloud or
deployed on premise. It offers you the best opportunity to cut business risk and accelerate the benefits of Enterprise Content Management. A fully
managed stack offers quicker start-up, expert administration, a lower Total Cost of Ownership (TCO), dynamic scalability, and Service Level
Agreements (SLAs) for disaster recovery and high availability.
In the end, it’s all about leverage. Only EMC Documentum as a Service allows you to fully leverage a common infrastructure for ECM, leverage
pre-tested configurations, and leverage outside expertise. You don’t have to worry about the mechanics of server farms and product
configurations. Your own best people are freed from patching, monitoring, and routine maintenance so they can turn their attention to more
productive work—like building specific solutions for business users and seeking innovative strategies to continually move business forward.
W hy EMC Documentum as a Service?
The cost and complexity of implementing and maintaining a mission critical enterprise ECM system can be overwhelming. Factors include not just
a enterprise content management solution, operating systems, database servers, and virtualization infrastructures, but also security
administration, scalability, upgrades, disaster planning, third-party application purchases, application integration, support, recruiting, and
retaining expertise.
EMC Documentum as a Service brings Documentum, Captiva, InfoArchive and Document Sciences xPression to the cloud, leveraging the
strengths of EMC, RSA® and VMware® in cloud information management, storage, security, and virtualization. You can now capitalize on the
benefits of cloud, backed by EMC experts who eliminated the hassle of deploying, upgrading and managing an optimized ECM environment.
4
EMC Documentum As A Service – Services Capabilities Overview
Some key business benefits of EMC Documentum as a Service include:
• Single Point Accountability – EMC who built the
software provides expertise for the partial or entire stack
including applications and solutions
• Simplicity – Fully optimized, pre-configured system, fully
managed by EMC experts alleviates the hassles of inhouse management and operation
• Agility – Rapid realization of business value and ability to
easily scale to meet your business demands
• Security – Highly secure environments employing latest
security technologies with the necessary data center
certifications and compliance
• Cost – Eliminate hefty upfront capital outlays to a
manageable and predictable operating expense and lowers
your overall TCO
• Flexibility – Choice of cloud deployment and service models to meet your
IT requirements allow you to focus on providing additional value add
for your business
EMC Documentum as a Service solves the following challenges faced by any IT organization:
• Upfront capital costs required to implement new or
upgrade in-house systems
• High operating costs (labor, infrastructure and overhead)
required to develop, manage and maintain in-house
systems
• Mandates to increase ROI and business value from existing
technology investments
• End-user dissatisfaction with the timeliness or performance
of ECM deployments
• Hard to find skills and expertise to develop and manage
ECM solutions
• Need to deliver the highest level of security and reliability
for ECM applications and improve availability and disaster
recovery preparedness
Leverage as M uch Technology and Service as Needed
EMC Documentum as a Service provides the
flexibility to manage any or all components of the
stack, from Infrastructure through ECD software to
the application. You can choose services using
hardware owned by EMC in both an on-premise and
off premise data center model, or the service can run
on customer-owned hardware in an on-premise data
center model. This allows EMC to work with you to
tailor solutions that best fit your IT and business
requirements.
5
EMC Documentum As A Service – Services Capabilities Overview
The different components within the stack that may be managed by EMC Documentum as a Service are:
• Data Center: Facility where hardware infrastructure resides
• Hardware Infrastructure: All physical hardware used for the service
• Platform Software: Software required to run and administer the service
• ECD Software: ECD software products
• Application: All components associated with your specific solution
The service operations that can be provided by EMC Documentum as a Service are:
• Request Fulfillment: Provides a mechanism for users to request and receive administrative assistance
• Incident & problem Management: Focuses on restoring service that has been disrupted by an adverse event (Incident
Management) and determines the root cause of major incidents, with the aim of taking preventive action to avoid future
occurrences (Problem Management)
• Change, Release & Configuration Management: Manages the approval and deployment of Change Requests, while
maintaining site documentation and configuration information
• Event Monitoring & alert response: Provides a “finger on the pulse” of key system performance and health indicators
to enable the early detection of issues and enable system administrators to take preventive measures to avoid incidents
• Provisioning, Upgrading & Patching; Provisioning of new environments and the installation, upgrade and patching of
solution components
• Capacity, Performance & Availability Management: Delivers a regular review of capacity and performance metrics
to maintain optimal system stability and performance
• Access & Security Management: Manage access to the Customer Systems and/or EMC ECD Cloud Services in
accordance to the Customer Policies and Customer Service Management Processes
• Backup, Recovery & Disaster Recovery: Technology and processes to protect Customer systems and data against
system failures or disasters
Cloud Deployment Options
EMC offers you choice when it comes to deploying ECD content management applications and solutions. You can deploy and rollout ECM
environments in the cloud through one of the following four cloud deployment models:
1.
Off Premise Cloud
2.
On-premise Cloud - EMC owned infrastructure platform
3.
On-premise Cloud - Customer owned infrastructure platform
4.
Hybrid Cloud
Off Premise Cloud
In this cloud deployment mode, the Off Premise data centers are managed by EMC via a third-party colocation agreement. These agreements are
for dedicated physical (caged) space, network, and power. The contracted third-party data center providers guarantee 100% uptime for network
connectivity, power, and relevant environmental controls. EMC owns all hardware components within this dedicated space. Our data center
providers have SSAE 16 certification reports that can be shared with you under a Non-Disclosure Agreement (NDA). EMC owns and manages the
infrastructure platform within the data centers.
Note: EMC Documentum as a Service has separation of duties in the form of data center operations, information security and networking, and application support. Permissions to specific
administrative functions are only provided to personnel in charge of the systems and networks they support.
On-Premise Cloud – EMC-Owned Infrastructure Platform
On-premise data center facilities are owned and managed by you or a third-party facility that is contracted by you. EMC does not own the facility or
contract with the third-party data center provider. The party responsible for the data center is responsible for providing EMC with dedicated
6
EMC Documentum As A Service – Services Capabilities Overview
physical space, appropriate environmental controls, network, and power in order for EMC to install, configure, and manage the EMC-owned
hardware and platform software.
Note: EMC recommends that on-premise data centers have a Tier 3+ rating holding a current SSAE 16 SOC I Type II certification that is renewed annually.
On-Premise Cloud – Customer-Owned Infrastructure Platform
On-premise data center facilities and infrastructure platforms are owned and managed by you or a third-party facility that is contracted by you.
EMC does not own the facility or infrastructure platform. The parties responsible for the data center and infrastructure platform are responsible
for providing EMC with hardware and platform software in order for EMC to install and configure the ECD software products. EMC works with you
to refine the requirements of the infrastructure platform based on the ECD software and overall system volumes.
Note: EMC recommends that on-premise data centers have a Tier 3+ rating holding a current SSAE 16 SOC I Type II certification that is renewed annually.
Hybrid Cloud Model
This flexible deployment option allows you to use an
on-premise data center for a primary environment
and an off premise data center for a secondary
environment.
Documentum as a Service Options
EMC Documentum as a Service offers you flexible managed service options when it comes to leveraging EMC expertise to manage ECD software
and applications. There are three service models below giving you choice on which service best meets your business and IT requirements. The
first two service models must be combined with any one of the four cloud deployment models above while EMC Application Managed Services is
provided as a standalone service, separate from any of the EMC cloud deployment models.
Management of ECD Software and Applications
In this service management model, EMC
manages the ECD software stack and the
applications developed on ECD software
products. This service, when coupled with a
cloud deployment model in which EMC
owns the infrastructure platform, provides
you the most comprehensive set of
enterprise class services. EMC manages the
complete stack, either in an EMC or
customer-controlled data center, from
infrastructure platform and ECD software to
the administration of applications. You do
not need to staff full-time experts to deploy,
manage, update, or administer ECD
software allowing you to focus resources on
critical business needs such as the design
and development of new solutions to drive
incremental business value.
7
EMC Documentum As A Service – Services Capabilities Overview
Management of ECD Software
EMC manages, patches, upgrades and
optimizes the ECD software products. You
do not need to staff full-time experts to
deploy, manage, or update/upgrade ECD
software. However, you are responsible
for the design and development of all
application-specific configurations and
customizations. EMC will deploy the
application-specific customizations as
part of the service. Additionally, you are
responsible for user management and
the operation of the administrative tools
for your applications.
EMC Application Managed Service
EMC Application Managed Services is a
standalone offering that can be
combined with any of the EMC cloud
deployment options. It provides
operational support and administrative
assistance for the ECD software, your
application layer and business users for
existing in-house implemented ECD
products and solutions. Refer to the
section on Application Managed Services
to learn more about what is included.
.
8
EMC Documentum As A Service – Services Capabilities Overview
EMC Documentum as a Service Catalog
EMC offers a comprehensive set of enterprise class options that allow you to uniquely tailor the services to best fit your business and IT
requirements. This service catalog highlights standard features included in EMC Documentum as a Service and the various services options in
addition to opportunities for customization.
Table Legend
• EMC Documentum as a Service:
EMC is responsible for and manages the complete solution from the infrastructure through to the ECD software platform and business
specific application configurations. This is available both on premise and off-premise.
• EMC Application Managed Services:
EMC is responsible for and manages the application and platform on customer provided infrastructure.
For both of these service offerings we also support customers taking on the responsibility for management of their applications. In this
model, EMC management expertise is focused on maintaining the integrity of the Documentum platform and associated components, while
customer resources focus on managing the application specific configurations and customizations.
Service Level Objectives
The Service Level Objectives (SLOs) only cover EMC Documentum as a Service running in EMC On-Premise or EMC Off-Premise data centers as
indicated in the tables below. If customer provides the infrastructure, SLAs/SLOs relating to the infrastructure will need to be incorporated into
the EMC service agreement before EMC SLOs can apply. These SLOs do not replace or augment your existing EMC Software warranty and/or
maintenance agreement in any way.
DOCUMENTUM AS A SERVICE
STANDARD SERVICE LEVEL OBJECTIVES (SLOS)
AVAILABILITY EXCLUDING MAINTENANCE
*99.90%
AVAILABILITY INCLUDING MAINTENANCE
*98.0%
RECOVERY POINT OBJECTIVE (RPO)
*24 hours (customizable to 4 hours)
RECOVERY TIME OBJECTIVE (RTO)
* -3 days (customizable to 4 hours)
ENCRYPTED ONSITE BACKUP: PRIMARY DATA CENTER
Environment and Data
ENCRYPTED OFFSITE BACKUP: SECONDARY DATA CENTER
Environment and Data
BACKUP RETENTION
CONNECTION TYPE
NUMBER OF ENVIRONMENTS
*1 Month (customizable to 12+ months)
*Private
DEV, TEST, & PROD
*
* Customized to customer requirements
Service Definitions
Each item in the above Service Level Objectives table is defined as follows:
• “Availability” is measured as the number of minutes a resource is available within a given month divided by the number of total minutes
within the same calendar month. For example,
9
o
44,640 minutes in July – 10 minutes of resource downtime = 44,630 minutes of availability
o
44,630 / 44,460 = 0.9998
EMC Documentum As A Service – Services Capabilities Overview
o
The availability for the resource in the month of July is 99.98%
• “Availability Excluding Maintenance” is measured as the number of minutes a resource is available outside of scheduled
maintenance within a given month divided by the number of total minutes within the same calendar month. For example,
o
The resource was unavailable for 60 minutes in July due to scheduled maintenance activities
o
The resource did not have any unscheduled downtime in July
o
The resource availability, excluding maintenance, for July is 100%
• “Availability Including Maintenance” is measured as the total number of minutes a resource is available, including scheduled
maintenance, within a given month divided by the number of total minutes within the same calendar month. For example,
o
The resource was unavailable for 60 minutes in July due to scheduled maintenance activities
o
The resource had 10 minutes of unscheduled downtime in July
o
44,640 minutes in July – 70 minutes of resource downtime = 44,570 minutes of availability
o
44,360 / 44,460 = 0.9998
o
The availability for the resource in the month of July is 99.84%
Availability calculations inside of Scheduled Maintenance Windows are exclusive of downtime due to any customer requested Category 4 event
and regularly scheduled Category 5 events as defined in the Update Categories table in the Upgrade, Update, & Patch Management section of
this document.
• “Recovery Point Objective (RPO)” is the maximum period in which data might be lost due to a targeted event
• “Recovery Time Objective (RTO)” is the duration of time for full system restore of the Production environment in off-site
(recovery/secondary) data center post the declaration of a catastrophic failure of a primary data center
Robust Data Center Infrastructure
In order to avoid disasters, it is important to have robust data centers that offer infrastructure with built-in physical protection and redundancy.
EMC requires that all data centers used for EMC Documentum as a Service be rated as minimally Tier 3 data centers with current SSAE 16
compliance.
DOCUMENTUM AS A SERVICE
STANDARD SERVICE
ACCESS CONTROL & PHYSICAL SECURITY
ü
ENVIRONMENTAL CONTROLS & FIRE SUPPRESSION
ü
POWER & NETWORK
ü
COMPUTER INFRASTRUCTURE & REDUNDANCY
ü
TIER 3+ DATA CENTERS
ü
HIPAA
ü
SSAE 16 REPORTS
ü
LOCATIONS
10
USA – Eastern, USA – Western
Netherlands – Amsterdam, Germany – Nuremberg
Customer Premise
EMC Documentum As A Service – Services Capabilities Overview
The data center infrastructure for EMC Documentum as a Service includes, but is not limited to:
Access Control and Physical Security
• 24-hour manned security, including foot patrols and perimeter inspections
• Dedicated concrete-walled data center rooms
• Documentum as a Service equipment in access-controlled steel cages
• Video surveillance throughout the facility and perimeter
• Building engineered to withstand local environmental risks, such as strong winds, flooding, seismic events, etc.
Environmental Controls
• Humidity and temperature control
• Redundant (N+1) cooling system
Power
• Underground utility power feed
• Redundant (N+1) CPS/UPS systems
• Redundant (N+1) diesel generators with on-site diesel fuel storage
• Fully redundant power distribution units (PDUs)
Network
• Fully redundant internal networks
• Carrier neutral; connects to all major carriers and located near major Internet hubs
• High bandwidth capacity
Fire Detection and Suppression
• Very early smoke detection apparatus and fire suppression
Multi-Vendor Data Center Approach
• Primary and secondary data centers are provided by different vendors to prevent propagation of procedural failures
Computer Infrastructure Quality and Redundancy
• Scalable compute resources
• At least N+1 redundancy
• Enterprise-class EMC Storage
• Multipath fiber connectivity
• Enterprise-class networking components
• Multipath switch connectivity
• Hardware failures are repaired or replaced within 4 hours
• Cold spares for critical components
11
EMC Documentum As A Service – Services Capabilities Overview
Infrastructure Services
1
DOCUMENTUM AS A SERVICE
STANDARD SERVICE
COMPUTER HARDWARE MAINTENANCE & UPGRADES
ü
NETWORK HARDWARE MAINTENANCE & UPGRADES
ü
INFRASTRUCTURE SOFTWARE MAINTENANCE & UPGRADES
•
QUARTERLY SCHEDULED MAINTENANCE WINDOW
ü
EMC SOFTWARE MAINTENANCE & UPGRADES
•
UPDATES: PATCHES & HOTFIXES
•
UPGRADES: NEW SOFTWARE VERSIONS
ü
MONITORING: STORAGE & NETWORK HEALTH
2
•
HOST AVAILABILITY
•
CPU CONSUMPTION
•
MEMORY CONSUMPTION
•
DISK CONSUMPTION
ü
MONITORING: TRAFFIC, UTILIZATION, & BANDWIDTH
ü
MONITORING: APPLICATION HEALTH
ü
MONITORING: SECURITY HEALTH
ü
VIRUS & MALWARE DETECTION
ü
Monitoring includes both point in time (e.g., exceeding threshold, status) and trending over time (changes in normal behavior)
MONTHLY REPORTS
3
AVAILABILITY
ü
CAPACITY TRENDING
ü
Ongoing Environment Monitoring
Extensive, ongoing monitoring of data center resources is provided to proactively identify any issues with the Documentum as a Service
environment.
Comprehensive Backup Procedures
The EMC Administration team follows rigid backup procedures to protect content, metadata and search indexes, as well as any special code or
configurations within your Documentum as a Service environment.
Availability Report
EMC Documentum as a Service offers a standard monthly “Availability Report” that contains server name, number of hours of available time in
month, number of total hours in month, number of hours of scheduled maintenance activities in month, Availability exclusive of scheduled
maintenance, and Availability inclusive of scheduled maintenance.
12
EMC Documentum As A Service – Services Capabilities Overview
Resource Name
Downtime Including
Maintenance (minutes)
Uptime Including
Maintenance
Downtime Excluding
Maintenance (minutes)
Uptime Excluding
Maintenance
CTSTD-CUSTX
60
99.87%
0
100%
CTSTP-CUSTX
70
99.84%
10
99.98%
Service Governance
The Service Governance Controls for EMC Documentum as a Service include, but are not limited to:
DOCUMENTUM AS A SERVICE
STANDARD SERVICE
SECURITY & RISK MANAGEMENT
•
SECURITY-HARDENED CONFIGURATIONS
•
ANTI-MALWARE OPTIMIZED FOR VIRTUAL ENVIRONMENTS
•
GRANULAR ACCESS CONTROL AND AUDITING CAPABILITIES
•
CHANGE CONTROL FOR ANY ALTERATIONS BY EMC STAFF
•
KEY PROCESSES ENABLED FOR CENTRAL MONITORING
•
RESOURCE CONSUMPTION MONITORING (CPU/RAM/DISK)
•
PATCHED ACCORDING TO RISK
ü
POLICY & COMPLIANCE MANAGEMENT
ü
INCIDENT & PROBLEM MANAGEMENT
ü
CHANGE MANAGEMENT
ü
IQ/OQ DOCUMENTATION FOR LIFE SCIENCES
ü
ACTIVE DIRECTORY (LDAP/LDAPS) SYNC
ü
SAML 2.0 SUPPORT
ü
DOCUMENTUM INLINE USERS
ü
SSAE SOC I TYPE II CERTIFICATION
ü
SSAE SOC II TYPE II CERTIFICATION
*
HIPAA/HITECH
ü
* Planned but not yet available.
13
EMC Documentum As A Service – Services Capabilities Overview
Application Managed Services
Application Managed Services provides operational support and administrative assistance for your application layer and its users.
APPLICATION MANAGED SERVICES
STANDARDS
REQUEST FULFILLMENT
ü INCIDENT MANAGEMENT
ü END USER ASSISTANCE
ü APPLICATION SUPPORT
ü PROBLEM MANAGEMENT
ü CHANGE AND RELEASE MANAGEMENT
ü SERVICE MANAGEMENT
ü PROGRAM OF WORK MEETING
Weekly SERVICE REVIEW MEETING
Monthly GOVERNANCE MEETING
Annually Request Fulfillment
This service element enables you to log requests for administrative assistance. Requests are of two types, Standard Requests and Non-Standard
Requests. A Standard Request is defined as part of a Standard Request Catalog. The type of request that can be made will depend on the
installed products, but example Standard Request Catalogs are available for each product or solution covered by the service.
Below is an example of a Standard Request Catalog for a Documentum D2® Life Sciences solution:
• Create new User
• Modify user Properties or Re-assign or Inactivate existing user in Documentum
• Create new group/ new role in Documentum
• Modify / Reassign existing group in Documentum
• Create new ACL/Permission set in Documentum
• Modify or Delete Permission set
• Apply existing ACL/permission set to multiple folders or documents
• Unlock single “Checked-out” document
• Change the owner of documents or folders
• Create a new Folder (Single Folder)
• Delete an existing folder (Single Folder)
• Restore a single document (Prior to DMClean run)
• Add user to a Group/Role
• Documentum User Access Level Report (Documents or Folders)
• Workflow-related (Aborting, Resuming, Delegating, Changing the WF supervisor)
• Report generation for preexisting report types
14
EMC Documentum As A Service – Services Capabilities Overview
Non-Standard Requests are often complex in nature and may require analysis and scoping to determine efforts required to execute them. As a
result they are generally deemed out of scope; however, EMC can manage the qualification, approval and execution of Non-Standard Requests
with the work being undertaken on a time and materials basis. The list below provides examples of some activities that would be deemed NonStandard Requests:
• Ad-hoc Report generation using DQL’s Or Using MyInsight for Documentum (formerly eDRG) from Amplexor (formerly named Euroscript). E.g.
o Doc Expire report
o Creation and Approval report
o Print Report
• Audit trail reports (Multiple Documents)
• Creation/deletion of multiple Folder structures and ACLs
• Bulk creation or deletion of users, groups
• Change owner of multiple documents or folders
• Apply existing ACL to multiple folders or documents
• Bulk updates of metadata for folders or documents
• Add document type or folder types
• LSSV Bulk upload
• Any changes to D2 –Configuration, e.g. Manage Pick list values (Adding/remove/modify Values), etc.
End User Assistance and Application Support
End User Assistance and Application Support provides a mechanism for your business users to log assistance requests and issues they
encounter in relation to their use of your application. These may range from simple “how to” type questions to issues with customizations or
application specific processes. The inclusion of Application Support in a Documentum as a Service engagement enables EMC to capture and
manage application specific administration tasks, such as managing jobs or executing application specific administrative tasks, such as
procedures for regular data uploads.
Problem Management
For major Incidents or recurring incidents that collectively result in significant disruption to business users, Problem Management will conduct a
Root Cause Analysis to identify the underlying cause(s) and provide recommendations to eliminate them from the application environment.
Change and Release Management
Application Managed Services will:
• Participate in your Change Management process to evaluate the impact of any change that may affect in-scope applications
• Develop technical release plans for implementing approved changes
• Deploy approved changes and perform system testing in pre-production and production environments
Benefits of Application M anaged Services
Application Managed Services improves the adoption of new business solutions by improving your user experience. EMC does this through a
combination of:
• Proactive application management to increasing solution stability
• Effective resolution processes combined with a depth of experience to reducing the impact of issues on the business
• Efficient execution of administrative tasks to provide a responsive service to business users
Experience has shown that such an environment helps drive confidence and innovation in an organization’s use of EMC’s technologies. The result
is a platform that evolves with the business and an increased return from the investment made in EMC products and solutions.
15
EMC Documentum As A Service – Services Capabilities Overview
Upgrade, Update, & Patch Management
EMC has a first-class process for ongoing maintenance that keeps all environments in Documentum as a Service highly available, stable, and
secure. EMC partners with you to identify and agree upon outage windows and notification procedures to ensure that any necessary downtime for
updates does not adversely impact your business.
The following items are included in maintenance activities completed as part of Documentum as a Service:
• Hardware Updates
o Infrastructure Software Updates:
o Operating Systems, Application Servers, and RDBMS
o Relevant Dependent Vendor Third-Party Software: e.g. Java, ActiveX
o Virtualization Software
o Security & Monitoring Software
o Administration Software for Hardware Components
• Documentum as a Service Portal Updates
• EMC ECD Product & Solution Updates deployed in Documentum as a Service
• EMC Partner Product & Solution Updates deployed in Documentum as a Service
Update Categories
The following table describes the categories of updates included in Documentum as a Service:
Details
Categories
Description
Example Updates
Outage
Characteristics
Customer
Influence
Notice 1
Expected
Frequency 2
EMC Documentum as a Service Platform Updates
Category 1:
Critical EMC
Documentum
as a Service
Platform
Updates
Category 2:
Optimal EMC
Documentum
as a Service
Platform
Updates and
Upgrades
• Patches required to maintain
a highly available and secure
software/hardware platform
• Emergency hardware
maintenance
• Critical Operating
system patches
• Virus signature
and engine
updates
• Rare
• Rolling outage is
planned during
customer’s
predefined
maintenance window
• None
• Updates are
deployed per
schedule in order
to ensure
continued security
and operation of
the EMC
Documentum as a
Service platform
Minimum 3
days
4x per year
• Patches or upgrades required
to optimize or harden the
software or hardware
platform
• May provide platform
improvements and new
features
• Upgrades to keep
components in a supported
state
• Hardware replacement/
upgrades/updates
• EMC Documentum
as a Service Portal
upgrades
• vShield firewall
upgrade
• VMware View
remote desktop
upgrade
If an outage is required
and can be done with a
rolling outage,
customers will be
allowed to reschedule
the outage window
within a 4 week
timeframe during a
regular maintenance
window
• None
• Customer must
take the update
Minimum 30
days
4x per year
Solution provider
controlled but applied
on a rolling basis
within the customer’s
maintenance window
Minimum 30
days
Maximum 1x per
year
EMC Express Solutions
Category 3:
Optimal EMC
Express
Solution
Updates and
Upgrades
16
• Patches or upgrades required
to optimize the solution
• May provide solution
improvements & new
features
• Upgrades to keep solutions in
a supported state
• Capital Express
Solution service
packs or version
upgrades
• Life Sciences
Solution service
packs or version
upgrades
One application
environment at a time
would be taken down to
apply the update
EMC Documentum As A Service – Services Capabilities Overview
EMC Product
Category 4:
Critical EMC
Product
Updates
Category 5:
Optimal EMC
Product
Updates
• Patches to maintain a highly
available and secure product
upon which to construct an
application
• xPression single
package hot fix
• Captiva,
Documentum, out
of cycle hot fix
One environment at a
time would be taken
down to apply the
update
• When resolving
critical product
issues, upon
customer request
only
• As required by a
Category 1 or 2
Update
Minimum 3
days or by
customer
request
4x per year or by
customer request
• Patches and upgrades to
optimize the product
• May provide product
improvements & new
features
• Upgrades to keep products in
a supported state
• xPression 4.5
patch 1 to
xPression 4.5
patch 2
• Captiva InputAccel
Server 7.0 to
Captiva InputAccel
7.1
• Documentum
Content Server 7.1
to Documentum
Content Server 7.1
SP1
One environment at a
time would be taken
down to apply the
update
Updates may be
postponed based on
custom class of
service, such as what
is negotiated and
defined by a
customized
agreement.
Minimum 30
days
Maximum 1x per
year
1. Notice via approach defined in the section pertaining to SLOs and will include description of affected servers, services, and components as well as expected downtimes for each.
2. Expected Frequency is a general estimate. Due to the dependencies on third-party products (such as operating systems, application servers, databases, hardware components, etc.)
the frequency of updates is very difficult to predict. We will strive to consolidate updates to reduce the overall frequency of scheduled downtimes, but reserve the right to require
scheduled activities during our published downtime window as frequently as required to maintain the secure, reliable operation of the EMC Documentum as a Service.
Scheduled Maintenance W indows
Each customer contract contains a mutually acceptable Scheduled Maintenance Window that Documentum as a Service may utilize for
deployment of planned updates. Maintenance is conducted during the scheduled window and is not expected to use the entire window every
week. The standard monthly availability for production environments with scheduled maintenance is 98%. Availability calculations inside of
Scheduled Maintenance Windows are exclusive of downtime due to customer-requested Category 4 events and regularly scheduled Category 3
and Category 5 events.
Non-Service Interruption Infrastructure Updates
Updates to the supporting infrastructure of the Documentum as a Service environment that do not require service interruption will be completed
at the discretion of the EMC administration team without maintenance notification as a standard practice.
17
EMC Documentum As A Service – Services Capabilities Overview
Software Update Process
This following provides an overview of the EMC Documentum as a Service process for upgrading and patching all deployed software:
Research: Gather Inform ation on New Software Releases
Documentum as a Service will maintain a comprehensive record of all deployed software, including infrastructure software and the software
stack deployed in your environment. In order to determine what updates are available, assigned subject matter experts (SMEs) review standard
software product update tools and information available to all licensed customers. These tools vary by software product, yet can be automated
update verification tools such as Windows Update or EMC Tech Alerts sent via product specific support advisory subscriptions. Once this
information has been gathered, it is categorized into a release type and submitted for review as part of the Analyze phase.
Infrastructure Software Release Terminology Example
Release Type
Description
Major
A major release contains an architectural change and/or several significant features.
Minor
A minor release contains one significant feature or several small ones.
Service Pack
A service pack contains two or more bug fixes. It may not contain new features.
Hotfix
A hotfix is a single bug fix.
EMC ECD Release Definitions
EMC Documentum as a Service deploys the same General Availability (GA) software releases that EMC customers can download from the
download center (https://emc.subscribenet.com). Special software builds are not created for Documentum as a Service environments. This
means that the EMC administration team is dependent on the same ECD software release cycles and availability as On-Premise customers.
Understanding ECD’s software release process is necessary to better understanding the flow and availability of software to environments
managed by EMC.
18
EMC Documentum As A Service – Services Capabilities Overview
The following tables describe the applicable software categories used for analysis:
ECD Software Release Terminology
Release Type
Example
Description
Major
7.x, 8.x
Software that includes significant features and code corrections. May include architectural changes.
Minor
7.1, 7.1.1
Software that includes minor features and code corrections. May include significant features.
Service Pack
7.1 SP2
Software that includes code corrections. Not intended to include features, but may include minor features upon
exception.
Patch Rollup
7.1 SP2 P01
Software that is a group of code corrections. Does not include new features.
Out of cycle hotfix
/Hotfix
7.1 SP2 P01
HF1
Software that is a single code correction for a specific issue. Does not include new features.
1) Major Release – 7.x, 8.x:
A Major Release is ECD software that includes significant features and code corrections. A Major Release may include architectural changes.
In most scenarios, ECD will release all primary components of an ECD software solution stack as part of a Major Release. These releases
generally include supportability with more current releases of operating systems, databases, applications, and platform software such as
Java. EMC Partner and other third-party add-ons for ECD software typically require a corresponding update in order to be compatible with a
Major Release.
2) Minor Release – 7.1, 7.1.1:
A Minor Release is ECD software that includes minor features and code corrections. A Minor Release may not include architectural changes,
but may include significant features. In most scenarios, EMC will release all primary components of an ECD software solution stack as part of
Minor Release. These releases generally include supportability with more current releases of operating systems, databases, applications, and
platform software such as Java. EMC Partner and other third-party add-ons for ECD software typically require a corresponding update in order
to be compatible with a Minor Release.
3) Service Pack Release – 7.1 SP1, 7.1 SP2:
A Service Pack is ECD Software that includes code corrections applicable to a Major Release. Service Pack releases are not intended to be a
feature release, but may include minor features upon exception. These releases may include supportability with more current releases of
operating systems, databases, applications, and platform software such as Java. Service Pack Releases may require updates to multiple
products in order to achieve a software stack documented as supported and compatible. EMC Partner and other third-party add-ons for ECD
software may require a corresponding update in order to be compatible with a Service Pack Release. The code corrections and any features
included in Service Pack Releases are included in subsequent Major and Minor Releases.
4) Patch Rollup Release – 7.0 SP2 P01
A Patch Rollup is software that contains a group of code corrections and does not include new features. This type of release typically does not
adversely impact other software components in the software stack, including EMC Partner and Third-Party add-ons. The code corrections
included in Patch Rollup Releases are included in subsequent Major and Minor Releases.
Out-of-cycle Hot Fix and Hot Fixes – 7.0 SP2 P01 HF1
An out-of-cycle Patch and Hot Fixes are code corrections for specific urgent customer-specific issues. Not all issues result in an Out-of-cycle or
hot fix due to the complexity of the fix. If the software problem encountered is part of the GA software, then the fix will be included in the
subsequent Patch Rollup Release. If the code correction is not generally applicable to all customers, then it may not necessarily be included in
the subsequent Patch Rollup Release.
19
EMC Documentum As A Service – Services Capabilities Overview
Analyze: Determine Upgrade & Update Viability
There are several factors to consider when determining timely and appropriate updates for environments managed by the EMC. Some of these
factors include, but are not limited to, the following:
• Documentum as a Service Update Category
o
Categories 1-5
• Complexity Associated with Release Type
o
Major, Minor, Service Pack, and Patch Rollup Release
• End of Service Life (EOSL) Date of the Product Version that is Currently Deployed
• Enterprise Software Customer Adoption of Infrastructure Software Releases
• EMC Customer Adoption of New Software Version
o
New Deployments and Upgrades
o
On-Premise and Documentum as a Service
• Impact on the Full Software Stack
o
Infrastructure Software Updates: Optional and Required
o
Compatibility with Other Deployed ECD Software
o
Compatibility with Other Deployed EMC Partner and Third-party Add-On Software
o
ECD Software Updates: Optional and Required
o
EMC Partner and Third-Party Add-On Software
• Risks associated with an Upgrade
• Anticipated Impact to the Customer
o
Compatibility with New and Existing Customizations
o
Regression Testing: Planning and Execution
o
Anticipated Duration of Downtime for Upgrade
Once these factors are investigated, relevant updates are designated as candidates for scheduled maintenance. EMC has a team of experts that
meet frequently to review and plan scheduled maintenance activities. This review includes existing candidates for scheduled maintenance in
addition to new candidates designated as relevant via research activities. A package of software patches and/or upgrades is approved for
verification at the end of the Analyze phase for scheduled maintenance.
EMC ECD Product Information
You can keep up-to-date with EMC ECD product notifications, service life information, and other important product specific information via the
“Support by Product” section of https://support.emc.com. All EMC ECD products managed by EMC within Documentum as a Service must be in a
supported state with a minimum of Enhanced Support in order to ensure complete 24x7 coverage for products and services. Products that are
designated EOSL are eligible for additional Extended Support Services.
Verify: Testing and Confirm ation of Updates & Upgrades
In order to maximize the efficiency, minimize risks, and verify overall applicability of a software upgrade within a Documentum as a Service
environment, members of the EMC R&D team will verify the documented deployment process of the GA software in an internal lab environment.
The environments managed in the lab contain a representative sample of the core ECD products installed in applicable Documentum as a
Service environments in order to assess compatibility risks with the new product. Only default product configurations are tested. Therefore, when
you approve the upgrade you are still required to adequately plan time and resources to test the compatibility of customizations deployed within
your environment.
20
EMC Documentum As A Service – Services Capabilities Overview
The types of changes included in Major Releases, Minor Releases, and Service Packs typically include a level of complexity that requires
deployment testing in order to minimize risks. Before Major Releases are considered for availability within Documentum as a Service, the GA
product documentation is used by members of the R&D team to verify installation and upgrade steps in the Documentum as a Service lab. This
testing process is designed to verify installation procedures and compatibility between software components in the core ECD software stack
deployed within Documentum as a Service environments. EMC performs additional sanity testing to further ensure quality and stability. Once the
deployment testing has been deemed successful, the installation and upgrade steps are scripted to ensure consistency in deployment, reduce
chances of human error, and minimize system downtime for you.
Major Releases, Minor Releases, and Service Packs typically require extended downtime for deployment. The extended downtime would need to
be precisely planned and include time for installation, your specific configuration changes, customization upgrades for tailored usability and
functionality, and extensive regression testing by you. As a result, you may not desire to upgrade to every new release upon GA. Therefore, not all
Major Releases, Minor Releases, and Service Packs are pre-approved for availability within the Documentum as a Service environment.
Patch Rollup Releases have a lower level of regression and compatibility impact to the deployed environment and related customizations.
Before Patch Rollup Releases are considered for availability within Documentum as a Service, the GA product documentation is used by members
of the R&D team to verify installation and upgrade steps in the Documentum as a Service lab. This testing process is designed to verify
installation procedures and compatibility between the affected software components of EMC ECD software deployed within Documentum as a
Service environments. The GA documentation can be verified in the lab without any need for scripts and can be approved for deployment within
Documentum as a Service environments quickly and efficiently. Unlike larger feature inclusive releases, the downtime required for the
deployment of Patch Rollup Releases typically can be kept within standard maintenance windows. Given the reduced deployment risk of these
types of releases, you should only need to regression test the items listed in the GA Release Notes published for that specific Patch Rollup
Release. All Patch Rollup Releases can be made available for deployment within Documentum as a Service at your request.
Out-of-Cycle Patches and Hot Fixes have the least amount of risk of any type of software upgrade. Before Out-of-Cycle Patches and Hot
Fixes are considered for availability within Documentum as a Service, the GA product documentation is used by members of the R&D team to
verify installation and upgrade steps in the Documentum as a Service lab. This testing process is designed to verify installation procedures and
compatibility between the affected software components of ECD software deployed within Documentum as a Service environments. The GA
documentation can be verified in the lab without any need for scripts and can be approved for deployment within Documentum as a Service
environments quickly and efficiently. Given the significantly reduced deployment risk of these types of releases, you should only need to
regression test any items affected by the release. EMC ECD R&D may not be able to create an Out-of-Cycle Patch or Hot Fix if the complexity of
the issue requires a larger and more comprehensive software release.
Schedule: Coordinate with Custom ers
An ECM Service Delivery Manager works with you to get prior approval for any software update that affects your application usage. Please refer to
previous Update Categories table for details on when you would be notified.
Customer Responsibility Pre-Deployment
You need to get an internal change request approved if needed as per your process. The update should be reviewed and test plan created
accordingly. Release notes for the update should be reviewed and any configuration or customization updates required should be considered and
planned. Deployment plan for all environments should be created.
Deploy: Implementation of Updates & Upgrades
After the update is successfully tested in the Documentum as a Service lab environment, deployment in your environment can proceed. An EMC
Service Delivery Manager will manage the update as per the mutually agreed upon deployment plan.
An EMC Product Specialist will take the snapshot of the environment prior to any update. Each environment update starting from sandbox/dev,
test and production is done separately and one at a time. After each environment is smoke tested, it is handed over to you for regression testing.
After you confirm that deployment is successful then the subsequent environment is updated as per the schedule defined in the deployment
plan. Snapshot is deleted after the environment is successfully tested and confirmed.
21
EMC Documentum As A Service – Services Capabilities Overview
Customer Responsibilities Post Deployment
As per the pre-defined test plan, an environment should be tested by you. Based on the release notes review, all test cases should be considered.
Upon successful completion of testing, approval to deploy the update in subsequent environment should be given. If testing fails, you would need
to work with EMC Cloud Services resources and ECD Support to find the root cause of the issue and the resolution.
Record
All new customer Service Requests (SR) are entered in Oracle/CSI to track the progress and activities of the fix. This service request will be owned
by the EMC team and is separate from the service request owned by ECD product support.
The update SR is to remain open until the update has been successfully promoted to your Documentum as a Service environment(s). Once you
confirm by successfully testing the environments, then the SR can be closed.
Notify
All customer communications are coordinated by an EMC Service Delivery Manager and an EMC Services Product Specialist for software updates.
You will be notified after each environment’s deployment and smoke testing is completed. The specific open Service Request will be closed upon
successful deployment in all environments and communication sent to you.
Customer Customization Updates
You are responsible for configuration management and versioning control of customized files. You have specific access permissions to each
environment. Refer to proceeding Documentum as a Service Access section in this document for details on access allowed.
You can deploy customized updates to the development environments and perform the testing. Upon successful testing, you can request to
deploy the updates into the test and production environments. This is done by creating a new SR providing details of what needs to be deployed
and in what environment. Proceed with caution when requesting changes in the production environment. It should only be requested after the
updates have been thoroughly tested in the DEV and TEST environments. The test plans should be all inclusive of all scenarios to avoid any issue
in the production system.
The EMC Cloud Services Product Specialists will record the activities in the open SR and deploy the updates as per your instructions in the
requested environment. The EMC Cloud Service Product Specialists will verify that all environments have the same updates and there is no
discrepancy. Once the updates are completed in all environments and successfully tested, the SR can be closed.
22
EMC Documentum As A Service – Services Capabilities Overview
Transitioning to EMC Documentum as a Service
EMC Professional Services, an EMC certified partner or you may design the migration approach and perform the migration services. EMC
Professional Services specializes in designing and performing migration services by leveraging the technical resources within the organization
that developed and supports the migration application. You can leverage this expertise by using EMC Professional Services to assist with the
design and performance of the migration services.
Copying the Repository from the Customer Environment
EMC recommends that EMC Professional Services be engaged to design the approach and perform the migration services.
Content files and the Database data files can be copied into the Documentum as a Service production environment over the private VPN
connection. If the filestore size is significant, we recommend using a differential copy program like Robocopy to start the copying process early on
in the project timeline. A final differential copy should be run on the go-live day to ensure that all content has been moved over to the
Documentum as a Service environment.
The filestore size and timeline should be considered in formulating the migration approach defined in the contract. The time it takes to load
should be tested and verified to ensure it meets the customer required timeframe. Integrity of the data is verified by the customer.
This model assumes that the source (your environment from where we are migrating) and Target (Documentum as a Service environment) match
exactly:
• OS and version of the Documentum Content Server match exactly
• OS and DB version match exactly
• Docbase Repository name and ID match exactly
• Docbase meets the Documentum as a Service guidelines (cleanup performed and clear of consistency check errors)
Loading Using a Tool
EMC Professional Services, an EMC certified partner or you may design the migration approach and perform the migration services.
In this model, migration is from source to target using a migration tool that performs extract, transformation and load. Loading should be specific
to Documentum version and the SQL database deployed in the Documentum as a Service environment. Integrity of the data should be verified
and is not the responsibility of the EMC Cloud Services team.
There are certain limitations when running the migration tool:
• A temporary database repository owner password can be provided for the migration period. This password would be changed after the
migration is finished.
• Temporarily the customer share is mounted on Documentum as a Service but not Documentum as a Service storage on customer side.
• Ongoing migration requiring super user access is not allowed.
• If the ongoing migration can be done by just using Documentum admin rights (not Windows system admin rights) with the migration tool,
then it can be configured.
M igration Tool Deploym ent
Documentum as a Service has a pre-built catalog of applications that EMC takes responsibility for installing, configuring, monitoring, scaling,
tuning, patching, and upgrading. The team also leverages the technical resources within the organization that developed the application and is
responsible for supporting it. This enables EMC to meet the contractual level of system availability and maintainability.
The Migration tool is not included in this pre-built catalog of applications. EMC’s recommendation is for you or EMC Professional Services to
install it on VMs on your side to communicate with Documentum as a Service servers. By having this on-premise, you have full control to make
any changes and customizations when needed.
23
EMC Documentum As A Service – Services Capabilities Overview
Deploying either an EMC developed migration tool or third-party tool to Documentum as a Service would require a contractual agreement on cost
and deliverables. Any third-party tool installation in a Documentum as a Service environment needs to go through rigorous change management
process ensuring the feasibility, compatibility and maintenance of the tool to ensure the security and system availability EMC promises.
The deployment and working of the tool within the Documentum as a Service environment has to follow the access defined in the next section. If
the tool requires access beyond what is allowed, then it is not feasible for it to be deployed in a Documentum as a Service environment.
Documentum As A Service Access
Documentum as a Service has achieved the highest level of data center certifications in the entire EMC ecosystem. We are unable to retain these
certifications should we grant administrator or super user access outside of the EMC Cloud Services team. Doing so would break documented
processes and procedures. Breaking those procedures would result in failure of audits against our certifications, loss of certifications, and loss of
customers relying upon us to retain those certifications. For example, a fundamental standard for running data centers and Information
Technology is change management and tracking. Before EMC makes any change to a data center for any reason, even a development
environment, we create a change control record and document the changes. When we grant administrator rights outside of EMC Documentum as
a Service, we lose that control, and there is no way to guarantee all changes are properly documented, as EMC is not performing the changes. No
super user access can be given to you in the Documentum as a Service Test and Production environments.
• A temporary Database repository owner password can be given before the production starts to migrate. After migration, the password would
need to be changed.
• A Windows system admin right for any environment is not allowed. However, Documentum admin rights are given.
24
EMC Documentum As A Service – Services Capabilities Overview
Network Connectivity Requirements
EMC Documentum as a Service provides both on-premise and off premise cloud models. For on-premise models, EMC connects the your data
directly with our on-premise equipment to enable ongoing monitoring and management of the environment. For off premise models, you are
provisioned within one of EMC’s shared clouds, such as VPN-over Internet, MPLS, or a leased line.
Off Prem ise M odel
If you desire to be provisioned within one of EMC’s shared clouds, EMC provides for three multiple private network connections into your
Documentum as a Service virtual private cloud. Factors to consider when choosing type of connectivity are outlined in the table below.
Approach
Cost
Reliability
Scalability
Security
VPN-overInternet
Low
Subject to the variability and congestion of
the Internet
Requires increasing Internet capacity, which
may be complex for some organizations
End-to-end IPSEC encryption
MPLS
Moderate
Allows prioritization of traffic and
establishment of quality of service levels
Can be easily scaled depending on endpoint
connection selected
Not typically encrypted, relies on
network carrier for isolation and
security
Leased Line
High
Committed and predictable
Most difficult to scale due to dedicated nature of
the connection
Very secure since no aspect of
the circuit is shared
Most Documentum as a Service customers opt for the VPN-over-Internet approach for connectivity. VPN provides a low cost approach that is
typically quick and easy to get started with. Other options can always be deployed later as use cases change or if issues arise with latency,
bandwidth, etc.
1 - Typical Off Premise Networking Connectivity
On-Prem ise M odel
If you desire an on-premise deployment of your Documentum as a Service, network connectivity is a bit different. In this case, EMC will provision a
management circuit that will connect directly with our on-premise equipment to enable ongoing monitoring and management of the environment.
You would provide a resilient network uplink into the EMC equipment. This connection is typically firewalled from your primary network as
illustrated in the on-premise networking model.
You would also provide connectivity between EMC equipment located at the primary site and located at the recovery site, which would be used for
data replication in the event of a disaster. This connectivity is optional as EMC can also provide interconnection as part of our service.
25
EMC Documentum As A Service – Services Capabilities Overview
EMC Documentum As A Service Roles and Responsibilities
EMC Documentum as a Service provides various options for management and control of your data. The following table outlines the variety of
services activities that relate to the products/business solutions.
Note: Assume service activities relate to the
products/business solutions covered by the EMC
scope of service
Activity Group
Incident
Management
Critical Situation
Management
Problem
Management
Note: For OD only
engagements, the
Client is responsible
for diagnosing the
root cause of issues
in the business
logic layer. This can
be done with the
assistance of EMC
Product Support
# 'Platform' refers
to infrastructure
layers, up to and
including the ECD
product layer
Operational
Change and
Release
Management
TYPE
Application
Managed
Services
Documentum as a Service -EMC responsible for
management of platform only
Documentum as a Service -EMC responsible for
management of platform and
application
Off Prem
On Prem
Off Prem
Client Infra
On Prem
Off Prem
Client Infra
Service Desk
Client
Client
Client
Client
Client
Client
Client
Level 1 Support
Client
Client
Client
Client
Client
Client
Client
Level 2 and 3 Support
EMC
Client
Client
Client
EMC
EMC
Shared
End User Assistance
EMC
Client
Client
Client
EMC
EMC
EMC
Event Management
Client
EMC
EMC
Client
EMC
EMC
Client
Service Restoration
EMC
EMC
EMC
EMC
EMC
EMC
EMC
Shared
Shared
Shared
Shared
Shared
Shared
Shared
Application / Business
Solution RCA
EMC
Client
Client
Client
EMC
EMC
EMC
Platform RCA #
EMC
EMC
EMC
EMC
EMC
EMC
EMC
Initiate Corrective
Actions Application /
Business Solution
EMC
Client
Client
Client
EMC
EMC
EMC
Initiate Corrective
Actions ECD Solution
Stack
EMC
EMC
EMC
EMC
EMC
EMC
EMC
Initiate Corrective
Actions Infrastructure
Client
EMC
EMC
Client
EMC
EMC
Client
Request Logging
Client
Shared
Shared
Shared
Shared
Shared
Shared
Evaluate/Impact
Analysis
Shared
Shared
Shared
Shared
EMC
EMC
Shared
Problem Control
Authorize
Client
Client
Client
Client
Client
Client
Client
Schedule
Shared
Shared
Shared
Shared
Shared
Shared
Shared
Deploy Application /
Business Solution
EMC
Client
Client
Client
EMC
EMC
EMC
Deploy ECD Solution
Stack
EMC
EMC
EMC
EMC
EMC
EMC
EMC
Deploy Infrastructure
Stack
Client
EMC
EMC
Client
EMC
EMC
Client
Configuration
Management
Asset tracking (CMDB)
Client
EMC
EMC
Shared
EMC
EMC
Shared
Application
Request Logging
Client
Client
Client
Client
Client
Client
Client
Note: This section
refers to
Operational
Changes (not
changes to
application
functionality) that
may impact the
availability of the
system.
26
EMC Documentum As A Service – Services Capabilities Overview
Note: Assume service activities relate to the
products/business solutions covered by the EMC
scope of service
Change and
Release
Management
Application
Managed
Services
Documentum as a Service -EMC responsible for
management of platform only
Documentum as a Service -EMC responsible for
management of platform and
application
Evaluate/Analysis
Develop Business
Case
Client
Client
Client
Client
Client
Client
Client
Note: Solution
development
activities are the
responsibility of the
client. EMC will
execute the
deployment of
application changes
in Test and
Production
environments upon
receipt of an
installation package
and an authorized
Change Request
Authorize
Client
Client
Client
Client
Client
Client
Client
Design and build,
customize, configure
Client
Client
Client
Client
Client
Client
Client
Regression,
Performance and
Acceptance Testing
Client
Client
Client
Client
Client
Client
Client
Shared
Shared
Shared
Shared
Shared
Shared
Shared
Production
Deployment
EMC
EMC
EMC
EMC
EMC
EMC
EMC
Request
Fulfillment
Service Desk
Client
Client
Client
Client
Client
Client
Client
Process Management
Client
Client
Client
Client
Client
Client
Client
User Account
Management
Client
Client
Client
Client
Client
Client
Client
Standard Work
Requests
EMC
Client
Client
Client
EMC
EMC
EMC
Non Standard Work
Requests
EMC
Client
Client
Client
EMC
EMC
EMC
Administration
EMC
Client
Client
Client
EMC
EMC
EMC
Monitoring & Event
Response
Client
EMC
EMC
EMC
EMC
EMC
EMC
Patching
EMC
EMC
EMC
EMC
EMC
EMC
EMC
Upgrade
Client
EMC
EMC
EMC
EMC
EMC
EMC
System & Integration
Testing
EMC
Client
Client
Client
EMC
EMC
EMC
Regression &
Acceptance Testing
Client
Client
Client
Client
Client
Client
Client
Administration
Client
EMC
EMC
EMC
EMC
EMC
EMC
Monitoring & Event
Response
Client
EMC
EMC
EMC
EMC
EMC
EMC
Patching
Client
EMC
EMC
EMC
EMC
EMC
EMC
Upgrade
Client
EMC
EMC
EMC
EMC
EMC
EMC
Pre-Production
Deployment
Action Requests
IT Operations
EMC
Product/Solution
Stack
Management
Testing
Software
Infrastructure
Management
Testing
27
EMC Documentum As A Service – Services Capabilities Overview
Note: Assume service activities relate to the
products/business solutions covered by the EMC
scope of service
Virtualization
Layer
Management
Application
Managed
Services
Documentum as a Service -EMC responsible for
management of platform only
Documentum as a Service -EMC responsible for
management of platform and
application
System & Integration
Testing
Client
EMC
EMC
EMC
EMC
EMC
EMC
Regression &
Acceptance Testing
Client
Client
Client
Client
Client
Client
Client
Administration
Client
EMC
EMC
Client
EMC
EMC
Client
Monitoring & Event
Response
Client
EMC
EMC
Client
EMC
EMC
Client
Patching
Client
EMC
EMC
Client
EMC
EMC
Client
Upgrade
Client
EMC
EMC
Client
EMC
EMC
Client
System & Integration
Testing
Client
EMC
EMC
Client
EMC
EMC
Client
Administration
Client
EMC
EMC
Client
EMC
EMC
Client
Monitoring & Event
Response
Client
EMC
EMC
Client
EMC
EMC
Client
Patching
Client
EMC
EMC
Client
EMC
EMC
Client
Upgrade
Client
EMC
EMC
Client
EMC
EMC
Client
System & Integration
Testing
Client
EMC
EMC
Client
EMC
EMC
Client
Administration
Client
EMC
EMC
Client
EMC
EMC
Client
Monitoring & Event
Response
Client
EMC
EMC
Client
EMC
EMC
Client
Patching
Client
EMC
EMC
Client
EMC
EMC
Client
Upgrade
Client
EMC
EMC
Client
EMC
EMC
Client
System & Integration
Testing
Client
EMC
EMC
Client
EMC
EMC
Client
Monitoring & Event
Response
Client
EMC
EMC
Client
EMC
EMC
Client
SIEM
Client
EMC
EMC
Client
EMC
EMC
Client
Penetration Testing
Client
EMC
EMC
Client
EMC
EMC
Client
Anti-virus & Antimalware
Client
EMC
EMC
Client
EMC
EMC
Client
Physical Facilities
Client
EMC
EMC
Client
EMC
EMC
Client
Utilities
Client
EMC
EMC
Client
EMC
EMC
Client
Physical Security
Client
EMC
EMC
Client
EMC
EMC
Client
Personnel
Client
EMC
EMC
Client
EMC
EMC
Client
Primary Site Backup
Client
EMC
EMC
Client
EMC
EMC
Client
Off-site Replication
Client
EMC
EMC
Client
EMC
EMC
Client
Provision DR Site
Client
EMC
EMC
Client
EMC
EMC
Client
Testing
Hardware
Infrastructure
Management
Testing
Network
Operations
Testing
Security
Administration
Data Center
Services
BACKUP AND DR
MANAGEMENT
28
EMC Documentum As A Service – Services Capabilities Overview
Note: Assume service activities relate to the
products/business solutions covered by the EMC
scope of service
29
Application
Managed
Services
Documentum as a Service -EMC responsible for
management of platform only
Documentum as a Service -EMC responsible for
management of platform and
application
EMC Documentum As A Service – Services Capabilities Overview
EMC Documentum As A Service Security
EMC Documentum as a Service has a multi-layer security approach that sets these services apart from a typical cloud provider. We have multiple
layers of security implemented inside and outside of our infrastructure, with all pieces working together as one system instead of functioning as a
collection of independent parts. Security has been architected into the Documentum as a Service solution allowing technologies to be applied at
inception and become integrated components in the solution.
ECD worked with experts from RSA, VMware, VCE, and EMC to choose best-of-breed technologies to apply to the Documentum as a Service
solution. From Security Information and Event Management (SIEM) tools to virtualization-optimized anti-malware and Data-At-Rest-Encryption,
ECD selected technologies and layered them into the architecture.
In addition, ECD supported all those foundational technologies with strong ITIL controls, routine audits, penetration testing, and more to ensure
on-going management and continual improvements into the Documentum as a Service solution.
Data Center Security
Tier 3 & 4 Data centers
SSAE16
Segregated cages
Provides physical separation and containment
Physical access to authorized personnel only
Access list reviewed regularly to ensure it is current and accurate
Detailed access audit trail
Audit logs are reviewed regularly to ensure compliance with access control
Employee background checks
Performed at hiring and periodically thereafter
Security monitoring 24x7x365
Staffed security onsite at data center
EMC data centers and controls are designed with superior physical security in mind to prevent unauthorized access.
Network Security
Redundant perimeter firewalls
Allows for routine patches and updates to OS without impact to platform
Intrusion detection on physical components
Physical layer intrusion attempts are monitored and relayed to SIEM tool
Security log aggregation, correlation, and analysis
SIEM tool applied to entire site and aggregated between sites for enhanced security
intelligence
Intrusion detection on virtual networks
Intrusion detection for all virtual servers deployed in environment, events are monitored and
relayed to SIEM tool
Strong virtual network separation
Use of virtual network separation allows for only defined group of MAC addresses to participate
in network
Regular penetration testing
Ensures ongoing viability of perimeter defenses and internal controls
Routine vulnerability scanning and remediation
Validates patching and configuration of physical and virtual resources and feeds information
into patch management process
Server Security
Hardened operating systems and databases
Apply industry standard validation to OS and database configuration
Managed OS patches and updates
Routinely assess available patches and apply according to risk
Virtual patching technology for Microsoft security issues
Virtual IPDS tool updates rule set to profile network patterns from known vulnerability exploits,
effectively “patching” against Microsoft vulnerabilities as soon as they are released
30
EMC Documentum As A Service – Services Capabilities Overview
Hardened VMware hypervisors
Apply industry standard validation to hypervisor configuration
Unnecessary services disabled
Only required services are enabled on servers to reduce their attack vectors
Password security policies
Strong password security is enforced across all resources
Malware protection optimized for virtual environments
Virtually optimized anti malware platform eliminates virus storm issues and ensure that all
servers are automatically protected
Resource availability monitoring
Detects anomalies in resource consumption (CPU/RAM/Disk) which could be the result of
malware or attack
Data at rest encryption
Available data at rest encryption for any virtual server to help ensure compliance requirements
are met
Blocking malicious activity at the network perimeter prevents suspicious and malicious traffic from ever entering our infrastructure. These
security measures add protection and increase performance by eliminating unwanted traffic to servers. Security for the network layer is crucial to
prevent and monitor unauthorized access, misuse, or modification of network-accessible resources. All customer environments are isolated and
secured at the network level.
The server is the layer of defense closest to the application. Ensuring attack vectors are limited and points of entry are hardened is extremely
important in solidifying overall security posture and keeping important data safe. Every server is hardened at deployment exceeding compliance
mandates.
Application Security
Discrete application deployment
You have your own discrete set of servers deployed for your applications. We don’t share virtual
servers among multiple customers.
Application performance monitoring
Detects anomalies in application performance which could be the result of malware or attack
Secured communication protocols
All protocols can be secured to ensure end-to-end data protection
Principle of least access applied to data flows
Discrete firewall rules are applied to allow only defined traffic to flow in and out of the
environment
Using best practice application deployments that have been tuned through years of experience helps ensure your Documentum as a Service
environments will be there when you need them. By layering in additional controls for end-to-end encryption and restricting traffic, we provide
additional layers of security beyond a typical on-premise installation.
Administrative Security
Site-to-site IPSEC VPN
Allows private connection with relatively inexpensive bandwidth. (See Networking Section of
this document for details.)
MPLS termination
Allows private connection with predictable bandwidth and latency. (See Networking Section of
this document for details.)
Secure portal for user management
Enables self-service administration of the small community of user identities maintained for
your Documentum administration personnel, xPression designers, and Captiva operators.
Bastion host for EMC administration access
Provides an air gap between the EMC network and the Documentum as a Service data centers.
Also allows for blocking of services like file transfer into and out of our environments.
As a private cloud, we rely on private connections to allow your users access to the Documentum as a Service environments. To that end, we
enabled several connection methodologies detailed in the Networking Section of this document. We also ensured the EMC administration team
could safely and effectively manage our environments while maintaining strong separation from EMC’s other networks and resources.
31
EMC Documentum As A Service – Services Capabilities Overview
Governance
Complete incident lifecycle management
Utilizing standard ITIL practices for incident and problem management, including continuous
improvement
Rigid change control process
Ensures that changes are documented, vetted, reviewed, scheduled, and implemented
following standard industry practices
Documented Standards, Policies, and Procedures
Provide for consistent, controlled management of the entire service
SSAE16 certification via annual audit
Provides third part attestation that controls are in place and followed
Specialized security incident response team
Enables fast response to any detected incident to shut down any attack and ensure you are
notified of any potential data loss as well as providing for investigation and analysis
Rigid and responsible governance is core to delivering a secure, reliable, and available service, but these are not static processes either; they
evolve as you do as we develop better approaches and apply new technologies.
End User Authentication
EMC Documentum as a Service supports the LDAP/LDAPS mechanism of directory servers that have been certified with EMC Documentum
Content Server. This requires you to open your firewall to the Documentum Server running in the EMC Documentum as a Service data center
facility to your on-premise LDAP system via LDAP or LDAPS connection in order to synchronize userids, user groups, and to authenticate
userid/passwords. You must create an LDAP service account with privileges as documented in the standard EMC Documentum Content Server
documentation to perform these functions.
For select Documentum clients (for example, recent versions of Documentum Webtop and D2), EMC Documentum as a Service supports
integration with your Identity Provider (IdP) through support for the SAML 2.0 standard. This support still requires Documentum LDAP/LDAPS sync
to manage user accounts in Documentum and will not function properly without it. However, SAML integration offers two significant advantages
over using LDAP/LDAPS sync alone:
1.
User credentials are not entered into the Documentum Clients and sent through the network. User credentials are entered into your
choice of IdP on your network. They are not sent to EMC Documentum as a Service.
2.
Once a user enters credentials into your IdP, you can set up the system to authenticate to any number of systems, including EMC
Documentum as a Service, in a single-sign-on fashion. Should you configure your systems properly, Documentum users will not need to
enter their credentials again.
EMC Documentum as a Service supports the LDAP mechanism of directory servers that have been certified with EMC Document Sciences
xPression. This requires you to open your firewall to the xPression Server running in the EMC Documentum as a Service data center facility to your
on-premise LDAP system via LDAP connection in order to authenticate userid/passwords and retrieve group assignments. You must create an
LDAP service account with privileges as documented in the standard EMC Document Sciences xPression documentation to perform these
functions.
32
EMC Documentum As A Service – Services Capabilities Overview
Summary
In this document we’ve tried to show how you can rapidly and securely leverage the economies of the cloud by deploying Enterprise Content
Management (ECM) through EMC Documentum as a Service. EMC Documentum as a Service eliminates the need for in-house expertise and
expanded infrastructure, because it’s fully managed and dynamically scaled by EMC—whether delivered from our site or yours. With Documentum
as a Service, we believe that any enterprise can better capitalize on its information assets while streamlining its operations. Put succinctly, it will
help you “save, simplify, and transform.”
EMC Documentum as a Service brings together the leaders in content management: EMC Documentum, EMC Captiva, EMC InfoArchive, and EMC
Document Sciences from EMC Enterprise Content Division; EMC storage; EMC security from RSA; virtualization from VMware; and Vblock partners
Cisco and Intel—all under one roof, and available to you where and when needed.
It’s a new era for Enterprise Content Management in the cloud as organizations transform into the digital age to gain competitive advantage and
provide an uncompromising user experience.
About ECD Services
EMC Enterprise Content Division (ECD) Services accelerates today’s digital enterprise through world-class technical and industry
expertise coupled with end-to-end service capabilities that deliver content management cloud solutions, empower end users, and enable
successful project implementations while mitigating risk. Our 500+ services experts worldwide, plus global network of partners, have
the skills, knowledge, and experience organizations need to get the maximum value from their EMC software investments.
CONTACT US
To learn more about how EMC products,
solutions, and services can help solve your
business and IT challenges, contact your
local representative. Solution Principal or
email us at [email protected]
or visit us at www.EMC.com/Documentum.
33
EMC2, EMC, the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other
countries. VMware are registered trademarks or trademarks of VMware, Inc., in the United States and other
jurisdictions. All other trademarks used herein are the property of their respective owners. © Copyright 2016 EMC
Corporation. All rights reserved. Published in the USA. 1/2016 EMC Documentum As A Service Service Capabilities
Brief H12128.3
EMC believes the information in this document is accurate as of its publication date. The information is subject to
change without notice.
Fly UP