Service Description: Amplify IT Infrastructure

The following Service Description covers the Amplify IT Infrastructure solution and its components. For a full description of our overarching Managed Services covering response time expectations, implementation/onboarding, how we provide support, limitations and client responsibilities please start here.

Overview

The Amplify IT Infrastructure Support solution is designed to provide a robust foundation for the client organization’s IT infrastructure.

Infrastructure Support services are listed below:

Service	Description
Infrastructure Monitoring & Alerting	24/7 oversight of IT infrastructure to identify and address potential issues early and provide real-time notifications on system issues.
Infrastructure Patch Management	Scheduled updates and security patches for servers and networking devices.
Cloud Email & File Backup	Secure backup services for cloud email and cloud file storage.
Firewall Management	Monitoring and maintaining firewalls to protect networks by controlling traffic based on access policies. Includes managing rules, monitoring traffic, updating software, optimizing policies, and ensuring compliance with regulations.

 

NOTE: Server Backup Service
Server Backup is a required service and is an additional monthly charge beyond the Amplify IT Infrastructure user-based pricing. The additional charges will be based on the client’s environment and the solution contracted with ITS. Server Backup Service details will be explained further in this document.

Following is a full explanation for each service within Infrastructure Support.

Infrastructure Monitoring & Alerting

ITS’s proactive Infrastructure Monitoring and Alerting service combines continuous surveillance with immediate notification to ensure your IT infrastructure remains secure and operational around the clock. By integrating advanced monitoring tools and real-time alert processes, we provide a comprehensive solution designed to preemptively identify and address potential issues before they impact your business.

How It Works

1. Components Monitored:

• • Server hardware
  • Hypervisors (Hyper-V, VMware) and virtual machines
  • Network firewalls, routers, switches, wireless access points
  • Storage systems
  • Other critical infrastructure devices as approved

2. System Configuration and Alert Setup: During the initial implementation, ITS configures monitoring tools to comprehensively track the performance, health, and security of your IT infrastructure components. Alert thresholds are tailored to the client’s specific operational needs, ensuring incident notifications are set for critical events.
3. Continuous Monitoring with Real-Time Notification: ITS monitoring systems continuously monitor the infrastructure, identifying when thresholds are breached, failure states detected, anomalies, security vulnerabilities, or potential failures. When these thresholds are crossed, real-time alerts are generated, an incident created, a support ticket created, and the Incident Management process begins.
4. Alert Prioritization and Preemptive Actions: Alerts are immediately reviewed and prioritized based on their potential impact on business operations. This ensures critical issues receive the fastest response. Based on the severity of the alerts, our team takes preemptive actions to resolve issues before they escalate, maintaining system integrity and minimizing downtime.

Return to Top

Patch Management

Patch Management is crucial for proactively maintaining the security and functionality of servers, storage, and networking devices. Our scheduled updates and security patches are carefully planned to minimize disruption while ensuring your systems are compliant and protected against vulnerabilities.

How It Works

1. Patch Identification: Our team regularly identifies and evaluates patches for your IT infrastructure components, focusing on security updates and performance improvements.
2. Testing and Approval: Selected patches undergo thorough testing in a controlled environment to ensure compatibility and minimize the risk of disruptions.
3. Customization and Exclusion: Due to discovery of compatibility or performance issues, exclusion of specific patches may be necessary.
4. Scheduled Deployment: Patches are scheduled for monthly deployment during off-peak hours or designated maintenance windows to reduce operational impact. For critical security patches, as defined by the vendor, or in response to emerging vulnerabilities, deployments may be accelerated.
5. Post-Deployment Review: Following deployment, we conduct a review to ensure patches are applied correctly and systems are functioning as expected.

Return to Top

Cloud Email & File Backup

The Cloud Email & File Backup service provides comprehensive protection for cloud-based user data, whether utilizing Microsoft 365 or Google Workspace. This solution ensures that emails, documents, and collaboration platforms like Microsoft M365 including SharePoint, OneDrive, Exchange, and Teams along with Google Suite including Drive, Calendar, Gmail, and Contacts are backed up securely, offering peace of mind and enhancing business continuity strategies.

How It Works

1. Integration with Cloud Services: The service is integrated with both Microsoft 365 and Google Workspace, covering a wide array of data sources including emails, calendars, contacts, documents, and site content.
2. Automated Backups: Backups are performed automatically ensuring continuous protection without manual effort.
3. Secure and Compliant Storage: Backup copies are encrypted and stored in compliance with leading industry standards, in cloud environments that prioritize security and data integrity, and are managed with strict least-privilege access controls.
4. Flexible Recovery Options: Data can be restored directly to its original location or redirected as needed, facilitating rapid recovery from data loss incidents and flexible data management.
5. Retention: Daily backups are retained for 90 days and then rolled up to weekly backups for the remainder of the 12-month period. Additional requirements for longer retentions for archival purposes is a separate offering.

Return to Top

Firewall Management

Firewall Management is essential for safeguarding your network by monitoring and controlling incoming and outgoing traffic based on predetermined access rules. Our service ensures your firewalls are configured, updated, and optimized to protect against evolving threats while maintaining network performance.

How It Works:

1. Firewall Maintenance: Our team updates firewall access rules tailored to your organization’s specific needs to ensure that only authorized traffic is allowed based on clients’ requirements.
2. Monitoring: Firewalls are continuously monitored for functionality and performance, with real-time alerts and analysis to mitigate potential issues.
3. Scheduled Updates: Firmware updates and security patches are applied during off-peak hours or designated maintenance windows to minimize disruption and address known vulnerabilities.
4. Incident Response: In the event of a detected threat, we provide response and remediation to minimize impact and secure your network.
5. Post-Update Review: After configuration changes or updates, we conduct a review to confirm the firewall is operating effectively and meeting security objectives.

Return to Top

Server Backup + DR

Server Backup + DR is an advanced ITS data protection service that combines daily backup services with DR features.

Below is an overview of each key feature with full details following:

Service	Description
Server Backup	Provides daily backup of client servers covered by the service.
On-premises DR Ready	Provides compute, memory, and storage to virtualize a server locally in the event of a server failure
Cloud DR Ready	Provides compute, memory, and storage resources in the cloud to support a failover in the event of a local disaster

Server Backup + DR Requirements

This service is available for Total IT and Amplify IT Infrastructure clients. ITS must have admin access to servers, hypervisors, storage, and network resources to provide daily backups, restores, and any DR failover requirements. All servers must have our agents installed.

Server Backup

Server Backup offers reliable, scheduled, and monitored server backups with offsite copies for enhanced data protection. Off-site backup copies require reliable and high-speed internet connection to send backup copies on a timely basis to the cloud.

How It Works

The process of delivering the Server Backup service follows this process:

1. Backup Strategy Assessment: We design backup jobs and retention schedules to align with your data protection requirements and objectives taking into consideration: data criticality, recovery time objectives, data capacities, backup windows, and available bandwidth. Our standard retention for backups for Server Backup + DR is 1 year. Requirements for longer retentions for archival, regulatory, or compliance purposes will require increased backup storage repositories at additional charges. The goal of the assessment is to validate backup services can be successfully implemented and there is sufficient time, bandwidth, and backup storage capacity to meet the defined backup and restore requirements.
2. Daily Backup Schedule. Our standard Server Backup + DR service includes local backup copies to an ITS Backup Appliance and an off-site backup with 1 Year retention. The retention includes 14 daily backup copies, 2 weekly backup copies after the 14 days, and 11 monthly backup copies. Requirements for longer retentions for archival, regulatory, or compliance purposes will require increased backup storage repositories at additional charges.
3. Regular Backup Execution: Backups are executed according to the defined schedule. Backup schedules can be customized to fit operational needs, data criticality, and to adjust based on available backup storage capacities.
   • NOTE: Complete backup restoration and DR testing is a more detailed process and is handled as a billable engagement. Clients interested in comprehensive restoration testing or DR testing should discuss their requirements with ITS.
4. Backup Performance Monitoring: Backup performance is continuously monitored through our management platform, with alerts set up to notify our support team of a failure or performance issue. Our support team will work to resolve issues in the event of a backup failure.
5. Backup Verification: Backups are continually validated with automated tests (integrity checks and screenshot verification) to ensure that data is accurately captured and can be restored.
6. Backup Restore Readiness: In the event of data loss, our team is prepared to execute backup restore procedures to minimize downtime and restore operations. Should a data loss incident occur, we promptly assess the situation to determine the most effective recovery method.
7. Restore Requests: In the event of a restore request, whether a file restore or a full restore, a support ticket will need to be submitted by the client by following the Support process documented in our earlier managed services overview section.

Technical Features

Below is a list of technical features of the backup service:

1. Automated Backup Scheduling: Configured backups to run automatically at specified intervals, ensuring data is consistently protected without manual intervention.
2. Incremental Backups: After an initial full backup, only changes made since the last backup are saved, reducing backup time and storage requirements.
3. Image-Based Backup: Captures complete snapshots of servers, including the operating system, applications, and data, for comprehensive recovery.
4. Offsite Backups: Backups are sent to the cloud for enhanced, offsite backup protection.
5. Immutable: Backups of data, once written, cannot be altered, deleted, or overwritten, providing defense against ransomware and accidental data loss.
6. AES 256-bit Encryption: Data is encrypted both in transit and at rest, ensuring backup data is protected against unauthorized access.
7. Bare Metal Restore (BMR) Capable: Ability to restore from backup to new, dissimilar hardware without the need for reinstallation of the operating system or applications.
8. Granular Recovery: Ability to restore individual files and folders from any backup, simplifying the recovery process for small-scale data loss.
9. Bandwidth Throttling: Manage bandwidth usage during backup processes to minimize impact on your network’s performance.  Bandwidth throttling may impact time to complete backups and replication of backup copies to the cloud.

Frequently Asked Questions

1. Can ITS provide backup retentions beyond the standard 1 Year retention period?  Yes. ITS uses the standard 1-year retentions for routine restore requests locally and to provide additional backup copies to meet regulatory and compliance requirements. We can include additional retentions at an additional monthly service amount. Based on the client’s retention requirements and the amount of data to retain, ITS will provide the client with options and pricing.
2. Is there a minimum term required for Server Backup + DR service?  Yes. The minimum term for the service is 12 months and renewals require a minimum of 12 months.
3. What if the disk utilization on backup appliance becomes too high? Utilization exceeding 70% jeopardizes the on-site DR Ready capabilities. Either a new appliance with greater disk capacity needs to be ordered, increasing the monthly charge, or an assessment of the actual backup results should be undertaken. The backup appliance is sized based on the information available at the time of order. The appliance is sized on current capacities, assumed change rates, and planned growth rates. It’s not uncommon for data to grow or for change rates to be higher. Policies can be adjusted to fit the current backup appliance capacity, or a larger appliance needs to be implemented.

Return to Top

On-premises DR Readiness

Server Backup + DR includes an ITS Backup Appliance which includes additional server capacity in the form of compute, memory, and storage to virtualize a server locally in the event of a hardware failure. Each appliance has differing amounts of compute, memory, and storage and one will be sized for the client to meet their storage capacity and DR needs. It should be noted that the local appliance will still need to have resources available to it to perform daily backup jobs and replicate the jobs to the cloud if it were to also be used as a local DR server. The failed server should be repaired or replaced as soon as possible.

How It Works

On-premises DR service follows this process:

1. DR Strategy Assessment: During the same Server Backup assessment, we design backup jobs and retention schedules with DR considerations in mind. We design the backup jobs as described in the Server Backup section. We also review the on-premises servers for their compute (CPU), memory (RAM), and storage requirements. We then can determine if the backup appliance has suitable capacity to run the existing servers in the event of a local server failure. Clients can determine if they need a larger appliance or if running in a degraded DR state is sufficient.
2. Daily Backup Schedule. The daily backup schedule provides the DR Recovery Points that will be available in the event of a local server failure.
3. Regular Backup Execution: Backups are performed as described in previous section.
4. Backup Performance Monitoring: Backup performance monitoring occurs as described in Server Backup section.
5. Backup Verification: Backups are continually validated with automated tests (integrity checks and screenshot verification) to ensure that data is accurately captured and can be restored.

• • Note: DR testing is a more detailed process than validating backups and is handled as a billable engagement. The scope of a DR test will determine the engagement. Results of the DR tests should be used to update the DR Runbook and to validate if RTO and RPO expectations should be adjusted. Clients interested in DR testing should discuss their requirements with ITS.

6. DR Restore Readiness: In the event of a local server failure, our team is prepared to execute server restore procedures to minimize downtime and recover operations. Should a disaster incident occur, we promptly assess the situation to determine the most effective recovery method. It is important to note that we will restore backups to a ready infrastructure, but the infrastructure is not included. Clients benefit greatly by developing DR Runbooks in advance to lower their Recovery Point and Recovery Time Objectives. Development of DR Runbooks is at an additional charge and these efforts are delivered by ITS Professional Services organization.

Technical Feature

Instant Virtualization: Boots a recovery point from the desired protected system as a virtual machine on the local Backup Appliance or in the Cloud.

Frequently Asked Questions

1. Is a DR Runbook included to support using the local backup appliance for DR? No but clients can work with ITS, as a billable engagement, to develop and routinely test a DR Runbook. Clients will benefit greatly from developing a comprehensive DR plan in advance of an actual event. Scenarios will have been considered in advance of an actual event so an agreed upon plan can be put into the DR Runbook. Recovery Point and Recovery Time Objectives can be considered and plans in place to meet both with a well thought out, tested, and eventually executed DR Runbook.
2. Will there be data loss if a failed server is virtualized onto the backup appliance?  Most likely yes assuming something has changed on the server since the last successful backup completed.
3. How long can a failed server continue to run on the local backup appliance? There is no limit to the time a server can continue to run on the local backup appliance. It is recommended the failed server be repaired or replaced as soon as possible and a failover to that server be scheduled.

Return to Top

Cloud DR Ready

Server Backup + DR includes Cloud resources in the form of compute, memory, and storage to virtualize servers off-premises in the event of a major failure of on-premises resources. The cloud resources that are reserved for a future DR will match the compute, memory, and storages resources available in the local Backup Appliances.

How It Works

The process of delivering Cloud DR service follows this process:

1. DR Strategy Assessment: During the same Server Backup assessment, we design backup jobs and retention schedules with DR considerations in mind. We design the backup jobs as described in the Server Backup section. We also review the on-premises servers for their compute (CPU), memory (RAM), and storage requirements. We then can determine if the backup appliance has suitable capacity to run the existing servers in the event of a local server failure. Clients can determine if they need a larger appliance or if running in a degraded DR state is sufficient.
2. Daily Backup Schedule. The daily backup schedule provides the DR Recovery Points that will be available in the event of a major on-premises disaster.
3. Regular Backup Execution: Backups are performed as described in previous section.
4. Backup Performance Monitoring: Backup performance monitoring occurs with particular focus on the replication of daily backups to the Cloud. Recommendations for additional bandwidth may be made if there is significant lag in replicating backups to the cloud.
5. Backup Verification: Backups are continually validated with automated tests (integrity checks and screenshot verification) to ensure that data is accurately captured and can be restored.
   • Note: DR testing is a more detailed process than validating backups and is handled as a billable engagement. The scope of a DR test will determine the engagement. Results of the DR tests should be used to update the DR Runbook and to validate if RTO and RPO expectations should be adjusted. Clients interested in DR testing should discuss their requirements with ITS.
6. DR Restore Readiness: In the event of a major local failure, our team is prepared to execute server restore procedures to minimize downtime and recover operations. Should a disaster incident occur, we promptly assess the situation to determine the most effective recovery method. Clients benefit greatly by developing DR Runbooks in advance to lower their Recovery Point and Recovery Time Objectives. Failover to the cloud also requires network failover requirements and it is highly recommended that the DR Runbook is developed and matured to account for these complexities. Development of DR Runbooks is at an additional charge and these efforts are delivered by ITS Professional Services organization.

Technical Features

1. Off-site Cloud Backup Copies: The backup copies of the locally backed up servers are used as the Recovery Points for the cloud DR servers.
2. Cloud Infrastructure Resource Reservations: Clients will have cloud DR resources available matching the resources in their ITS on-premises Backup Appliance.

Frequently Asked Questions

1. Is a DR Runbook included to support Cloud DR? No but clients can work with ITS, as a billable engagement, to develop and routinely test a DR Runbook. Clients will benefit greatly from developing a comprehensive DR plan in advance of an actual event. Scenarios will have been considered in advance of an actual event so an agreed upon plan can be put into the DR Runbook. Recovery Point and Recovery Time Objectives can be considered and plans in place to meet both with a well thought out, tested, and eventually executed DR Runbook.
2. Will there be data loss if there is a failover to the Cloud? Most likely yes assuming something has changed on any of the servers since the last successful backup completed and was replicated to the Cloud. There is a higher risk with a failover to the Cloud, than a failover to the local Backup Appliance, of a Recovery Point exceeding 24 hours as it relies on replication of the backup to the Cloud.
3. How long can we run workload in the Cloud after a failover? 30 days is the limit for the Cloud resources included in the service. Additional charges will be incurred if the Cloud resources are used beyond the 30 days. Failback to the on-premise location or another production Cloud environment should occur as quickly as possible. Failback services are treated as a project and billed separately.

Return to Top