South Carolina Department of Administration IT Shared Services Catalog Revised: July 31, 2023
IT Shared Services Catalog | 2 Table of Contents Introduction ......................................................................................................................................3 1.0 Workplace Services ...................................................................................................................4 1.1 EMAIL SERVICES .............................................................................................................. 5 1.2 MANAGED WORKSTATION/PRINTER SERVICES..............................................................6 2.0 Network Services ....................................................................................................................10 2.1 LOCAL AREA NETWORK (LAN) SERVICES ......................................................................11 2.2 METRONET SERVICES....................................................................................................13 2.3 INTERNET SERVICES ......................................................................................................15 3.0 Hosting Services ...................................................................................................................... 16 3.1 VIRTUAL SERVERS .........................................................................................................17 3.2 DATABASE HOSTING SERVICES .....................................................................................22 3.3 ENTERPRISE CONTENT MANAGEMENT (ECM) SERVICES .............................................27 4.0 Enterprise Storage Services .....................................................................................................38 4.1 ENTERPRISE STORAGE SERVICES ..................................................................................39 4.2 DATA BACKUP SERVICES ...............................................................................................42 5.0 Admin-Brokered Services: Telecommunications.......................................................................45 5.1 CELLULAR (WIRELESS) SERVICES...................................................................................46 5.2 LOCAL TELEPHONE SERVICES .......................................................................................47 5.3 LONG DISTANCE TELEPHONE SERVICES........................................................................48 5.4 VOICE OVER INTERNET PROTOCOL (VOIP) SERVICES ...................................................49 5.5 CONTACT CENTER SERVICES.........................................................................................51 5.6 INTEGRATED VOICE RESPONSE (IVR) SERVICES............................................................52 5.7 RADIO, PAGER AND SATELLITE COMMUNICATIONS SERVICES ....................................53 6.0 Admin-Brokered Services: Network .........................................................................................57 6.1 CABLE AND WIRING SERVICES ......................................................................................58 6.2 DATA TRANSPORT SERVICES.........................................................................................63 6.3 INTERNET SERVICES ......................................................................................................66 7.0 Admin-Brokered Services: Hosting........................................................................................... 68 7.1 WEB HOSTING ..............................................................................................................69 7.2 DISASTER RECOVERY AS A SERVICE (DRaaS).................................................................70 8.0 Admin-Brokered Services: Printing Services .............................................................................73 8.1 PRINT AND MAIL SERVICES ...........................................................................................74 9.0 Enhanced Microsoft 365 Services.............................................................................................75 9.1 MICROSOFT TEAMS ......................................................................................................76 9.2 MICROSOFT ONEDRIVE ................................................................................................. 78 10.0 Enterprise Cloud Services ........................................................................................................80 10.1 CLOUD SERVICES.........................................................................................................81
IT Shared Services Catalog | 3 Introduction The South Carolina Department of Administration (Admin) provides a wide variety of secure, reliable and cost-effective information technology (IT) services to agencies throughout the state. With this in mind, Admin is pleased to offer the following IT Shared Services Catalog. This catalog is designed to provide a comprehensive look at the available technology-related shared services, while offering the necessary level of detail to help agencies make informed choices and find the right IT services to meet their current and future needs. Admin is rapidly transforming its shared services to provide new and strategic capabilities to customers. As such, the IT Shared Services Catalog will be updated on a regular basis as the needs of the state and the demand for such services increase. We welcome your feedback on the services described in this catalog, and we look forward to providing high quality, innovative technology services to help support the achievement of agency business goals and objectives.
IT Shared Services Catalog | 4 1.0 Workplace Services
IT Shared Services Catalog | 5 1.1 EMAIL SERVICES SERVICE DESCRIPTION The Email service uses Office 365 to provide cloud-based email, email storage, calendar and task capabilities. The use of Office 365 for email allows users to access the service virtually anytime and anywhere. Email Includes: User account provisioning. Access to a global directory of state email addresses. Mailbox and calendaring storage. Email storage and archiving in compliance with state data and document retention policies. Encryption for outgoing email available if required. Virus scanning of all attachments. Spam filtering. Incident resolution through the DTO Service Desk. Office 365 licenses. SERVICE NOTES Each email account receives a fixed amount of email storage, as determined by the Office 365 Government Plan. All services are delivered in compliance with state of South Carolina Information Security policies, as presented in SCDIS- 200. CUSTOMER VS. ADMIN RESPONSIBILITIES Responsibilities Admin Customer Supply a workstation or other mail-capable device. X Supply and configure desktop client for accessing email (e.g., Outlook). X Contact the DTO Service Desk to report an incident. X Plan, provision, maintain, troubleshoot, resolve email service issues. X SERVICE RATES Service Offering Monthly Unit Price Email Services $10.75 Agencies should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) for additional information or to acquire these services. ADDITIONAL INFORMATION
IT Shared Services Catalog | 6 1.2 MANAGED WORKSTATION/PRINTER SERVICES SERVICE DESCRIPTION The Managed Workstation service provides centrally managed workstation services to support and to help secure agency workstations. Use of this service requires agencies to standardize on DTO-supported workstations and mobile computing devices. This service provides options for remote and on-site support to ensure consistent and reliable access to productivity applications and business data. 1. Managed Workstation with Remote Support: This option provides centrally managed workstation services for agency-owned or leased workstations with remote support using remote assistance tools. This option Includes office productivity software and email services. Please note, agencies are responsible for on-site support of workstations. The Division of Technology Operations (DTO) Service Desk or Admin endpoint technicians will provide telephone support and/or use remote assistance tools to address an issue or fulfill a service request. 2. Managed Workstation with On-Site Support: This option provides centrally managed workstation services for agency-owned or leased workstations with on-site support after initial remote support using remote assistance tools. Includes office productivity software and email services. Please note, on-site support is available only in Richland and Lexington counties. If an issue/request has not been resolved through remote support, an Admin endpoint technician will make an on- site service call to address the issue or fulfill the service request. The Managed Printer service provides the configuration and network support necessary to allow users to print, fax, scan and copy documents. Managed Printer Support includes installation, configuration to enhance security, and support for agency-owned or leased printers or multifunction devices connected to the state network (MetroNet). SERVICE NOTES Agency locations must have MetroNet or secure connection to the state network. Agency workstations must be a member of Admin’s Active Directory domain. Agencies purchasing on-site support must purchase service for all workstations at a physical address or agency location. Splitting of on-site and remote support options between workstations at the same physical address or agency location is not allowed. Agency locations outside of Lexington and Richland counties may only purchase the remote support option. Managed Printer service is available at agency locations or physical addresses where the agency also purchases the Managed Workstation service. Agencies are responsible for purchase or lease of networked printers and multifunction devices. Only state-owned or leased printers are supported. Personal printers are not supported. This service does not cover standalone photocopiers not connected to the state network. All services are delivered in compliance with state of South Carolina information security policies, as presented in SCDIS- 200.
IT Shared Services Catalog | 7 1. Managed Workstation with Remote Support Software Software management, maintenance and support vary by software type. Software types are divided into four categories. Specific software titles are assigned to each category. Please contact your agency’s ARM representative for detailed information. Critical patch management for managed and supported applications. Security compliance and configuration support of managed applications. Technical and integration support for managed and supported applications. File Storage Dedicated private network folder for users in addition to shared access to network folders as determined by user’s assigned business roles. Network storage is backed up nightly with a 30- day retention period. Support Technical support through the use of remote support tools, to include: Remote troubleshooting, diagnosis, and remote assistance of operating system, productivity tools and security application issues. Remote driver installation and configuration of workstation compatible peripheral devices. Legacy or incompatible devices may not be supported. Remote troubleshooting, diagnosis and remote assistance of locally attached printer issues to workstations covered under this service. Critical patch management of supported software and whole disk encryption help enhance workstation security. Hard drive sanitization in accordance with policy standards for workstations at end of life. Remote customers needing support for issues that cannot be resolved using remote support tools, may ship or deliver workstations to Admin’s Broad River Road facility. 2. Managed Workstation with On-Site Support Includes everything provided under Managed Workstation with Remote Support, plus the following: On-site service technician visit, after initial remote assistance (on-site technician visits are available only in Lexington and Richland counties). Scheduled workstation installation and initial configuration at agency office location. MANAGED WORKSTATION – SERVICE DETAIL
IT Shared Services Catalog | 8 CUSTOMER VS. ADMIN RESPONSIBILITIES Responsibilities Admin Customer Managed Workstation with Remote Support Purchase workstations through coordination with Admin. X Asset and warranty management for workstations. X Manage backup and recovery of any locally stored data. X Contact the DTO Service Desk to report an incident. X Provide end-user training for productivity software/business applications. X Two-way transit and protective packaging for devices shipped or transported to Admin. X Maintain accurate inventories of devices at each agency location. X Configure and deploy workstation to agency business location. X Coordinate price quotes for agency workstation purchases. X Maintain workstation base image and DTO managed applications. X Provide critical patching of managed and DTO supported applications. X Provide critical patching of contract supported/unsupported applications. X Provide remote (phone) support and tools through DTO Service Desk. X Provide remote access clients and licenses. X Managed Workstation with On-Site Support (In addition to those listed for Remote Support) Perform resolution of service requests and incidents on-site at agency’s location if resolution cannot be completed remotely. X Configure and deploy workstation to agency business location. X Managed Printer Support Configuration, moves and data sanitation of agency-owned or leased printers. Configuration of printers is provided for agencies selecting Managed Workstation with Remote Support and Managed Workstation with On-Site Support. On-site printer installation at an agency location or physical address is provided only for agencies that have purchased Managed Workstation with On-Site Support for that location or physical address. For agency locations under Managed Workstation with Remote Support, Admin will provide remote support to a user or agency-contracted vendor resource on-site at the printer’s location. Advanced printer configurations (e.g., port blocking, restricting web access, default password resets, Simple Network Management Protocol). Support of multifunction printers contracted from a third-party vendor is limited to configuration only, which includes connecting the printer to the network, advanced configurations to help secure the printer and configuring users to print. MANAGED PRINTER – SERVICE DETAIL
IT Shared Services Catalog | 9 Ongoing support from the Admin team, including: Troubleshooting, diagnosis, and remote assistance using remote assistance tools. Connecting Managed Workstation users to networked printers. Automatic printer connection based on user assigned business roles, providing the ability for users to print to certain printers based on organizational roles (e.g., human resources or legal staff members may access a printer that is not available to other staff to ensure confidentiality of printed material). CUSTOMER VS. ADMIN RESPONSIBILITIES Responsibilities Admin Customer Managed Printer Support Purchase networked printers through coordination with Admin. X Purchase and replace consumables (e.g., paper, ink cartridges). X Purchase printer warranty/hardware support contract with vendor. X Asset and warranty management for printers. X Contact the DTO Service Desk to report an incident. X Provide on-site resource to work with remote Admin staff to install networked printers at agency offices that purchase Remote Workstation Support. X Install networked printers at agency locations that also purchase Managed Workstation with On-Site Support. X Provide remote (telephone) support through the DTO Service Desk. X Monitor printer usage and cost per print. X Initial troubleshooting (e.g., paper jams, open paper drawers). X Escalated troubleshooting for hardware failure/drum replacement. X SERVICE RATES Service Offering Monthly Unit Price Managed Workstation with Remote Support $69.08 Managed Workstation with On-Site Support $79.00 Managed Printer Contact ARM Agencies should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) for additional information or to acquire these services. ADDITIONAL INFORMATION
IT Shared Services Catalog | 10 2.0 Network Services
IT Shared Services Catalog | 11 2.1 LOCAL AREA NETWORK (LAN) SERVICES SERVICE DESCRIPTION The Local Area Network (LAN) Service provides LAN infrastructure (both wired and wireless) within a building or campus environment, which enables data communication among local resources within an organization. The service includes support for agency-owned or leased switches, routers, wireless access points and physical firewall devices within an agency facility. This includes capacity planning, monitoring services, fault resolution, performance analysis and advanced configurations to enhance security. Admin offers support on an 8 a.m.-5 p.m. or 24/7 basis. For virtual firewalls, Admin provides, hosts, maintains and refreshes all virtual firewall infrastructure in the State Data Center. SERVICE NOTES Cable and wiring within the agency’s facility are not included. Wireless network performance may vary based on room location and construction, existing infrastructure, etc. It is a shared technology and offers no guarantees for consistent bandwidth or performance. All services are delivered in compliance with state of South Carolina information security policies, as presented in SCDIS- 200. 1. LAN Support Hardware Installation and configuration of agency-owned or leased network devices and firewalls. Network devices and physical firewalls are divided into tiers based on size and complexity. A list of specific devices within each tier is available from Admin. Advice for agencies during the procurement process. However, agencies are responsible for determining equipment that will meet specific needs. Support of Cisco, Juniper and Palo Alto products. Equipment must be a vendor-supported model (i.e., not end of life). Provision, hosting, maintenance and refreshing of all virtual firewall infrastructure in the State Data Center. Virtual firewalls are designated as: Small virtual firewall — up to three interfaces. Medium virtual firewall — four interfaces. Large virtual firewall — five or more interfaces. Software Management and monitoring of software tools and technologies associated with LAN and firewall management. Such areas include usage reporting, monitoring, performance analysis and reporting, alert and event management, problem determination, etc. Depending on customer equipment, certain software tools and capabilities may not be available. Admin will inform agencies of such limitations. LAN SERVICES – SERVICE DETAIL
IT Shared Services Catalog | 12 Support and Administration Monitoring, alerting and providing incident resolution through the Division of Technology Operations (DTO) Service Desk and technical support staff. Support is available at two levels: Next Business Day (8 a.m.–5 p.m., workweek business hours): An Admin staff member will be assigned, and the customer will be contacted no later than the next business day during normal business hours. 24/7 (24 hours a day, seven days a week): Admin provides support on a 24/7 basis. Cable and wiring projects are not included in the monthly LAN support service and are provided separately. Admin will provide a cost estimate before beginning work. Agencies will be charged the actual cost to complete the project, including labor, materials, vendor costs, etc. Wireless network performance may vary based on location of the rooms, construction of the rooms, existing infrastructure, etc. Wireless LAN is a shared technology and offers no guarantees for consistent bandwidth or performance. Agencies must submit service requests to Admin in advance, as described below: Contact Admin at least 30 days before new service installations or office moves when existing network infrastructure exists. Contact Admin at least 60 days before new service installations or office moves when existing network infrastructure does not exist. Longer advanced notice may be needed depending on customer requirements, location, vendor, etc. In order for Admin to support requests submitted outside the advance notice requirements, agency director and Chief Information Officer (CIO) approval may be required, and additional funding may be required to cover overtime, vendor fees and other costs. SERVICE RATES Service Offering Cost LAN Services and Support Contact ARM Agencies should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) for additional information or to acquire these services. ADDITIONAL SERVICE NOTES ADDITIONAL INFORMATION
IT Shared Services Catalog | 13 2.2 METRONET SERVICES SERVICE DESCRIPTION MetroNet is the statewide network connecting all state of South Carolina agencies to each other and to the internet. The service includes the management and support of the MetroNet, including existing transmission media and shared infrastructure, capacity planning, shared equipment upgrades, 24/7 monitoring and end-to-end fault resolution. This service includes the design and installation of new MetroNet transmission media and infrastructure for agencies with new or moved facilities that need to connect to the state network, or for agencies requiring enhancements to existing services. Multiprotocol Label Switching (MPLS) is available in Standard and Premium levels. Premium also includes Quality of Service (QoS), which recognizes the requirements of some applications are more critical than others and ensures high quality performance for such critical applications. Discuss your current and future needs with Admin to help determine the service offering that is best for your agency. SERVICE NOTES MetroNet services are typically provided to the point of demarcation between Admin’s network and the Customer Premise Equipment (CPE). Building must have connectivity and adequate physical infrastructure (e.g., space, power and air) to house network equipment. Limitations in existing fiber or other requirements may limit service availability to particular locations. All services are delivered in compliance with state of South Carolina Information Security policies, as presented in SCDIS- 200. Hardware MetroNet component technologies such as routers, firewalls, transmission media (fiber optics backbones, network cable, etc.). This does not include customer premise equipment (CPE). Software Network management and monitoring software tools and technologies which help deliver network usage reporting; network monitoring; performance analysis and reporting; alert and event management; problem determination; router/firewall configuration and provisioning; support for configuration; change management, etc. Installation and Configuration Core MetroNet technologies such as routers, firewalls, transmission media (fiber optics backbones, network cable, etc.). Upgrade and enhance core MetroNet environment as required to ensure that proper capacity, performance and availability is provided to Admin customers. Expansions to the core MetroNet environment (e.g., router and transmission media). Custom projects with agencies that require MetroNet service for new or relocated facilities, or for agencies that require enhancements to existing services. These projects will include the planning, design, engineering and implementation needed to meet agency requirements. METRONET – SERVICE DETAIL
IT Shared Services Catalog | 14 Guidance to customers in the sizing of new or existing network circuits to ensure additions and/or expansions are consistent with the agency’s forecast growth trends, are a cost-effective option for customers, and can be fulfilled by Admin and/or a qualified vendor. Support and Administration Incident resolution services via the DTO Service Desk. Hardware/firmware maintenance for supported network devices and components. 24/7 monitoring and alerting on MetroNet. Security MPLS and virtual LAN (VLANS) to isolate agency traffic. Division of Information Security (DIS) monitoring of all network traffic to detect threats. Cable and wiring projects are not included in the monthly MetroNet service and are provided separately. Admin will provide a cost estimate before beginning work. Agencies will be charged the actual cost to complete the project, including labor, materials, any vendor costs, etc. Infrastructure within the building may impact MetroNet performance at the end-user device. Planned maintenance is performed each Sunday between 6–10 a.m. Agencies must submit service requests to Admin in advance, as detailed below: Contact Admin at least 30 days before new service installations or office moves when existing network infrastructure exists. Contact Admin at least 60 days before new service installations or office moves when existing network infrastructure does not exist. Longer advanced notice may be needed depending on customer requirements, location, vendor, etc. In order for Admin to support requests submitted outside the advance notice requirements, agency director and Chief Information Officer (CIO) approval may be required, and additional funding may be required to cover overtime, vendor fees and other costs. SERVICE RATES Service Offering Cost MetroNet Services and Support Contact ARM Agencies should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) for additional information or to acquire these services. ADDITIONAL SERVICE NOTES ADDITIONAL INFORMATION
IT Shared Services Catalog | 15 2.3 INTERNET SERVICES SERVICE DESCRIPTION Admin provides internet services to users of the state network via redundant connections to three separate internet service providers (ISP) in order to ensure high levels of availability. Admin-provided internet is designed to offer additional redundancy not typically provided through a single ISP. SERVICE NOTES Agencies must have adequate MetroNet bandwidth to cover their internet bandwidth. Existing infrastructure within the building may impact internet performance from an end-user device perspective. All services are delivered in compliance with South Carolina Information Security policies, as presented in SCDIS-200. Support and Administration Brokering with and managing vendor relationships with Admin’s three preferred internet service providers to ensure redundant connections. Support for the agency’s initial access to Admin’s preferred internet service providers. Incident resolution services through the Division of Technology Operations (DTO) Service Desk. 24/7 monitoring and alerting on the internet service. Provision, install and configure expansions to the internet service. Perimeter defense capabilities. Distributed denial of service (DDOS) protection. Internet performance may vary based on location of the facility, existing/local infrastructure, geography, etc. Planned maintenance is performed Sunday between 6–10 a.m. Admin will provide guidance to customers in estimating internet data usage to ensure the agency’s budget estimates for this service are consistent with the customer’s forecast growth trends and can be fulfilled by Admin and/or a qualified vendor. SERVICE RATES Service Offering Cost Internet Contact ARM INTERNET – SERVICE DETAIL ADDITIONAL SERVICE NOTES
IT Shared Services Catalog | 16 3.0 Hosting Services
IT Shared Services Catalog | 17 3.1 VIRTUAL SERVERS SERVICE DESCRIPTION Virtual Servers provide a virtualized server environment with enhanced security for hosting business applications in the State Data Center. The virtual server environment supports Microsoft Windows Server and Red Hat Enterprise Linux Server operating systems. Virtual machines (VM) can be sized to support customer processing requirements via a fixed incremental configuration of memory, processor and disk space. Virtual Machine (VM): This offering provides for a centrally provisioned and patched VM operating system (OS) and related system utilities. This offering includes two core processors, 4GB RAM and 80GB OS file storage. Admin will enable provisioning of a vendor-supported version of Microsoft Windows Server Operating System or a vendor- supported version of Red Hat Enterprise Linux Server Operating System. Admin will manage and maintain the Virtual Server OS, including basic operating system testing and installation of service packs and patches, to ensure the operating system patches do not materially impact the core server performance. Virtual Machine (VM): Legacy Isolation: If an agency is unable to use a vendor-supported server operating system, Admin will assign the VM Legacy Isolation service offering to the agency. These VMs are hosted on isolated infrastructure and are configured to help mitigate security risks, and the server operating system is supported by the agency. Admin will determine an agency’s need for this service offering on an exception basis; this offering is not orderable by agencies. SERVICE NOTES Full agency server migrations to the State Data Center are not included in this service. This service is focused on the provision and support of a new virtual server instance. The virtual server environment is based on VMware ESXi. Servers will be charged from the time they are provisioned until they are de-provisioned. Storage for customer data is available through the Enterprise Storage service. All services are delivered in compliance with state of South Carolina Information Security policies, as presented in SCDIS- 200. Note: This offering is not orderable by agencies and may only be assigned by Admin on an exception basis. See Additional Service Notes for more detail. Facilities Management Management and monitoring of physical security to data center. Management and monitoring of the data center environment (e.g., racks, power and cooling). ESXi Host Systems Engineering Provisioning and set up of ESXi host server hardware and software in accordance with Admin standards and policies. Hardware and software enhancements to the ESXi host server over time. VIRTUAL SERVERS – SERVICE DETAIL
IT Shared Services Catalog | 18 Upgrades of ESXi host service components. ESXi Host Systems Maintenance Administration and maintenance of hardware to ensure that each ESXi host server is reliable, is performing adequately and is providing overall service availability. Maintain ESXi host server hardware and software at recommended patch and release levels following standard change management procedures. Standard capacity and performance analysis reporting capabilities for customers to review utilization, performance and trending information for processors and memory. Admin provides and maintains a VM OS and related systems utilities. Admin installs manufacturer field change orders, service packs, firmware and software maintenance releases. Admin performs product patch, “bug fix,” service pack installation or upgrades to the current installed version. Admin manages and maintains (e.g., procure, monitor, track status, verify, audit, perform contract compliance, renew, reassign) software licenses and media. ESXi Host Systems Support and Monitoring Responsive support to incidents. Responsive support to unscheduled service outages in a timely manner. Provision of diagnostic information to assist with customer application support needs. Repair or replacement of failing hardware components. Ongoing security monitoring and management. Security event monitoring, detection and notification. Periodic vulnerability scanning and reporting. Security event/vulnerability remediation. 24/7 access to the Division of Technology Operations (DTO) Service Desk. Best effort prioritized on-call “after hours support.” Simple Network Management Protocol (SNMP) and Internet Control Message Protocol (ICMP) based monitoring and alerting. Hardened server images. System management and reporting software. Monitoring and alerting services to ensure operating system is up and operating normally. Network Connectivity Connectivity within the data center to a dedicated department virtual local area network (VLAN) to keep data and applications separated from other department data and applications. Virtual Machine Redundancy in State Data Center Virtual machines are configured with full redundancy allowing system recovery within the same data center.
IT Shared Services Catalog | 19 In the event that a physical server fails, also commonly referred to as an ESXi host hardware failure, the automated high availability feature is invoked. All VMs affected by the ESXi hardware failure are migrated to an alternate ESXi host and restarted on the alternate host within the virtualization cluster. All workloads are supported with minimal impact to performance with unplanned downtime related to the VM migration and the restarting of the VM on an alternate host in the virtualization cluster. The alignment and compliance of application requirements are maintained as when the VM was initially provisioned. Server failover (VMware HA) capabilities do not support application level load balancing at this time. Additional disaster recovery capabilities are under development. Virtual Machine Backup Backup of VM OS, system utilities, applications and VM configurations. Virtual Machine (VM) Admin will ensure the agency has remote access to the virtual server. Agencies will be responsible for purchasing client remote access licenses (e.g., two-factor authentication) for remote access. Admin will coordinate with the agency for any planned Admin changes or outages that will affect the agency’s server environment. Requests for installations, adds, moves or change that exceed 40 hours will require additional funding. Admin will provide an estimate before beginning work. Agencies are expected to maintain their VM-hosted operating systems at vendor supported versions in order to get the most benefit from this service. A list of currently supported server operating systems is available from Admin. If a customer’s business applications require a larger server environment or a custom configuration, please contact Admin to investigate an alternative, custom configuration. The standard patching maintenance window is Saturday from 8 a.m.-noon. Patches are applied 10 days after release. Patches are occasionally applied sooner based on the risk of the unpatched vulnerability. VM OS are subject to security scanning services by the Division of Information Security (DIS) before being placed into production. Virtual Machine (VM) – Legacy Isolation This environment may result in reduced application functionality in order to mitigate security risks inherent in the legacy server operating system software environment. This offering will have reduced support (e.g., patching is no longer available). This offering is primarily focused on protecting the broader Admin application and infrastructure environment from security risk introduced by hosting legacy server operating system software. ADDITIONAL SERVICE NOTES
IT Shared Services Catalog | 20 The environment is composed of dedicated hardware and software components with advanced security configurations. The costs of these components and the associated labor are included in the service offering rate. Examples of additional security associated with this offering include, but are not limited to separated VLAN, restricted user access, additional firewalls to isolate the legacy server operating system from the mainstream network, etc. Agencies are responsible for initial provisioning, configuration, patching and ongoing management of the VM OS. CUSTOMER VS. ADMIN RESPONSIBILITIES Responsibilities Admin Customer Data Center Facilities Data Center power, cooling and related support infrastructure. X Data Center network infrastructure. X Data Center facilities security. X Data Center facility structure maintenance and enhancements. X Hardware ESXi host server hardware (processor, memory, storage for system files) at the State Data Center. X Virtualization software (hypervisor and virtualization management tools). X Standard System Software VM server operating system. X Standard security software (antivirus, host intrusion detection, scanning) for VMs. X Standard system management tools. X Server remote access software (Citrix or VPN). X Client remote access software (Citrix or VPN). X Non-Standard System Software Additional VM OS CALs. X Non-standard system management tools. X Non-standard security software. X Application Software Custom developed. X Commercially provided. X Middleware/utility software. X Other software not defined above. X Initial Provisioning and Configuration Management Of ESXi host server hardware/software. X Virtual machine instance. X
IT Shared Services Catalog | 21 VM OS and utilities. X Non-standard system software. X Applications and database software. X Patching and Lifecycle Configuration Management Of ESXi host server hardware/software. X VM OS and utilities. X Non-standard system software. X Applications and database software. X Monitoring and Fault Management – Fault Monitoring and Event Notification/Triage, Recovery and Troubleshooting (perform diagnostics, maintenance and break/fix support) ESXi host server hardware/software. X Virtual machine instance. X Virtual machine fail over instance (base disaster recovery capabilities). X VM OS and utilities. X Non-standard system software. X Applications and database software. X Capacity and Performance Management Implement and maintain tools for performance/capacity planning. X Provide reporting for system performance and utilization. X Monitor usage to proactively identify capacity or performance issues. X Evaluate, identify and recommend changes to enhance performance. X Security Monitoring and Management Antivirus system management and scanning of the VM environment. X Security event monitoring, detection and notification. X Periodic vulnerability scanning and reporting. X Security event/vulnerability remediation. X X ESXi host server hardware and software. X VM System utilities software. X SERVICE RATES Service Offering Cost Virtual Server (2 CPU / 4GB RAM / 80GB DISK) $145.00 Server Management $360.00 Agencies should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) for additional information or to acquire these services. ADDITIONAL INFORMATION
IT Shared Services Catalog | 22 3.2 DATABASE HOSTING SERVICES SERVICE DESCRIPTION This service provides database server hosting for agency applications in the State Data Center. Databases, also known as Database Management Systems (DBMS), are supported on Admin’s virtual servers and Enterprise Storage-SAN environment. Database Hosting (IaaS on Premise) – Dedicated: Base level physical database administration services for agency customers who meet any of the following criteria: Agency uses in-house or third-party vendor(s) for managing/supporting the application environment; Agency prefers to manage the database server and have access to in-house or external database administration; Database contains restricted data; Agency requires direct back-end access to database to alter data via inserts, updates or deletes; Databases can be small or large. They can have customized structured partitions for Datafiles, Logs and Temp DB files. Multiple databases can be hosted on a single server keeping like kind databases on the same SQL server. This is an Infrastructure as a Service (IaaS) on Premise offering giving the customer greater control over the management of the server. This offering leverages a dedicated Microsoft SQL database platform. Database Setup: If an agency requires initial limited help preparing a database or database server for initial setup to meet specific guidelines for a project, a database administrator (DBA) can be allocated to assist. Database – Legacy Isolation: If an agency is unable to use a vendor-supported database version or system, Admin will assign this service offering to the agency. These database management systems are hosted on isolated infrastructure and configured to help mitigate security risks. The database and its applications are supported by the agency. Admin will determine an agency’s need for this service offering on an exception basis, as this offering is not orderable by agencies. SERVICE NOTES Full agency database migrations into the State Data Center are not included in this service. This service uses Microsoft- supported versions of Microsoft SQL Server Databases If an agency requires application database administration, Admin can recommend qualified consultants for the agency to contact. Customers must also purchase Enterprise Storage and one of the Virtual Servers offerings. Contact Admin to help determine which database offering will best meet agency business needs. All services are delivered in compliance with state of South Carolina Information Security policies, as presented in SCDIS- 200. Note: This offering is not an orderable offering by agency customers. It is available at Admin’s discretion as an exception to the standard.
IT Shared Services Catalog | 23 For the Dedicated service offering, Admin provides the following: Database Software Installation and Upgrade Installation and upgrading of database management software. Installation and upgrading of database management utility software. Application of cumulative Updates, service packs, security patches (CVEs) to database management software.* Application of cumulative Updates, service packs, security patches (CVEs) to and bug fixes to database software.* CUSTOMER VS. ADMIN RESPONSIBILITIES (DATABASE HOSTING – DEDICATED) Responsibilities Admin Customer Database Support Requirements Identify application requirements for the database. X Identify data security requirements. X Identify data backup and retention requirements. X Identify data archive and purge requirements. X Identify data recovery time objectives. X Database Software Procurement, Installation and Configuration Procurement of database management server software (licenses). X Procurement of database management server software (client licenses); cost passed through to customer. X Procurement of database management server utility software. X Database management system software installation and configuration. X Database management system software utility installation and configuration. X Database management system software version upgrades. X Database management system software utility version upgrades. X Apply functional patches, service packs, security patches and bug fixes to database management software. X X* Apply functional patches, service packs, security patches and bug fixes to database utility software. X X* Create the database/database instance. X Create the database tablespaces. X Database Support Activities Provide first level support for vendor supported database. X Provide first level support for issues with the database. X Monitor status of database systems as defined by customer and Admin. X X DATABASE HOSTING – SERVICE DETAIL
IT Shared Services Catalog | 24 Develop and document standards and acceptance criteria to promote applications database changes from development and/or test into production. X Coordinate activities for moving code from development and/or test environments to production via change management process. X Execute activities to support releases to production via change management process for database management. X Database Monitoring and Fault Management Define requirements for database performance monitoring. X Implement database monitoring tool. X Monitor database software environment on a 24/7 basis. X Automated monitoring of database instance availability on a 24/7 basis. X Monitor and respond to application database alerts and events per incident management process. X Configure database level high availability (SQL Server always on availability groups). X Database Performance and Capacity Management Agency deployment plans and user growth forecasts. X Define requirements for performance/capacity planning monitoring tools. X Implement and maintain tools for performance/capacity planning and management. X Define performance indicators and establish thresholds to monitor database performance against indicators. X Provide analysis and report on database performance trends and exceptions. X Recommend corrective action to resolve database performance and capacity problems. X Implement corrective actions approved by the change management process. X Database Maintenance Coordinate and schedule maintenance activities with customer change management process. X Install database security patches. X Database Security Ability to add/remove users for pre-defined active directory groups for user access for application roles. X Ability to manage users on Microsoft SQL server. X *SQL patches outside of the Admin domain are the responsibility of the customer DBA(s) unless contractually noted otherwise. General Admin will ensure the agency has remote database server access per specifications provided in the project planning phase. ADDITIONAL SERVICE NOTES
IT Shared Services Catalog | 25 Agencies will be responsible for purchasing client remote access licenses for remote access. Admin will coordinate with the agency for any planned Admin changes or outages that will affect the agency’s server environment through the Division of Technology Operations (DTO) Service Desk notification system as a result of the Admin change management process. In addition to the data manipulation language (DML) tasks identified in the “this Admin service includes” section, administration and development tasks related to the application layer are the responsibility of the customer. In most cases, the primary responsibility for the identification of a DBMS problem will be the responsibility of Admin. If Admin determines a problem is application or DDL/DML related, then Admin will inform the customer of the underlying issue and the responsibility to resolve the identified issue will be transferred to the customer for final resolution. It is the customer’s primary responsibility to ensure it has adequate technical support for their application, as this is not a responsibility of Admin. There are many options for support from in-house technical resources, software support contracts, Beeline and other outside vendors that supply subject matter experts. Requests for installations, adds, moves or changes will be billed to the requesting agency under the Database Setup service offering. If the amount of work exceeds four hours, this may be identified as a project and incur additional fees. The standard maintenance window is Saturday from 8 a.m.-noon. Microsoft patches and SQL Cumulative Updates and Service Packs are applied during maintenance windows, within 8-30 days after release. Security Patches are occasionally applied sooner based on the risk of the unpatched vulnerability. It is the customer agency’s responsibility to ensure that its SQL Servers are running currently supported versions of SQL software, as defined by Microsoft, if the agency determines to retain its database servers on its own domain and denies security access to the servers from Admin database administrators. Admin has no responsibility for the condition or security of SQL Servers or the data they store, process and/or transmit when Admin personnel have no security access. Admin will support Microsoft SQL Server databases that qualify for vendor support (mainstream and extended). Admin will require an agency customer to upgrade to a vendor supported version of the Microsoft database before Microsoft extended support expiration. For Dedicated Database customers, specialty database utilities such as Idera and/or compliance and security software licenses are not included in the rate. Costs to supply such utilities will be passed through to the customer. Data backup services are not included in the default rate. Customer agencies must purchase the data backup service. Database Hosting — Dedicated In addition to the General Database Hosting Service Notes, the following items apply to the Database Hosting — Dedicated Services: System administrator privileges to the database engine will be granted to the customer agency for advanced database administration tasks. Database client licenses costs will be passed through to the agency customers. The database licensing costs are not included in the rate.
IT Shared Services Catalog | 26 Idera database utility software (e.g., SQL Safe Backup) license costs will be passed through to the agency customer. Idera SQL backups are required for SQL Servers in Admin-managed domains. Specialty database utilities, such as compliance and security software licenses, are also not included in the rate. License costs for these products will be passed directly to the customer agency. Agency customers must purchase the Enterprise Storage service. This service offering does not include disk storage for database hosting. Dedicated hosting outside of Admin-managed domains creates certain exceptions to the above service offering. Additional customer responsibilities will be included in the signed service agreement in such cases. An example of these additional responsibilities includes the customer DBA responsibility for SQL Server patching, backups, monitoring and troubleshooting. Database Hosting — Legacy Isolation This environment may result in reduced application functionality to mitigate security risks inherit in the legacy database software environment. This offering will have reduced support (e.g., patching is no longer available). This offering is primarily focused on protecting the broader Admin application and infrastructure environment from security risk introduced by hosting legacy database software. The environment is composed of dedicated security hardware and software components. The costs of these components and the associated labor are bundled into this rate. Examples of additional security and related costs, associated with this offering include, but are not limited to separated VLAN, restricted user access, additional firewalls to isolate the legacy database from the mainstream network, etc. SERVICE RATES Service Offering Microsoft SQL Server Database Database Hosting Services Contact ARM Agencies should contact their Agency Relationship Management (ARM) representative or the Program Management Office (pmo@admin.sc.gov) for additional information or to acquire these services. ADDITIONAL INFORMATION
RkJQdWJsaXNoZXIy NzM4MTg4