Cloudfire Service specific terms

These Service Sheets apply exclusively to the specific CloudFire Services present in this document purchased and used by Users, as defined in the General Conditions. In the event of a conflict between these Service Cards and the General Terms of Agreement between the User and CloudFire, the terms and conditions of these Service Cards apply, but only to the extent that such conflict is limited. Capitalized terms used in this document, but not otherwise defined in this document, shall have the meaning indicated in the General Terms of Contract. CloudFire reserves the right to upgrade, upgrade, or interrupt any aspect or functionality of a CloudFire Service, in whole or in part. Although specific roles and responsibilities are identified as being owned by the User or CloudFire, any roles or responsibilities not indicated in these Service Sheets or otherwise provided in the General Terms are not provided with the CloudFire Services or are considered to be the responsibility of the User.

‍

A. Universal terms

‍

TERMS OF SERVICE APPLICABLE TO ALL CLOUDFIRE SERVICES IN THE DOCUMENT

‍

1) Mitigation (protection against DOS and DDOS attacks)

‍

1.1. CloudFire will implement commercially reasonable protection against DOS and DDOS hacking attempts, provided that such attacks are conducted in a manner considered by CloudFire to be sufficiently severe to justify such protection. These protection measures do not apply in case of attacks such as SQL injection, brute force, abuse of security flaws, or other similar attacks. Given the nature of a potential DOS or DDOS attack and their complexity, CloudFire will implement different levels of traffic protection in order to preserve its infrastructure and CloudFire service (s).

‍

1.2. Mitigation is activated only after an attack has been detected by CloudFire tools. Therefore, until the mitigation is activated, the affected service will be directly attacked, which could result in the unavailability of the Service. Once the attack has been identified and automatically activated, mitigation may not be turned off until the attack ends (the 'Mitigation Period'). During the Mitigation Period, the Services provided by CloudFire may be suspended and/or the User may not be able to access the Services provided by CloudFire.

‍

1.3. If, despite the activation of mitigation measures, the cyber attack affects the integrity of CloudFire and the User's infrastructure, CloudFire will apply stricter protection measures that may result in a reduction in the quality or unavailability of the Services provided by CloudFire.

‍

1.4 It is possible that part of the traffic generated by the cyber attack is not detected by CloudFire systems and therefore negatively affects the Service provided to the User. The effectiveness of the mitigation measures also depends on the configuration by CloudFire. As such, the User is responsible for ensuring that they have the necessary skills to provide effective administration.

‍

1.5. Mitigation does not exempt the User from ensuring the security of the CloudFire Service used, from installing security tools (for example firewalls), from making regular updates to his systems, from backing up his data or from monitoring the security of his computer programs (for example scripts, codes).

‍

2) Cortex platform

‍

2.1. The Services provided by CloudFire can be managed by Users through the Cortex Platform. The Cortex Platform provides purchase management, billing, support and security services for available products, as well as direct management of the Infrastructure.
Through the Cortex Platform, it is possible to manage the account data, payment method and the Users connected to the User's account.
It is also possible to manage End Users, when managed (“Managed Customers”), for Resellers.

‍

3) CloudFire service provisioning

‍

3.1. CloudFire will provide the following provisioning services for Openstack IaaS Services as a Service, vSphere as a Service, and S3 Scalable Object Storage:

• implementation of processing, storage, networking (physical servers, physical storage and physical network devices, etc.) specific to the selected Basic Products;
• initial network resources, including predefined public IP addresses, if applicable.

‍

3.2. The user will be responsible for the following provisioning services:

• Installing and configuring custom or third-party applications, distributions, and operating systems, and creating user accounts and modifying default system preferences as needed.

‍

4) Operations - Monitoring

‍

4.1. CloudFire will provide the following services related to monitoring:

• Monitoring of the underlying infrastructure, infrastructure networks, higher-level management and user management interfaces, as well as computing, storage and network hardware to ensure availability.
• Capacity and performance monitoring for storage infrastructure and network hardware.

‍

4.2. The User will be responsible for the following services related to monitoring:

1. Monitoring of resources distributed or managed within the account, including, but not limited to, operating systems, applications, specific network configurations or network devices distributed by third parties, operating system or application vulnerabilities.
2. Monitoring the performance of any virtual machine ('VM')

‍

5) Incident and Problem Management

‍

5.1. CloudFire will provide incident and issue management services (e.g., detection, severity classification, logging, escalation, and return to service) related to:

• Infrastructure over which CloudFire has direct administrative and/or physical access and control, such as servers, storage and network devices;
• Service software over which CloudFire has direct administrative access and control, such as the Cortex Platform and the management services necessary to support the environment.

‍

5.2. The User is responsible for managing incidents and problems (e.g. detection, severity classification, registration, escalation and return to service) related to:

• Services implemented by the User within the assigned infrastructure, such as VM, cloud, private virtual infrastructure and any virtualized infrastructure implemented to support CloudFire Services;
  • Performance of VMs implemented by the User, customized or third-party applications, User databases, operating systems imported or customized by the User, or other assets distributed and administered by the User that are not related to CloudFire platforms;
  • Administration of the operating system, including the operating system itself or any functionality or component contained therein;
  • Configuring services based on collateral, such as local backup configurations, firewall configurations, virtual network configuration.

‍

6) Change Management

‍

6.1. CloudFire will maintain the following change management elements for the CloudFire infrastructure that supports you:

• Processes and procedures for maintaining the status and availability of CloudFire's management tools and delivery platform; and
• Processes and procedures for the release of code versions, hotfixes and service packs related to the Cortex Platform and all supporting tools/platforms.

‍

6.2. The User is responsible for:

• Managing changes to VMs, operating systems, custom or third-party applications, databases, and administering general network changes under the User's control; and
• Administration of self-service functionality provided through the Cortex Platform up to the highest levels of authorization granted to the User, including, but not limited to, virtual machines and network functions, backup administration, user configuration and role management, and general account management.

‍

7) Infrastructure Data Recovery

‍

7.1. CloudFire is responsible for protecting data, such as routine backups, the infrastructure necessary for the operation of the Service, including the high-level management and user management interfaces owned and managed by CloudFire.

‍

7.2. CloudFire is also responsible for restoring the CloudFire data and infrastructure necessary for the operation of the service, including the first-level management and user management interfaces owned and managed by CloudFire.

‍

7.3. For the avoidance of doubt, the obligations established in this Section 7 do not relieve the User of the obligation to protect their data.

‍

8) Security

‍

8.1. The responsibility for end-to-end security is shared between CloudFire and the User. CloudFire will ensure the security of the aspects of the Services for which CloudFire has physical, logical and administrative access or control. Below are the main areas of responsibility between CloudFire and the User. CloudFire will make commercially reasonable efforts to provide:

• Physical security: CloudFire Services are hosted in state-of-the-art Datacenter facilities. The following controls are present at the physical level in Data Centers:
  • Location of the equipment: CloudFire operates only in datacenters on Italian soil. The datacenter vendor selection process includes a rigorous evaluation, which ensures that each site has appropriate measures and countermeasures.
  • CloudFire Data Center: CloudFire does not own its own datacenter but buys space in Datacenter from third-party vendors.
    The list of datacenters and their certifications can be found at the following link. It is possible to view the Datacenters through guided tours and commercial agreements.
• Information Security: CloudFire will protect the information systems used to provide its Services for which CloudFire has exclusive administrative control.
• Network Security: CloudFire will protect the network containing CloudFire's information systems to the point where the User will have control, authorization or access to modify the networks.
• Security Monitoring: CloudFire will monitor security events involving Infrastructure servers, storage, networks and underlying information systems used for the provision of CloudFire Services over which CloudFire has exclusive administrative control. This responsibility ceases anytime the User has control, authorization, or access to modify an aspect of the CloudFire Services.
• Patching and Vulnerability Management: CloudFire will be responsible for the maintenance of the systems it uses to provide the CloudFire Services, including the application of patches considered critical to the target systems. CloudFire will perform routine vulnerability scans to reveal critical risk areas for the systems that CloudFire uses to provide CloudFire Services. Critical vulnerabilities will be addressed in a timely manner.

‍

8.2. The User is responsible for:

• Information Security: The User is responsible for ensuring adequate protection of the information systems, data, content or applications that it implements and/or accesses on the CloudFire Services. This includes, but is not limited to, any level of patching, security fixes, data encryption, access controls, roles, and permissions granted to the User's internal, external, or third-party users.
• Security Monitoring: The User is responsible for the detection, classification and correction of all isolated security events within their instances, associated with virtual machines, operating systems, applications, data or content that emerged through vulnerability tools or necessary for a compliance or certification program in which the User is required to participate and that are not managed by another security program.
• Network Security: The User is responsible for the security of the network over which he has administrative control. This includes, but is not limited to, maintaining effective firewall rules, exposing only the communication ports necessary to conduct the activity, and blocking promiscuous access.

‍

9) IP Addresses

‍

9.1. Each of the CloudFire Services will be reachable through a linked public, fixed, and non-transferable IPv4 and/or IPv6 address (each an “IP Address”).

‍

9.2.Any IP address provided to the User by CloudFire will remain the property of CloudFire.

‍

10) General

‍

10.1. Due to the highly technical nature of the CloudFire Services, CloudFire is subject only to the obligations set out in the applicable section of the Service Level Agreement relating to our Monthly Availability Commitment.

‍

10.2. With the exception of the elements provided by CloudFire, CloudFire does not intervene in the processing of information, data, files, systems, applications, websites or other elements that are reproduced, hosted, collected, stored, transmitted, distributed, published and, more generally, used and/or managed by the User as part of the CloudFire Services (collectively referred to as “Content Data”), and is prohibited from accessing such Content Data for purposes other than those necessary for the provision of the CloudFire Services.

‍

10.3. For security reasons, CloudFire reserves the right to proceed with the immediate and unannounced suspension of any CloudFire Service on which there is a public Proxy, IRC, VPN or TOR service available for free or for a fee, and for which CloudFire is aware of a fraudulent or illegal use of its misuse.

‍

10.4. In the presence of a sharing of the network resources provided to the User, the User undertakes not to use the CloudFire service (s) in a manner harmful to other CloudFire Users. In particular, the User undertakes not to intensively use public bandwidth. In such a situation, CloudFire reserves the right to apply restrictions to this bandwidth. The User may, if he wishes, subscribe to additional bandwidth options in order to have unlimited use of the guaranteed public bandwidth.

‍

10.5. The User is the sole administrator of the CloudFire service (s). In this capacity, the User confirms that he has all the technical knowledge necessary to ensure proper administration of the resources provided by CloudFire.

‍

10.6. The User must have an Internet connection to access the Cortex Platform or any other management interface offered by CloudFire and access the CloudFire Services and is solely responsible for the above-mentioned Internet connection, in particular for its availability, reliability and security.

‍

10.7. CloudFire reserves the right to discontinue the CloudFire Services in order to carry out technical intervention to improve the functioning of the CloudFire Services.

‍

B. Service Sheets

‍

1. Openstack as a Service - OaaS

‍

Definitions

‍

'Host server': physical server with allocated memory (RAM) and compute (CPU). Configured and administered by CloudFire, it is designed to host one or more VMs or User-administered Instances.

‍

“Infrastructure”: set of components provided by CloudFire that allow hosting the User's Openstack as a Service, including in particular (depending on the circumstances) the Host Server, Storage Space, network, internet bandwidth and/or virtualization or cloud computing technology.

‍

“Instance”: Virtual server created on CloudFire's Openstack as a Service infrastructure and that allows the development and/or use of application solutions. The Instance, created using cloud computing technologies, includes a Storage space and a quantity of CPU and RAM resources. You can add Object Storage to an instance.

‍

“Scalable Object Storage”: Distributed Storage Space based on the Object Storage architecture (managing data as objects). The CloudFire Openstack as a Service can be added to an Instance, in particular when it is used as a Snapshot (as defined below) and/or subscribed separately.

‍

“Object Storage Container”: Main unit of the Object Storage Space that shares the same access rights policy, created by the User.

‍

“Service (s): OpenStack Services as a Service described in this section 1

‍

'Storage Space': Disk space attached to an instance that can be 'local' storage or 'distributed' storage, depending on the characteristics of the instance. The “local” storage space (DAS) is directly linked to the instance for the operating system to work properly and recommended for containing non-persistent data. The data is deleted and the disk is reinstalled to its original state each time the instance is reinstalled or if the computation node where the instance resides fails.
Data in “distributed” storage (Scalable Block Storage) is stored regardless of the state of the instance. The 'distributed' storage space is eliminated from specific functionality within the portal.

‍

1. Openstack as a Service - Instances

‍

The following terms apply only to OaaS instances:

‍

1.2. Description of the service.

OaaS instances are computational computing services offered by CloudFire and located on an infrastructure owned by CloudFire for rent on a monthly basis consisting of one or more instances and/or more object service containers.

‍

1.2.1 The hardware resources (Host Server, Storage Space, etc.) and the Instances leased by the User will remain the exclusive property of CloudFire.

‍

1.2.2 CloudFire reserves the right to restrict or deny access to certain ports to protect the underlying infrastructure.

‍

1.2.3 The User acknowledges that, for security reasons, certain features and protocols (such as IRC or peer-to-peer file exchanges) may be limited by the Services.

‍

1.3. User Obligations

‍

1.3.1. The User undertakes to comply with the License terms and conditions of use of the operating system on which the Instance is configured by CloudFire, as well as the license terms for the use of the applications, in some cases pre-installed on the Instances by CloudFire.

‍

1.3.2. The User will be the sole administrator of their Instance. Under no circumstances will CloudFire be involved in the administration of the User's Instances.

‍

1.3.3. The User may also perform maintenance and update operations on the above-mentioned operating systems and applications pre-installed on the Instance. In this case, the User assumes full responsibility and CloudFire cannot under any circumstances be held responsible, including, by way of example and not limited to, the case in which such operations (maintenance, updates, etc.) are performed in violation of the applicable terms of use/license conditions, or in the event that the Instance does not work and/or does not work properly as a result of maintenance operations and/or updates carried out by the User.

‍

1.3.4. The User will not use the Services to distribute services that are intended to allow users to download files in large quantities to and from file hosting platforms.

‍

1.3.5. The User is prohibited from using or allowing the use of the Services for any intrusive activity or attempted intrusion (including, but not limited to, port scanning, sniffing, spoofing) and any controversial activity or behavior such as traffic exchange (Hitleap, Jingling), Black Hat SEO (downloading and uploading videos to and from online gaming platforms), cryptocurrency mining, video game bots, etc. anonymization services or public proxies (including VPN, Tor, P2P, IRC) and the sharing of cards (CCCam or equivalent).

‍

1.3.6. In order to maintain the service level of the User Instance and all Infrastructure servers, CloudFire reserves the right to require the User to update the operating system running on the Instance and all applications pre-installed by CloudFire, if a security vulnerability is identified. If the User does not comply with such requests, CloudFire reserves the right to disconnect the Instance, the Object Storage Container and/or the Infrastructure from the Internet.

‍

1.3.7. If CloudFire believes that the Instance or Object Storage represents a security risk, CloudFire may send an email to the User informing the User that the Instance or Object Storage Container will be reinstalled or deleted to maintain the integrity of the entire Infrastructure. CloudFire reserves the right to disconnect the Instance and the Object Storage Container from the Internet pending the reinstallation of the Instance by the User. The User is responsible for transferring data from the pirated or broken system to the new system within a commercially reasonable time. CloudFire's sole responsibility is the installation of the new system.

‍

1.3.8. The User is always responsible for using the software and for holding CloudFire harmless for the incorrect use of the necessary licenses.

‍

1.4 CloudFire Obligations

‍

1.4.1. CloudFire reserves the right to modify the operating systems and applications pre-installed by CloudFire on the Instance, in particular through such updates and/or version upgrades as it deems necessary at its sole discretion.

‍

1.4.2. CloudFire reserves the right to limit or restrict certain functionality of the Instance in order to ensure the security of the infrastructure. CloudFire will notify the User of the implementation of such restrictions whenever possible.

‍

1.4.3. CloudFire will do its best to replace any faulty part of the host server as soon as reasonably possible, except in cases where CloudFire is not directly responsible for the failure or in situations where the repair or replacement procedure requires an interruption of the Service that exceeds the normal replacement time. In the latter case, CloudFire will inform the User as soon as reasonably possible.

‍

2. Snapshot

‍

2.1. Description of the service. CloudFire provides functionality that allows the User to create snapshots of an Instance (“Snapshot”). A Snapshot is not a perennial backup of the Instance's data; rather, it's a “snapshot” copy of the Instance.

‍

2.2. User Obligations

‍

2.2.1. Under no circumstances does Snapshot exempt the User from the obligation to back up their data. Snapshot is not a disaster recovery tool.

‍

3. Load Balancer Service

‍

3.1. Description of the service. CloudFire will provide the User with a load balancing system (“Balancer (s)”) as a service, which will allow the User to distribute the workload by distributing packages of User traffic on different of its units in order to improve performance, optimize response times and increase resilience to failures and downtime.

‍

3.1.1. To use the Load Balancer service, it must be associated with the User's Openstack as a Service project.

‍

3.1.2. Any functionality of the Load Balancer Service that allows the User to restore a previous configuration does not constitute a method of permanently backing up the User's configuration.

‍

‍3.1.3. All resources used as part of the Load Balancer Service, such as Openstack as a Service instances, are subject to the General Conditions, Service-Specific Terms and Service Level Agreements applicable to them.

‍

3.2. User Obligations.

‍

‍3.2.1. The details related to the functionality and characteristics of the Balancers are accessible on the CloudFire site and are updated regularly. The User is responsible for monitoring such changes.

‍

3.2.2. The User will be solely responsible for the administration, configuration and use of the Balancer. CloudFire is not responsible for any interruptions or limitations of the Load Balancer Service caused by an incorrect configuration of the Balancer by the User.

‍

3.2.3. It is the sole responsibility of the User to take all necessary measures to maintain their configuration, taking into account the critical nature of the Load Balancer Service for the User's activity and the risk assessment if the Load Balancer Service is turned off or is undergoing maintenance, version upgrades or updates. CloudFire has no obligation to make any backup of the User's Balancer configuration.

‍

3.3. CloudFire obligations.

‍

3.3.1. CloudFire is responsible for administering and maintaining the underlying infrastructure supporting the User's Load Balancer.

‍

3.3.2. CloudFire reserves the right to carry out any maintenance, manage any version upgrade, make any update, or take any other action in order to maintain and improve the security and functionality of the Load Balancer service. This action will be taken at the discretion of CloudFire. CloudFire will attempt to inform the User of any scheduled maintenance that has an effect on the User's Balancer.

‍

4. Scalable Object Storage

‍

4.1. Description of the service. Scalable Object Storage is a storage space that allows static files to be moved across a public access point to an unlimited storage space so that the files can be used by an application or be accessible on the Web. These storage spaces are accessible through an application programming interface (API).

‍

4.1.1. The User activates the Object Storage Services from their Management Interface or API.

‍

4.1.2. Object storage services include the following solutions:

• Standard Object Storage: scalable object storage, compatible with many use cases, as limited by CloudFire and adapted to any type of volume. The solution is based on HDD storage. The solution is accessed through an S3™ * compatible API.
• Standard (Swift) Object Storage (Coming Soon): Object Storage with triple data replication. The solution is accessed through a Swift API or an S3™ compatible API. This solution may not be compatible with Object Storage S3™ compatible solutions.
• Cloud Archive (Swift) Object Storage (Available soon): Object Storage with long-term data retention. The solution is adapted to business needs. The solution is based on capacitive disk storage. The solution is accessed through a Swift API.

4.2. User Obligations.

‍

4.2.1. It is the User's responsibility to carefully review each available Object Storage solution and to ensure that the selected solution meets their needs, to ensure that they have the technical knowledge necessary to administer the Object Storage Services, in particular the Storage Space, and to inform themselves about the hardware requirements and the services and/or elements necessary to use the Object Storage Services.

‍

4.2.2. The User is solely responsible for the management and use of the Object Storage Services, including Storage Space.

‍

4.2.3. The User is responsible for ensuring the longevity of the Content Data stored and stored as part of the Object Storage Services, in particular by performing backup operations on separate physical media in a separate location.

‍

4.2.4. The User is solely responsible for backing up their Content Data on separate physical media in a separate location, for setting up, managing and ensuring business continuity, for setting up and managing disaster recovery plans and for taking the necessary technical and organizational measures to allow the User to continue the activity in the event of any circumstance that may affect the Object Storage Services, the availability of the User's Content Data and the continuity of the User's business.

‍

4.2.5. The User is solely responsible for performing reasonable backups, transfers, snapshots, or other protective measures to protect against the loss of their Content Data if the Scalable Object Storage Services are interrupted for any reason.

‍

4.2.6. The User is responsible for checking and confirming that the Object Storage Services are used without saturating the bandwidth or volume ordered.

‍

4.2.7. The User is responsible for ensuring that the purchased Scalable Object Storage Services are used solely for archiving and/or archiving purposes.

‍

4.3. CloudFire Obligations. CloudFire provides the User with a management or programming interface that allows the User to configure and administer the Scalable Object Storage Services (the “Management Interface”).

‍

4.4. CloudFire rights.

‍

4.4.1. CloudFire reserves the right to restrict the User's orders and/or use of the Object Storage Services if, at CloudFire's sole discretion, the User's order or use of the Object Storage Services may affect the stability of the infrastructure or the performance of the CloudFire Services provided to other CloudFire customers.

‍

4.4.2. CloudFire reserves the right to temporarily limit the User's use of the Object Storage Services when infrastructure capacity is insufficient.

‍

4.4.3. CloudFire is not responsible and cannot be held responsible, in any capacity, for User Content Data or for the way in which User Content Data is used as part of the Object Storage Services, including, but not limited to, transmission, distribution, collection, operation or updating.

‍

4.5. Duration and resolution. Scalable Object Storage is a Pay-per-Allocation Service. The Object Storage Services will automatically end when the User proceeds with the deletion of the bucket itself. The elimination of content alone does not end consumption.

‍

5. vSphere as a Service

‍

5.1. Definitions:

‍

“vSphere as a Service”: It is the private cloud service with VMware Cloud Foundation technology hosted in CloudFire datacenters.

The solution is managed by the User through the Cortex Platform and the management interface of the Virtualization system. The host servers and storage resources within the vSphere Service as a Service are reserved for the User.

‍

“Virtual Machine”: a non-physical server that uses the resources of the vSphere as a Service connected to the network dedicated to the vSphere as a Service service. Each Virtual Machine is managed independently of the others present in the User's service.

‍

'Pack': Contains the minimum physical resources needed to start a 'Virtual Datacenter'. A "vSphere as a Service" package consists of a minimum of:

‍

• The VMware vSphere interface, known as the vSphere Web Client, is the management interface provided by VMware to administer the resources provided to the User. This interface will provide logical access to the platform usually consisting of 1 vCenter, 1 Virtual Datacenter and 1 Cluster, 1 Vsan Datastore and all the packages included in the Vmware Cloud Foundation version (NSX example for software-defined network resources and VMware vRealize Operations for monitoring).
• Three identical host servers (CPU and RAM that contribute CPU and RAM, storage with local provisioning for virtualization) dedicated to processing and providing the hyperconverged storage components through vSAN. The User must ensure that he always has three identical Host Servers (that is, the Host Servers must have the same technical specifications).

‍

“User Network”: Resources outside the CloudFire Infrastructure used by the User to communicate with the Resources provided by CloudFire. These may be the User's own resources or resources provided and/or hosted by third parties on behalf of the User.

‍

“Host Server”: Dedicated server installed in the User's vSphere as a Service service that provides additional capacity through the processor (CPU) and memory (RAM) of the VMware server on CloudFire that can be managed through the VMware® user interface.

‍

'Virtualization': a technology that involves running multiple operating systems,

‍

“Infrastructure”: structure created by CloudFire to host the User's VMware on CloudFire Datacenter, including in particular the network, bandwidth, physical resources and virtualization.

‍

“Virtualization interface”: third-party software provided by CloudFire that allows the User to manage their VMware and associated services, and in particular to create and manage their Virtual Machines (VMs).

‍

5.2. Description of the service. CloudFire's vSphere as a service consists of one or more Hosts within a secure private network dedicated to the User. The physical resources provided as part of this Service are reserved exclusively for the User. Each vSphere as a Service has one or more private and public networks depending on the package purchased. The User must manage the secure network configuration to interconnect the network to their Virtual Machines.

‍

5.2.1. Functionality (subject to availability)

‍

• Virtualization interface. The Service is based on functionality intrinsic to the integrated Third-Party Products and Services of the VMware software package, which partner of CloudFire, which allow the visualization of servers (“vSphere® Hypervisors”), network (“NSX®”) and storage (“vSAN®”), in accordance with the specific VMware terms and conditions currently in force. All Third-Party Products and Services in the VMware software package (which constitutes a visualization interface) are hosted on resources managed directly by CloudFire.
• Virtual Machine Encryption. VM Encryption uses an internal feature of vSphere 6.5 or later, which can be used to encrypt VM data in real time using an encryption key provided by a component external to vSphere as a Service (box encryption) or using the “Native Key Provider” capabilities of vSphere 7.0, with the objective of encrypting the data stored in the vSphere as a Service datastores. The User is responsible for managing their encryption key.
• Federation. This functionality allows users to connect a user's Lightweight Directory Access Protocol (LDAP) server to vSphere as a Service VMware to manage authentication and identification of the user's existing accounts. The User is responsible for ensuring that their LDAP server has adequate connectivity.
• 2FA (Dual Factor Authentication). The 2FA functionality provides the User with a double method of authentication when accessing the User's management interfaces. In addition to the username and password, the User needs a temporary access token to log in. The User is responsible for generating access tokens.
• A minimum number of host servers may be required to activate some features.

‍

5.3. User Obligations

‍

5.3.1. The User is responsible for the use of the Services, including the management of the keys used to manage credentials and access to the Service, the use of the APIs, software and tools provided by CloudFire, the management of subscriptions and the data that the User uses in connection with the Services. The User must have the necessary technical knowledge and skills and familiarize themselves with the characteristics of the Services before use.

‍

5.3.2. The User will be the sole administrator of the Virtual Data Centers, Host Servers and Storage Resources in his possession.

‍

5.3.3. As part of the Services, the User is the administrator of the resources for IP addresses. The User is responsible for managing these in an appropriate manner to ensure that the Service works properly. The User must have a sufficient number of IP addresses to allocate or, if applicable, to allow the hypervisor to allocate an IP address for each of its Virtual Machines. The User is responsible for the correct use of the IP address resources allocated or leased as part of the Service.

‍

5.3.4. The User undertakes to make responsible use of the Service, in particular of the allocated network resources, and is responsible for ensuring that he has sufficient resources to ensure the proper functioning of his Virtual Machines.

‍

5.3.5. The User acknowledges that, for security reasons, certain features and protocols (such as IRC or peer-to-peer file sharing) may be subject to restrictions. The use of proxies and anonymization services are strongly discouraged as part of the Service. The applicable restrictions are set out in the General Conditions.

‍

5.3.6. Business Continuity. Unless purchased separately, the vSphere as a Service does not include a Business Continuity Plan (“BCP”) or Disaster Recovery Plan (“DRP”). The User can order the service in different Data Centers, which will provide resources in different risk environments. The User must therefore take the necessary technical and organizational measures to ensure the continuity of their business activity in the event of a serious malfunction that could affect the availability, integrity or privacy of their Service. The User can purchase Disaster Recovery as a Service (DRaaS) solutions through the Cortex Platform.

‍

5.3.7. Backup. CloudFire does not undertake to back up User data hosted on the Vpshere a Service. It is therefore the User's responsibility to take all necessary measures to back up their data in case of loss or damage to the shared data, for any reason, including data not expressly mentioned in these Service Sheets.

‍

5.3.8. The User undertakes not to customize the cluster settings and undertakes to keep the use of resources below the high reliability threshold specified at the time of the offer. Any tampering with these settings may compromise the integrity of the data.

‍

5.4. CloudFire Obligations

‍

5.4.1. CloudFire makes available to the User a series of configurations, the descriptions of which are available in the Order. The selection of products determines the functionality that can be accessed on the vSphere as a Service as well as the performance levels.

‍

‍5.4.2. CloudFire's role is limited to infrastructure maintenance operations and responsibility for the energy supply and network connection of vSphere as a Service.

‍

5.4.3. The vSphere as a Service bandwidth is limited to a maximum data transmission rate specified in the product. Public bandwidth depends on the product.

‍

5.4.4. The Host Server product line and the selection of vSphere as a service products determine the accessible functionality, as well as its performance.

‍

5.5. Updates

‍

5.5.1. As part of the Services, CloudFire updates the Infrastructure with Scheduled Maintenance. During this scheduled maintenance, the host servers will be updated. If the vSphere as a Service environment is sized with sufficient compute and storage resources to allow automation to restart the host servers securely, CloudFire will restart the host servers so that they are updated without downtime. If the environment is not sized to allow the automation to be safely restarted, the User must restart the Host Servers within one (1) month after installing the new build. If the restart has not been performed, the automation will proceed automatically after thirty (30) days have elapsed. Restarting will not be able to enter host servers in maintenance mode, and restarting will create downtime. For the avoidance of doubt, such downtime is excluded from any applicable SLA calculations.

‍

5.5.2. There are three (3) types of Maintenance operations that CloudFire can perform.

‍

1. Emergency changes for critical events. This type of Maintenance is defined by updates, patches, and/or changes to the infrastructure, hardware, firmware, software, or any other component. The consequences of not applying such foods could include:

1. loss of compliance with security certifications;
2. endanger the security and stability of the system;
3. exposure to critical vulnerabilities;
4. loss of service to a larger customer base;
5. loss of data (By CloudFire or by the User).

Once CloudFire becomes aware of the issue with a clear understanding of the impact and has an analysis/validation from its security teams, the relevant information is shared with the User, indicating that CloudFire is working on a solution. Within a few hours of this first communication, the User is informed of the process that will be followed, of when and how it will be applied to the environment, of the actions to be taken and of the level of impact for the User, which ranges from a minor impact on a certain component to a greater impact with the consequent interruption of one or all of the components.

‍

Given the impossibility of predicting how many critical vulnerabilities will be revealed at any given time during a calendar month, there is no limit to the number of emergency modification activities to be performed. Due to the critical nature of the activities to be carried out, these can be carried out at any time during the calendar month. In cases where CloudFire relies on the provider to provide a patch or fix, CloudFire will need to extend the repair period to include the time required by the manufacturer.

‍

2. Standard. These maintenance activities are not critical or urgent in nature. They are of medium critical nature and can only be applied to the User or to the entire company, but they do not pose a security problem or a risk of loss of compliance. They will be notified to the User at least seventy-two (72) hours in advance. These activities may or may not trigger downtime, but it is recommended that the User make arrangements in advance to avoid possible downtime. The Change Advisory Board (a body within CloudFire) must approve these changes.

‍

3. Routine. These activities have little or no material impact that will result in a loss of service for the User. They may have a level of criticism that ranges from low to high. The User will be notified at least seventy-two (72) hours in advance. These tasks will be subject to approval of the Advisory Committee's appropriate procedure for changes. There is no limit to the number of tasks that can be performed.

‍

5.5.3. Since maintenance is an indispensable element for the maintainability and stability of the Service, it is important that the User does not add configurations to their Infrastructure that could hinder maintenance processes. In this case, CloudFire (a) will not be responsible for the consequences of such configurations or their changes in accordance with the provisions of this paragraph, (b) will not be required to pay service credits if the Service is unavailable for the period during which CloudFire was unable to perform maintenance operations, and (c) will inform the User by e-mail or telephone that a configuration is blocking maintenance actions, and will request that the configuration be removed within seven (7) days. If after seven (7) days the configurations are not removed, CloudFire is authorized to remove the configurations and carry out maintenance, informing the User that the configurations have been modified.

‍

5.5.4. During maintenance, some actions may result in hot changes to the infrastructure, such as moving virtual machines to host servers. CloudFire will inform the User of the actions taken on the infrastructure via email or on the service status page. If the actions cause instability in the User's production and it is determined that the User's production is not compatible with the hot actions, CloudFire cannot be held responsible for the impact of the service on the User's production.

‍

5.5.5. CloudFire provides updates for the various software components that enable the provision of the vSphere as a Service service, including VMware vCenter, VMware NSX, VMware vROps, Veeam Backup Server and Zerto. The updates made are those published by the various software publishers, in accordance with the Terms of Use of third-party products currently in force. VMware component updates may result in automatic updates to the ESXi hypervisor.

‍

5.5.6. However, in the event of a significant change in the software component (for example, the transition from VMware NSX-V to VMware NSX-T) and/or where the implementation has a definitive impact on the User's production, the responsibility for implementing the production would be borne by the User and the upgrade could result in a change in the price of the Service.

‍

5.5.7. With regard to ESXi installations on the User's host servers, CloudFire will inform The User. The User is responsible for directly managing minor updates (patches) of ESXi. Therefore, CloudFire encourages the User to regularly check for updates with the VMware publisher. For this purpose, the User can use VMware's VUM (Virtual Update Manager). CloudFire is not responsible for any malfunctions of the Service resulting from Hypervisor updates installed by the User. In the same way, the User is responsible for the failure to apply updates or upgrades to the Hypervisor.

‍

5.5.8. In the event that the User rejects an upgrade provided by CloudFire, the User will not receive improvements to the virtualization interface or new functionality. CloudFire reserves the right not to maintain or make improvements to previous versions of the Hypervisor. The User may be required to switch to a later version of the virtualization interface to ensure effective operation of the Service. The previous versions of Hypervisor are intended as two main versions behind the most recent one provided by CloudFire. In addition, when the User's failure to apply an update represents a security risk (of the User, CloudFire and/or third parties), CloudFire reserves the right to limit or suspend the Service against the User. CloudFire will promptly inform the User, if appropriate.

‍

5.6. Lifecycle Management

‍

CloudFire will announce within six (6) months after the launch of a new generation of Services the specific dates for the end of sales, support and duration for the previous generation of the Service

‍

5.7. Duration of services and economic conditions

‍

5.7.1. The service has contractual constraints present in the Order

‍

5.7.2. The products purchased determine the capacities and the relative prices.  

‍

6. vSphere as a Service

‍

6.1. Description of the service: The Service allows the User to save data and/or files already protected by the User using the Veeam Backup & Replication Software. Through the Cloud Connect functionality, the User will create a backup copy of the above-mentioned data online, in a protected mode, on a remote “server”.

‍

The security and confidentiality of the data transfer is guaranteed through the application of a special cryptographic protocol.

‍

The storage on the remote “server” of the above-mentioned data and/or files also requires that the local and remote copies are synchronized with each other, so the changes of the said data and/or files from the User Directory will be saved on the remote backup copy.

‍

During the “retention period” it will be possible to restore wrongly deleted or modified data and/or files.

‍

6.2. User Obligations

‍

6.2.1. The characteristics of the service and the operating methods of delivery and use by the User are those selected by the User at the time of activation. The User can operate the software through remote access. CloudFire will provide the User with codes for accessing the Platform. However, the User is required to change their passwords the first time they log in and to keep them with the utmost confidentiality.

‍

6.2.2. It is the User's responsibility to configure the encryption key of the backup repository to ensure confidentiality. This key is known only to the User and cannot be retrieved by CloudFire. Its loss will make it impossible to decrypt the data saved on the cloud.

‍

6.2.3. The User may at any time change the performance characteristics of their service by purchasing a different offer through the Cortex Platform.

‍

6.2.4. The User must verify the compatibility of the User's software with the Cloud Connect functionality and ensure proper operation.

‍

6.2.5. For the avoidance of doubt, the obligations established in this section do not relieve the User of the obligation to protect their data.

‍

6.3. CloudFire obligations.

‍

6.3.1. CloudFire makes available to the User a series of configurations, whose descriptions are available in the Cortex Platform or in the Commercial Offer.

‍

6.3.2. CloudFire's role is limited to infrastructure maintenance operations and responsibility for the provision of data storage capacity and the network connection of the Veeam Cloud Platform service.

‍

6.3.3. CloudFire reserves the right to temporarily limit the User's use of the Veeam Cloud Platform service when infrastructure capacity is insufficient.

‍

6.3.4. CloudFire is in no way responsible in the event of a loss of data or a malfunction of the Backup Jobs. It is the User's obligation to monitor the progress of the backup.

‍

6.3.5. CloudFire is responsible for updating the Veeam software to the latest available version and is not responsible for incompatibility with the software installed by the User.

‍

6.4. Duration of services and economic conditions

‍

6.4.1. The Service can be purchased directly from the Cortex Platform or through a Commercial Offer.

‍

6.4.2. The products purchased determine the quantity available

‍

6.4.3. Based on contractual agreements, there may be a Minimum Duration of Use of the Service. The User, through the Cortex Platform, has the possibility to purchase and modify the space purchased, with the billing that takes place monthly. However, in the case of different commercial agreements, additional constraints or specific conditions may apply, such as the duration of the Contract or other billing methods.

‍

7. Talky Time Direct Routing

‍

7.1. Service Description: This Service offers the possibility of connecting your Microsoft Teams user directly from your business telephone number or company switchboard using Voip technology. The Service uses Licenses Microsoft that must be activated before the application is installed.

‍

7.2. User Obligations

‍

7.2.1. Prepare the necessary licenses for the use of the features. The licenses are indicated within the Cortex Platform.

‍

7.2.2. It is the User's responsibility to leave intact the configurations made within Microsoft Teams. Any configuration change may compromise the proper functioning of the service.

‍

7.2.3. The User may at any time change the performance characteristics of their service by purchasing a different offer through the Cortex Platform.

‍

7.2.4. The User must ensure that the network configuration is suitable and supported for connection to the control unit and/or telephone operator.

‍

7.2.5. The User chooses the region in which to activate the service and there is no control over the quality of communication between the region and the User's Microsoft tenant.

‍

7.3. CloudFire obligations.

‍

7.3.1. CloudFire makes available to the User a series of configurations, whose descriptions are available on the Cortex Platform or in the Commercial Offer.

‍

7.3.2. CloudFire's role is limited to infrastructure maintenance and proper operation with the latest version of Microsoft Teams.

‍

7.3.3. CloudFire keeps the application updated to support Microsoft Office365.

‍

7.3.4. CloudFire reports within the Cortex Platform any erroneous configurations that may compromise the proper functioning of the Service;

‍

7.4. Duration of services and economic conditions

‍

7.4.1. The service from the portal can be purchased in “Pay as you go” mode defined by the number of users connected to the system;

‍

7.4.2. It is possible to purchase dedicated regions with different billing methods and different commitments;

‍

7.4.3. For the Pay As You Go mode, there is no minimum duration of use;

‍

8. Professional Services

‍

8.1. Description of the Service: CloudFire provides, through prepaid packages of hours, design and system consulting services to the Contracting Party, at the express request of the latter.

‍

Professional Services are intended exclusively for technical and specialized consultancy activities related to CloudFire Services, or to activities that go beyond the normal scope of standard technical support. This area includes, by way of example: advanced analysis, optimizations, design activities, support during migration or integration, and any other activity that requires specific technical skills in relation to CloudFire Services.

‍

CloudFire reserves the right to refuse requests that fall outside its scope of technical expertise or that are not directly related to the Services provided by CloudFire.

‍

The provision of the Service takes place upon prior purchase of a number of hours through a Commercial Offer and/or through the Cortex Platform. The use of the hours purchased is subject to the opening of tickets, in which the methods of intervention will be defined and the expected hourly consumption estimated. The number of hours will be progressively scaled based on the time actually spent.

‍

Requests for intervention must be submitted by opening a ticket on the Cortex Platform or by e-mail to help@cloudfire.it.

‍

8.2. User Obligations:

‍

The User undertakes to:

• Make clear, complete and detailed requests at the time the ticket is opened;
• Promptly provide all the information and data necessary for the provision of the Service;
• Actively cooperate with CloudFire's technical staff, facilitating access to the systems and resources involved;
• Use the Services only for the purposes set out in the contract and in compliance with current regulations;
• Monitor the consumption of the available number of hours and periodically check the remaining balance;
• Indemnify and hold CloudFire harmless from any malfunctions of Third Party Products and Services as a result of requested intervention on CloudFire-only Services.

‍

8.3. CloudFire obligations:

‍

CloudFire is committed to:

‍

• Provide the requested services in compliance with the times and methods agreed through the tickets, within the limits of their skills;
• Provide qualified technical personnel with skills appropriate to the nature of the request;
• Document the interventions carried out and provide timely reports on the use of the number of hours;
• Promptly communicate any significant changes that may affect the correct provision of the Service;
• Ensure the confidentiality of the information and data processed during the activities;
• Refuse, where necessary, the provision of the Service for activities that are not consistent with the scope of the CloudFire Services or that require skills not present in the team.

‍

8.4. Duration of services and economic conditions: The Service is available until the number of hours purchased is exhausted or until the deadline indicated in the Commercial Offer. The hour packages are valid for 12 months from the date of activation, unless otherwise indicated by contract.

‍

The economic conditions (hourly cost, discounts, any increases for urgencies or non-standard hours) are detailed in the Commercial Offer and are considered accepted when the package is purchased. Any extra hours or requests not included in the package will be quoted in advance.