Position description
for the PatOrgCloud
Die deutsche Version finden Sie hier: https://eitiecloud.de/positionsbeschreibung/patorg/
PatOrgCloud – Model I – shared hardware-environment
PatOrgCloud – Modell I – anteilig genutzte Hardware-Umgebung
Operation of a PatOrgCloud solution based on shared hardware. Customers use part of the PatOrgCloud systems. The separation of different systems is done by logical separation e.g. on network or virtualisation level. Customer-dedicated separation of server hardware does not take place.
In addition to the customer’s own virtual server solution, individual or several products and services of the central PatOrgCloud can be supplemented proportionally. Examples of these are:
• — Server and network hardware
• — Active Directory services
• — Exchange services
• — SQL services
• — File services
• — Sync services
• — Multi-factor authentication (2fa / mfa)
• — Firewall and routing services
• — …
• — see service contract
• Definition of “high availability”:
• — All server systems run virtually and therefore have no fixed hardware commitment. In the event of a hardware defect, the virtual server can be started on another hardware within a short time. The time required for this depends on the size of the server, as moving the virtual machine to another hardware takes most of the time until recovery.
• — Individual servers can (optionally, see contract) also be operated on an always-on hardware cluster. This means that several physical devices are responsible for a virtual server at the same time. In most cases, a hardware defect does not mean a failure of the virtual server, but only a reduction in system performance.
• In the case of shared resources (often referred to as “shared system environments” by the licensor), many licensors (e.g. Microsoft, Oracle, Citrix, VMware, Veeam, Cyren, Julia, Mailstore, etc.) insist on licensing models for service providers (CIS is a service provider) that are specifically designed for shared system environments. In these licence models, CIS will provide customer-specific PatOrgCloud solutions with appropriate licences. These licences are listed separately. The licensing conditions of the licensor always apply.
• Storage and operation of the productive data in the access-protected, access-documented high-security data centre in accordance with ISO 27001 certification.
• Data storage of all systems:Produktive Serversysteme und Daten:
o In the high-security data centre
Housing certification ISO 27001
QM certification ISO 9001)
- Security: storage and operation in secondary data centre
o In the secured data centre, approx. 10km away
o DSGVO-compliant, with at least
Access control
Access control
All backups are protected against unauthorised access.
- Backup: Offline and office storage
o Storage in a further fire compartment
in a third-party data centre, all data and devices encrypted according to AES standard
OR in a safe (S60P standard), also encrypted according to the AES standard.
The Customer does not expect CIS to provide consultancy or support for the applications operated unless these are explicitly listed in the service agreement with the corresponding scope of maintenance or support. CIS shall take care within the scope of its possibilities and competences, but reserves the right to call on the assistance of the software provider or the software’s supervisor if necessary. The Customer shall ensure that an appropriate maintenance contract is in place with its applications.
If a system fails, CIS shall react as quickly as possible, at the latest within one working day, by restoring the server environment.
Upgrade: Model II – Dedicated hardware environment
Upgrade: Modell II – Dedizierte Systemumgebung zur Miete
Based on “Model I” — but with the following changes:
the virtual servers provided to the customer are operated on dedicated (only for the customer) hardware systems. CIS takes care of the hardware and installs and maintains the server environment and the connection to it on behalf of the customer.
For all systems used by the customer on dedicated hardware, there is more freedom in the choice of licensing. This form of operation becomes necessary if a customer wishes to bring in licences that prohibit operation within shared system environments. The combination of licensing models chosen in each case can be seen in the respective service agreement. If a customer brings in his own licences, the PatOrgCloud team installs them as part of the fulfilment assistance. The responsibility for licensing remains with the customer.
The choice of licensing models does not affect the contractual obligations (e.g. regarding functionality and maintenance) of CIS. For example, it is the case that CIS considers itself responsible for Windows updates of server environments even if the licence used for this is owned by the customer. Ownership therefore does not affect the service relationship.
If the customer brings in server licences, CIS is bound by licence limits on the part of the customer. If, for example, further server capacity is required, CIS can only provide this if sufficient licences are available. CIS can and will approach the customer in the event of growth of the operated environment or increase in requirements and request corresponding extensions or renewals for licences. The parties are aware of the need to work together on this. This is because hardware provision is the responsibility of CIS, but software provision may be the responsibility of the customer. The customer shall provide all licences and licence models brought in with the maintenance contract desired or required by him on his own responsibility. The responsibility for correct licensing of licences brought in lies and remains with the customer.
If service provider rental models are obtained via CIS, their correct application shall be the responsibility of CIS.
Operation & Deployment PatOrgCloud standard-configuration
Betrieb & Bereitstellung PatOrgCloud standardisier
This position represents the service part in addition to the hosting model as a monthly fixed cost position. It contains:
• — Set-up of your PatOrgCloud solution commissioned from us.
• — Provision of your programmes within your PatOrgCloud working environment before going live.
• — Provision of network drives and file storage (shared drives in your PatOrgCloud working environment with individual access rights).
• — Installation of those programs which are operated in your PatOrgCloud working environment in cooperation with you, your software supplier or the third party with whom you have concluded the software maintenance contract. We call these programmes “primary software”. Please note that you may incur costs on the part of third parties. These will not be borne by us.
• — Involvement of the key employees requested and defined by the customer with regard to setting up the individual PatOrgCloud and moving into it.
• — Checking of the new, finished PatOrgCloud for completeness with the inclusion of the key employees.
• As soon as the environment is used by you and/or your team, the following additional services are included:
• — Maintenance of the PatOrgCloud server environment and monitoring of regular processes.
• — Maintenance of the primary software (if necessary with the software supplier), this also includes monitoring and, if necessary, carrying out software maintenance work
• — Maintenance of the operating system environmentUpdates der Server- und Betriebssystem-Umgebung
• Updates to the maintenance of the tools operated free of charge as required.
• Ongoing maintenance and development of the PatOrgCloud
• Operation of Microsoft Active Directory services for authorisation control and automation
• Operation and maintenance of terminal server gateways for access from mobile devices
• Operation of an internet surf proxy for secure internet access of servers in the PatOrgCloud
• Virus protection for all servers in the PatOrgCloud for employees and data
• Scripting environment for individual automatisms. This way you can decide to which employee the different programmes, printers, data or other contents are made available.
• Automatic backup for all content brought in
• Firewall-based three-layer security concept of the PatOrgCloud
• Shielding of your data or network data flows via “vLAN
• If you do not choose the “Upgrade: Model II”, you have the following restrictions:
• No project management (but rolling out the PatOrgCloud server solution according to our, established and well working standard).
• No appointment at your premises. However, we will support you in moving into the PatOrgCloud by telephone and, if necessary, by remote maintenance
• No networking of locations possible (no WAN, no VPN)
• No monitoring possible to check critical services of resources at the customer’s location (Internet, PCs, routers, scanners and other equipment).
• No on-site support when moving into the PatOrgCloud
Upgrade: Individualisation of the PatOrgCloud incl. migration project
Upgrade: Individualisierung der PatOrgCloud inkl. Migrationsprojekt
If you want individual project management or already existing data and programmes are to be taken over by the PatOrgCloud project team, you will probably need this upgrade.
- Detailed project management taking into account all EDP contents, locations and partners.
- Integration of all listed locations into your PatOrgCloud, e.g. via VPN.
- On-site support at all customer locations during the move into the PatOrgCloud incl. a time-optimised migration process to minimise downtime during the changeover. We also support you in moving your existing data and content to the PatOrgCloud.
When moving from your existing server environment to PatOrgCloud, we will likely need support from your programme maintainers or software consultants. You may incur costs independent of us in this process. These are not included in this position.
Sites with VPN-Access to PatOrgCloud
Standorteinbindung mit VPN-Zugriffsmöglichkeit auf die PatOrgCloud
CIS uses the customer’s existing connection including the customer’s existing router firewall to establish a connection with the PatOrgCloud data centre. For this purpose, CIS only provides the IPSec dial-in data. The dial-in via an IPsec-capable device is the responsibility of the customer. This connection can also be used, for example, to automate printers and devices, manage authorisations or monitor the availability of hardware and services.
Upgrade: Access to PatOrgCloud per VPN inkl. router-hardware
Upgrade: Zugriff auf PatOrgCloud per VPN inkl. Router-Hardware
CIS uses the customer’s existing connection to set up a router firewall that connects the customer’s location directly to the PatOrgCloud data centre. This connection can be used, for example, to automate printers and devices, to manage authorisations or to monitor the availability of hardware and services. In order for this connection to work technically, an internet connection with “FIXED IP” must exist on the customer side. If there is an Internet connection with a changing IP address, this can be changed at most providers (Internet service providers, ISP).
User-Account base (providing, management, documentation, reporting)
Benutzerkonto Basispreis (Betrieb, Verwaltung, Doku, Reporting)
regardless of which services are used, each user account incurs expenses for operation, documentation and reporting. This operating expense is quantified here. The different types of such user accounts are described below. This item is mandatory for the following user items.
Upgrade: Service-hotline for inquiries within PatOrgCloud-Cloud
Upgrade „Service-Hotline für PatOrgCloud“ je Benutzerkonto
CIS shall provide all employees of the customer with a telephone hotline for EDP problems and questions within the PatOrgCloud. The processing of orders reported by the customer or by automatic monitoring is recorded and charged per quarter hour or part thereof. If applicable, available quotas or hotline flat rates are taken into account. If this item is selected, there is a “hotline flat rate”. All employees receive unlimited help from the PatOrgCloud customer service. This also includes all maintenance and updates of the server environment incl. the programmes installed there.
Many primary applications are carried out by a third party (e.g. software provider). The technical support and personal monitoring as well as the recording/documentation of these sessions is also included. We do not assume any liability for the correctness of the actions of a third party, but we are continuously available by telephone during the joint sessions. We are even happy to be in contact throughout (e.g. via remote sessions or by telephone).
This flat rate is not intended for questions and problems that arise within the hardware components located at the customer’s premises or within the customer’s network (LAN). Also excluded are assignments outside the office hours of PatOrgCloud, on weekends or holidays at the location of CIS (Karlsruhe/Baden Württemberg).
Upgrade: Service-hotline for inquiries relating to client-devices
Upgrade „Service-Hotline für Kunden-Hardware“ je Benutzerkonto
By optionally commissioning the “Service Hotline for Local Hardware”, flat rates and quotas are also taken into account for questions and problems that arise within the hardware components located at the customer’s premises. CIS reserves the right to limit the processing time of such a service case to 2 hours. CIS will then stop work if necessary and submit an offer or proposal.
Virtual desktop on PatOrgCloud per user-account
Anmeldung an Desktops der PatOrgCloud je Benutzerkonto
An Active Directory-based login account. This regulates the access or login rights of user accounts to resources of the PatOrgCloud. E.g. to which servers, programmes, data, prints, mails, contacts or calendars employees are allowed to log in or e.g. whether the right exists to access the customer’s own PatOrgCloud via mobile devices. This item is conditional on the item “User account basic price”.
- Incl. central authorisation management
- Incl. set-up according to the customer’s wishes
Incl. test and start-up together with the employee concerned.
Depending on the software used, licences from third parties may be required (e.g. Microsoft or a provider of your primary software). These are not included in this position.
User cancellations and commissions that are reported/cancelled/commissioned less than 5 days before the end of the month cannot be taken into account in the invoice as of the following month. Because:
1. we have to implement it, sometimes we don’t get to it right away. We do not consider the commissioning of new users or the termination of existing users as “operationally critical” but as a “change order”. This makes it less urgent than, for example, a hanging primary programme.
2. We owe the licensors — e.g. Veeam, VMware, Microsoft, ProxMox — monthly reports. These reports must be created and checked at the end of the month. Everything that is ordered after this date will only find its way into the reports in the following month and thus into your invoice.
Account for cloud-services of the PatOrgCloud
Anmeldung an Cloud-Diensten der PatOrgCloud
A login account managed or operated by PatOrgCloud to a cloud or portal service. This includes logins to large hyperscaler clouds such as Microsoft Azure, Microsoft M365, Amazon Web Services (AWS), email or synchronisation servers. The exact scope of services is described by the selection of the cloud service. This item conditions the item “User account base price”.
Upgrade 2FA: mobile Access secured by two-factor-authentication
Upgrade 2FA: Mobiler Zugriff mit 2 Faktor-Authentifizierung
When a user logs on to the terminal server from outside the company network, he or she receives a push confirmation on the corresponding smartphone app before access. Only when this request has been confirmed can the connection to the terminal server be established. Technical example:
1. factor:
o Server connection settings
o User name and password
2nd factor:
o Push notification to an app within an approved (e.g. mobile) terminal device.
o The approval of a mobile end device for the reception of two-factor requests is done exclusively after written instruction by the customer and exclusively by the PatOrgCloud service team.
Provision and operation of virtual PatOrgCloud-terminalserver
Betrieb und Pflege PatOrg je Desktopserver (Anzahl)
CIS operates the listed software on a Microsoft terminal server environment on behalf of the customer. A valid maintenance contract as well as usage rights of the customer within a hosted environment are accepted and assumed by CIS. The listing shows those primary programs which the customer brings into the PatOrgCloud and which are subject to the service level agreements. According to them the technical basis of the PatOrgCloud solution is primarily aligned. We assume that the majority of the employees will use this primary software and therefore provide sufficient system resources.
If new software is required at a later stage, CIS will check it for compatibility and dependencies beforehand. Before installation, a compatibility check with the PatOrgCloud solution on the one hand and with other programmes you use on the other hand is necessary. This may incur additional costs.
At the customer’s request, we also carry out programme updates or support a third party (e.g. your software maintenance partner) with their maintenance work.
Operation of additional primary application (applying SLAs)
Betrieb und Pflege weiterer Primär-Software (Anzahl)
CIS operates the listed software on a Microsoft terminal server environment on behalf of the customer. A valid maintenance contract as well as usage rights of the customer within a hosted environment are accepted and assumed by CIS. The listing shows those primary programs which the customer brings into the PatOrgCloud and which are subject to the service level agreements. According to them the technical basis of the PatOrgCloud solution is primarily aligned. We assume that the majority of the employees will use this primary software and therefore provide sufficient system resources.
If new software is required at a later stage, CIS will check it for compatibility and dependencies beforehand. Before installation, a compatibility check with the PatOrgCloud solution on the one hand and with other programmes you use on the other hand is necessary. This may incur additional costs.
At the customer’s request, we also carry out programme updates or support a third party (e.g. your software maintenance partner) with their maintenance work.
Operation of additional secondary application (without applying SLAs)
Betrieb und Pflege einer Sekundär-Software
CIS operates the listed software on a Microsoft terminal server environment on behalf of the customer. A valid maintenance contract as well as the customer’s rights of use within a hosted environment are accepted and assumed by CIS. The listing shows those secondary programs which the customer brings into the PatOrgCloud.
In contrast to “primary software”, secondary software is not subject to our SLAs (Service Level Agreements). Therefore, you as a customer have no special right to “fast response times”. We also maintain “secondary software”, but only within the scope of technical necessity. In the case of errors, we will of course take care of them, but we do this as a secondary matter. The technical basis of your PatOrgCloud solution is NOT aligned with the secondary software.
We therefore recommend that you order any applications that you need either “mission-critical” or for many “employees” or with “reliable performance” from us as “primary software”.
Provision and operation Microsoft Office
Betrieb von Microsoft Office
Provision of the programme group “Microsoft Office” on a desktop of the PatOrgCloud. The customer decides which parts of the Microsoft Office suite are provided. Available, depending on the version, are e.g.Microsoft Word
• Microsoft Excel
• Microsoft Outlook
• Microsoft PowerPoint
• Microsoft Publisher
• Microsoft Access
Provision and operation of virtual PatOrg-App-Server incl. database
Betrieb virtueller Terminalserver inkl. PatOrg “Produktion”
A terminal server provides Windows desktops for several users, i.e. it is the technical basis for the item “Login to desktops of PatOrgCloud”. Here it is irrelevant on which operating system basis the server functions. This item contains in particular
- Installation and integration
- Installation or support of the installation of the desired software
- Microsoft licensing if required
- Virtualisation / high availability
- Monitoring and maintenance (including Windows updates)
- Integration of the server into the existing backup concept
- Monitoring and maintenance of user profiles
- Backup of user profiles and their documents
Provision and operation of virtual PatOrg-App-Server incl. database
Betrieb PatOrg-Anwendungs-Server und Datenbank
Examples of such servers are
- Application servers for running your primary software or databases
- Web servers, e.g. for shopping portals
- Synchronisation server for mobile data entry devices
Equipment of a dedicated virtual server
- Operating system (e.g. Microsoft Windows Server)
- AntiVirus
- Virtualisation for high availability
- Integration into the existing backup concept
Depending on the software used, licences from third parties may be required (e.g. Microsoft or a provider of your primary software). These are not included in this position.
Provision and operation of virtual Server for PatOrg “development and test”
Betrieb virtueller Server für PatOrgCloud “Entwicklung und Test”
A terminal server provides Windows desktops for several users, i.e. it is the technical basis for the item “Login to desktops of PatOrgCloud”. Here it is irrelevant on which operating system basis the server functions. This item contains in particular
- Installation and integration
- Installation or support of the installation of the desired software
- Microsoft licensing if required
- Virtualisation / high availability
- Monitoring and maintenance (including Windows updates)
- Integration of the server into the existing backup concept
- Monitoring and maintenance of user profiles
- Backup of user profiles and their documents
Examples of such servers are
- Application servers for running your primary software or databases
- Web servers, e.g. for shopping portals
- Synchronisation server for mobile data entry devices
Equipment of a dedicated virtual server
- Operating system (e.g. Microsoft Windows Server)
- AntiVirus
- Virtualisation for high availability
- Integration into the existing backup concept
Depending on the software used, licences from third parties may be required (e.g. Microsoft or a provider of your primary software). These are not included in this position.
Provision and operation Microsoft SQL-Standard
Betrieb und Bereitstellung von Microsoft SQL-Standard
Microsoft’s database solution (Microsoft SQL) is provided on request when customer programmes require such a database. Microsoft SQL is “upper-layer-protocol” and therefore a Windows-based application.
Thus, one GByte of vRAM for SQL always requires one GByte of vRAM for Windows Server.
Thus, a vCPU for SQL always requires a vCPU for Windows Server.
This is relevant for operation on the one hand and for licensing on the other.
Depending on the software used, licences from third parties are required (e.g. Microsoft or a provider of your primary software). These are not included in this position.
provided performance: each GByte of vRAM
benötigte Leistung: je GByte vRAM
- More memory for existing servers
- requires “Dedicated virtual servers for your work, programmes and data”.
Depending on the software used, licences from third parties may be required (e.g. VMware, ProxMox or another server licensor). These are not included in this position.
provided performance: each vCPUs
benötigte Leistung: je vCPUs
- More computing power for existing servers
- requires “Dedicated virtual servers for your work, programmes and data”.
Depending on the software used, licences from third parties may be required (e.g. Microsoft, VMware Enterprise or another server licensor). These are not included in this position.
Further Positions:
Only the PatOrgCloud-specific items are described on this page. The PatOrgCloud
is technically based on the eitieCloud. Further explanations and descriptions can be found
here (only German version available): https://eitiecloud.de/positionsbeschreibung/