RFP part 5

Running head: RFP Response 1

RFP Response 20

XYZ Technology Services – RFP Response Part 4

Jude Akassap

Rasmussen College

RFP Response

Response to RFP Requested Information

The following sections include responses to questions from the RFP. The section numbers from the RFP have been reused to correlate the responses.

Introduction

Cloudy is a cloud hosting provider that focuses on containers. Each instance is launched in its own Docker container as a result. A service is a component of your architecture, such as a back-end application, database, queue, or cron worker.

This adds a layer of abstraction that allows you to go beyond the server or cloud idea. You can view the hardware configuration using Cloudy, but you don't have to worry about setting up Nginx or obtaining an SSL certificate. All of this is taken care of by us. As a result, Cloudy is an excellent choice when you need to quickly deploy your project.

3.5 Provider Contact

John Nick

800-125-693 Ext: 012

CIO

HostMan

[email protected]

Street 1, New York

4.1 Provider Company Overview

Cloudy is a web app and website hosting service that allows you to host any web app or website without having to manage servers, spend days setting up, or hire an entire engineering team. Connect your repository, deploy your app or website in a few clicks, and Cloudy takes care of the rest. When your app is launched, Cloudy automatically installs an SSL certificate for all of your domains and a content delivery network (CDN) to ensure that your content is delivered as quickly as feasible. As soon as you push a new commit to the repository, Cloudy automates CI/CD, pulling, building, and launching code.

4.1.1 Full legal name of the company, corporate address, phone numbers, and contacts.

List of Primary Contacts
Name of Contact	Title	Phone Number
Smith	Server Administrator	800-125-693 Ext: 013
William	Network Administrator	800-125-693 Ext: 014
Stark	Web Application Manager	800-125-693 Ext: 015
Pepper	Database Administrator	800-125-693 Ext: 016
Bruno	Software Quality Analyst	800-125-693 Ext: 017

4.1.2 Year business was established. Company history summary

Cloudy was established in August 2013. Cloudy reduces costs to DevOps teams, making it the ultimate product for your business.

4.1.3 Business or Industry focus

Our main focus is on our customers and their development. As their needs vary, so does our attention.

4.1.4 Number of people currently employed

Currently 2000 employee are working with us.

4.1.5 Income statement and balance sheet for each of the two most recently completed fiscal years certified by a public accountant

At this moment, cloudy can supply 1 year of audited financial statements for the last 8 years. Before that moment. The 9th annual audit of cloudy is presently underway, and the financial statements will be accessible after August of this year.

4.1.6 Outline of Service Offerings

Capability	Description of Service
Cloud-Based Storage	Our pricing starts at 3 TB of storage, go up to 6 TB of storage with the Plus service, and 10 TB of storage with the Enterprise Premium membership.
Bandwidth Capabilities	Unlimited
Current Number of Hosted Domains and Sub-Domains	250
Database Support	SqlLite 3.2.0
Framework Support	Node.Js
Tech Support	Online 24/7 availability
Web-Application Development	Both
Supported Languages	English, Turkish, Chinese

4.1.7 List of partnerships

Cloudy is proud to provide services through in-house capabilities; however, we will occasionally partner when strategically advantageous. A few of our partners include Godaddy, Monsters Host and Aws cloud hosting.

4.1.8 Total number of current clients.

Cloudy is currently partnering with more than 120 clients each with unique objectives and challenges they’ve partnered with Aws cloud hosting to solve each of these.

4.2 Scope of Support Capabilities

	Provider has the capability	Provider will deliver the capability through another partner? Who?	Do not provide the capability.
Website Hosting Infrastructure	X
Website Authentication Services	X
Maintenance of Industry accepted security standards (PCI-DSS Compliance)	X
Electronic payment and tracking services	X

4.3 Provider\Customer Relationship Management

4.3.1 Do you provide dedicated account management for your IT managed services relationship?

Yes, Cloudy provides an assigned account manager to oversee the website hosted services relationship. The partner manager will work with, John Nick who will continue to oversee the partnership.

4.3.2 Describe your approach to service change management. Do you use change orders to modify services?

Yes, Cloudy uses Service Change Orders to modify the scope of services we provide to our partner. Such a change order would be used to amend the contract hosted website services and would be initiated using a request form that identifies the nature of the request and requires sign-off by an authorized representative of the client partner. After reviewing the impact of the change request, Cloudy subsequently completes a proposed change order that details the impact of the service change, timing for implementation, and any associated financial impact. Both parties are required to authorize the Service Change Response form before the services are adjusted.

4.4 Managed Hosting Services

4.4.1. Provide a description of your data center hosting facilities.

The data center hosting facilities houses multiple servers as well as offices for the data organization's workers. A security staff performs continuous checks within and without the building to keep an eye on things. You will have the right credentials to enter the server room, as well as complete a two-step verification system, one of which is a biometrics. Server professionals execute checks on all servers on a daily basis and update as necessary to keep that systems are always up to the latest.

4.4.2. Provide details on number of servers and other key metrics associated with servers and storage currently hosted in data center facilities managed by Provider.

Every network infrastructure has 1000 servers, allowing it to store 450 gigabytes of data. Cloudy has ten data centers throughout the world. The organization has a storage capacity of 5 gigabytes.

4.4.3. Provide descriptions of services (e.g. Monitoring, Backup, Disaster Recovery, Security, etc.) available today under managed services offering. Include the number of clients or similar measure of the quantity of services being performed for external clients.

Cloudy provides the following services:

· Monitoring - We keep track of all accesses to and from all servers and clients' domains.

· Backup - All client files are stored in a separate business data center so that copies are not damaged if the servers go down due to an emergency. Backup generators are installed in all data centers to ensure that the facility has continual power. A UPS power backup is also included in each server room.

· Incident Management - Each data center has a detailed recovery plan that specifies which customers use the computing infrastructure and where the backup are kept.

· Physical security patrols are provided both in and out of site. Every entrance requires a key card that tracks time spent into or out of the area. To obtain access to computers and storage rooms, a two-step validation was necessary, one of which was biometric.

· Website hosting - All websites can be completely customized.

4.4.4. Provide description of available service levels.

Depending on the type of package configuration required, all customers offer the same level of support. No consumer is more unique than the next.

4.4.5. Provide options for software licensing ownership for services, particularly Microsoft server and database software licensing.

Genuine Microsoft Server 2017 is installed on all servers, and it is updated on a regular basis. Commercial licenses for Microsoft Office apps are available through Cloudy Protocols.

However, we do not offer web server license rights at this moment.

4.5 Procurement, Contract Negotiation & Asset Management Services

4.5.1. Provide descriptions of services available today under managed services offering.

4.5.2. Do you offer technology contract negotiation capabilities? Are their consortium or bulk- buying discount opportunities that you leverage for multiple clients?

4.5.3. Provide description of available service levels including sourcing financial objectives. How do you pass financial benefits, e.g. cost savings to your client?

4.6 Project Management & Support

The project leader is almost always the CIO when it comes to project management. It will depend on the nature of project to identify who will be participating. To make every component as safe as possible, all projects have restricted rights until they are completed. Everyone associated with project accepts and agrees to a non-disclosure agreement (NDA). A detailed report is sent to the customer and stakeholders when each project hits a milestone. A weekly progress report is written and provided to the customer and stakeholder to keep them informed about the project's progress. When it is accomplished and the customer is satisfied with the service the project leader stamps off on the project as completed.

Cloudy has a three-tiered support system. By using this support chain benefits all parties involved, when a customer has a problem with their product .A customer support complaint is written up and sent to the client with the cooperation of each layer. When the issue is resolved, a report is written, and a copy is sent to the customer for their information, as well as a copy to the customer's file at Cloudy.

Layer 1 -consists of the customer service desk, which is open 24 hours a day. The great majority of difficulties will be resolved at this level.

Layer 2 - The software and application teams make up this tier. These people are those who become engaged if the customer support desk is unable to fix the issue.

Layer 3- If the two previous levels of teams are still unable to fix the dispute, the CIO (Chief Information Officer) will be contacted. The CIO (Chief Information Officer) and the IT Manager become involved and resolve the issue.

Cloudy's Security Concepts data is break down to the user access levels as the tier structure utilized to resolve client complaints. Employees on the lowest level of the organization do not require the same level of access as the IT manager. Also, an accounting person does not require the same level of access as an IT technician. Employees that are higher up in the hierarchy have more accessibility to firm data. No one in the organization has complete access to all information, which is for the corporation's and the client's protection.

4.6.1. Provide example descriptions of two large technology projects that Provider has managed on behalf of its clients.

It was a huge undertaking to take on the Army Inc. project. The client required a website with many subpages and hyperlinks to various company departments. They also required a lot of data storage for the main office and all of the satellite offices. Army Inc. required a cloud solution that would allow them to share and access files from anywhere in the world especially when they had access to the internet.

Trojan Inc. required a huge website with several tabs and drop downs to reach all of the company's retail items. They also required a payment gateway for online shopping, which is linked to their website. Adding a payment processor also required linking their shipping service to the retail site.

4.6.2. Does Provider have shared resources who can provide project management services?

Cloudy has various shared resources that can be used to assist with project management. This firm will assist in laying the groundwork for the project and provide guidance on what is required and what the customer should do to ensure success.

4.6.3. Would Provider have available ad-hoc technology resources for technology projects? How would you allocate time for project services versus operational managed services for resources dedicated to the XYZ Technology Services account?

Cloudy does not support ad-hoc resources since it is not in the company's best interests because a last-minute project can be rushed and fall short of what the client actually need or desires. The time allotted for project services is based on a time frame specified during planning phase. The time allotted to operational management system is based on what is required and where it is required.

Scope of Services

5.1 Required Services

Cloudy security concepts leverages cloud-based data center hosting services through Azure. The data center infrastructure will be generated within virtual environments on existing physical appliance used by the cloud-based provider. Costs will be detailed in the pricing section below.

Pricing

Initial Website Hosting and Development	Year 1	Year 2	Year 3
Dedicated Virtual Appliance Yearly Cost
Website Development		NA	NA
Website Deployment to the Internet		NA	NA
Backup/Restore Services
Antivirus Protection Services
Account Administration including: Change Management, Maintenance, Patching, Upgrades, Problem Management, Reporting, and Performance Monitoring
Total

5.2 Scope of Services

1. Version 6.0 EP 05 of VMware ESXi using the VMWare management system.

2. Administration of the servers is regularly monitored, with patching upgrades occurring on the systems each 4th Friday of every month from 12am – 6am. If emergency changes are necessary based on risk, communication will be sent out to the customer representative and a reasonable maintenance window will be established.

3. Microsoft Azure provides cyber security for hosted websites, with Microsoft and Cloudy Security Concepts continuing to monitor them.

4. Backups occur on the system every 15 minutes internally, and then are stored to a backup server each evening from 10pm – 12am.

5. Antivirus software is installed on each server where the server role accommodates such installation. Understanding in some cases database servers do not function correctly when active antimalware is installed on the virtual device.

6. Change management is controlled through a change control board, and any changes affecting the production environment of the hosted website, notification of the change control boards review will be delivered to our partners prior to any changes occurring.

7. Monthly reporting will be supplied to each partner, and performance monitoring is on-going with alerting setup in the event there are any outages, a support buzzline is established, along with notification to all partners.

5.3 Network Bandwidth

Based on the data supplied within the RFP, Cloudy recommends the use of at least 100MB of its existing 10GB bandwidth. The use of bandwidth within our environment is dynamic and if the need arises that our organization has a need for additional bandwidth it is provided on-demand.

5.4 Disaster Recovery

Introduction

This Disaster Recovery Plan (DRP) compiles all of the facts on Cloudys’ ability to resist a disaster, as well as the procedures to be followed to achieve disaster recovery, into a centralized location.

Disasters are defined as follows by Cloudy Security Concepts:

· One or more critical systems stop working.

· Although the building will be unavailable for a prolonged period of time, all systems within it are operational.

· The structure is up and running, but all of the systems are broken.

· The structure and all of its systems are inoperable.

The following occurrences may cause a disaster:

· Pandemic of fires and flash floods

· Outage of Electricity

· War

· Theft

· Attack by Terrorists

Purpose of Recovery Plan

It should be noted that in the event of a calamity, Cloudy's first concern is to prevent the loss of lives. Cloudy will ensure that all employees, as well as any other people on the organization's facilities, are secure and safe before taking any secondary precautions. After all persons have been transported to safety, Cloudy Security Concepts' next objective will be to implement the measures indicated in this DRP to promptly return all of the institution's teams and departments to business as usual. This includes the following:

· Keeping the company's resources, including as hardware, data, and physical IT assets, safe.

· Keeping IT downtime to a minimum

· Maintaining business operations in the case of a catastrophe

Scope of recovery plan

The Cloudy's DRP takes into account all of the following factors:

· Servers for Network Infrastructure

· Storage Space and Back - up Systems Infrastructure

· Telecommunication System

· Devices for Data Output

· Computers for end users

· Database Systems Organizational Software Systems

· Information Technology Documentation

· Portable Electronics

Changes and Version Details

This is where you'll keep track of all the modifications, adjustments, and updates you make to the DRP. It is the Disaster Response Lead's obligation to keep all present versions of the DRP up to date. When the DRP is modified, Cloudy needs that the version number be updated to reflect the change.

Teams and Responsibilities

Different groups will be required to support the IT department in their efforts to restore regular operation to Cloudy employees in the case of a crisis. The following are the several groups and their responsibilities:

· Disaster Recovery Lead(s)

· Disaster Management Team

· Facilities Team

· Server Team

· Applications Team

· The Operations Team

· Management Team

· Communications Team

· Finance Team

· Data and Backup Team are all members of the Operations Team.

Cloudy compiled the lists of roles and duties in this section, which reflect the duties that team members are likely to be assigned. All of the duties listed below will be performed by members of the Disaster Recovery Team. Members of the Crisis Recovery Team may be called upon to do activities not discussed in this section in certain emergency situations.

Recovery Lead

All decisions pertaining to the Disaster Recovery operations must be made by the Disaster Recovery Lead. In the event of a disaster at Cloudy, this person's primary function will be to guide the catastrophe recovery, and all other personnel involved in the disaster recovery process will report to this person, irrespective of their division or present managers.

To make his/her judgments unbiased, every effort will be taken to keep this person distinct from the remaining of the disaster management groups; the Disaster Recovery Lead would not be a participant of other Cloudy’s Disaster Response groups.

Task and Duties

1. Be the primary point of contact for all of the DR Teams and supervise them.

2. Throughout the disaster, organize and convene frequent meetings of the DR Team leads.

3. Present the state of the disaster and the decisions that must be made to the Management Team.

4. All DRP tests should be organized, supervised, and managed, and all DRP updates should be written.

Contact Information

Name	Role	Phone Number
William	Disaster Lead	333-123-568

Disaster management team

The Disaster Management Team is in charge of overseeing the full recovery process in the event of a disaster. In the case of a disaster, they will be the first to respond. This group will assess the disaster and identify what steps must be done to restore the organization's operations.

Task and Actions

1. After the Disaster Recovery Lead has declared a disaster, activate the DRP.

2. Determine the disaster's size and category.

3. Identify which systems and processes have been harmed as a result of the tragedy.

4. Notify the other disaster recovery teams of the disaster.

5. Determine what the catastrophe recovery teams' first steps should be.

6. Keep the disaster recovery teams on track by setting objectives and goals ahead of time.

7. Keep track of all expenses incurred during the catastrophe recovery phase.

8. Ensure that all choices are made in accordance with Cloudy's DRP and policies.

Contact Information

Name	Role	Phone Number
Smith	CIO	333-123-568

Facilitates team

The Network Team will be in charge of diagnosing any network infrastructure damage and establishing voice and data connectivity, including WAN, LAN, and any internal telecommunication with the outside community.

Tasks and Actions

1. The team will decide which service providers are not operating at the primary facility in the case of a disaster that does not necessitate a migration to standby sites.

2. If different networks services are affected, the team will prioritize customer services in the manner that will have the lowest effect on companies.

3. In the standby facility, install and configure any tools, hardware, software, and systems that are required.

4. In the primary facility, install and implement any equipment, hardware, software, and systems that are required.

5. After Cloudy has returned to normal, this team will review all costs and submit a report to the Catastrophe Recovery Lead detailing their operations throughout the disaster.

Contact Information

Name	Role	Phone Number
Smith	Server Administrator	333-123-568

Server Teams

In the case of a disaster, the Server Team will be in charge of supplying the physical server infrastructure essential for the organization to run its IT activities and apps. They will be in charge of providing basic server operation and may be called upon to support other IT DR Teams as needed.

Tasks and Actions

1. Verify that system patches are kept up to date on secondary servers in standby facilities.

2. Verify that application patches are kept up to date on backup servers in standby facilities.

3. Ensure that the data backups are kept updated on backup servers in standby sites.

4. Verify that the backup servers in the backup facility are properly backed up.

Contact Information

Name	Role	Phone Number
Peeper	Server Administrator	333-123-568

Communication Team

Throughout a disaster, there will be the team in charge of all communication. They will interact with Cloudy's workers, clients, suppliers and customers, banks, and, if necessary, the media.

Roles and Responsibilities

1. Inform all Cloudy's employees about the occurrence of a disaster and the severity of the disaster.

2. Notify authorities of the occurrence of a disaster and the extent of the disaster, as required.

3. Inform all of Cloudy's partners, customers and vendors about the occurrence of a calamity and the severity of the tragedy.

Contact Information

Name	Role	Phone Number
Stark	HR President	333-123-568

Data backup Team

Cloudy's servers are kept in a biometrically secured room in the facility, with just three people having access. Access will be granted to the CEO, CIO, and IT Manager.

Two backups are kept on hand by the company. One is onsite backup using a server-style SSD disk, while the other is cloud-based backup. Except for the customer financial documents, all of the company's files are held in both locations.

Dealing with a Disaster

The first responsibility in the event of a crisis at Cloudy is to guarantee that all personnel are safe and accounted for. Following that, efforts must be made to prevent future damage to the facility and to lessen the disaster's impact on the company. Dealing with a disaster can be divided into the following steps, irrespective of whatever category it fits into:

· Identifying and declaring disasters

· Activation of DRP

· Notifying people about the disaster

· Assessment of existing and potential damage, as well as prevention of further harm

· Activation of the standby facility

· Set up IT operations

· The principal facility is being repaired and rebuilt.

Disaster Identification

Because it's nearly difficult to foresee when and how a disaster will strike, Cloudy must be ready to learn about disasters from a number of sources. These can include the following: First-hand findings,Security personnel Facilities staff ,End users .3rd Party Vendors Environmental and Security Alarms in the Primary Facility.

After determining that a disaster has happened, the Disaster Recovery Lead must proclaim the company to be in an official state of crisis. The Incident Recovery Lead must confirm that anybody who was in the primary facility at the time of the incident has been tracked for and has already been evacuated to protection in accordance with the company's Evacuation Policy during this period.

Current Damage Assessment and Prevention

After a disaster, authorized authorities must first establish that the premises are safe to open before any Cloudy’s staff can enter. The Facilities Team would be the first to inspect the primary infrastructure once it has been determined that it is safe to do so.

Within 24 hours following the original disaster, all teams must generate an initial report on the damage and submit it to the Disaster Recovery Lead. Each team must examine any places where further damage can be avoided and take the appropriate measures to protect Cloudy assets throughout their examination of their relevant areas. To secure the facilities, any essential repairs or preventative measures must be implemented; these expenses should first be accepted by the Disaster Recovery Team Lead.

Restored IT Infrastructure

This part will be resorted to regularly if a disaster occurs and Cloudy needs to use this plan. It will include all of the documentation that details how Cloudy's information system will be restored. Once the building is up and running again, the hardware can be reinstalled. The first order of business is to restore the company's files and software. Then the client files must be restored and made operational again. All consumers have been contacted and assured that the company is fully operational again.

5.5 Service Level Agreements

Most managed network solutions are designed and operated with availability service levels that exceed 99.9% availability. Non-redundant systems are offered at a lower level of availability.

Maintenance windows are pre-established to be 4th Friday of every month from 12am – 6am. If emergency changes are necessary based on risk, communication will be sent out to the customer representative and a reasonable maintenance window will be established.

5.6 Project Management and Support

As predetermined in this RFP, Cloudy will be providing project management services through the initial phase of the site development and initial hosting. If the need arises with a service change order, the determination if additional project management service will be required will be determined between both Cloudy and XYZ Technology Services.