Terms of Service and Disclosures for EliteDesk Professional Services
By logging on or accessing a UCclouds.com account, or by transferring data to UCclouds.com, Subscribers and End Users agree to be bound to these terms of service and acknowledge receipt and careful consideration of all disclosures contained herein.
Technical Content Notice
Given that UCclouds.com renders highly technical services, this agreement and its disclosures are highly technical in nature. If you do not understand this agreement or any terms or clauses contained herein, please consult an Attorney and/or Information Technology Professional before proceeding.
The agreement shall commence upon executing this agreement with UCclouds.com or upon logging into or utilizing the UCclouds.com platform.
The initial term of this agreement shall begin on the commencement date and end one year from the first day of the first full calendar month following the commencement date.
Subscriber may cancel this agreement up to sixty days after the commencement date (“cancellation window”). Subscriber must notify UCclouds.com in writing of its intent to cancel this agreement during the cancellation window.
This agreement shall automatically renew without notice on each anniversary date following the commencement date (“renewal date”) and such agreement shall renew for additional one year terms. Should Subscriber choose not to renew this agreement, Subscriber must notify UCclouds.com in writing at least sixty days prior to the renewal date.
Summary of UCclouds.com Services Provided
UCclouds.com is a Cloud Services Provider, VMware Services Provider, and Microsoft Software Services Provider. Generally, UCclouds.com hosts Microsoft Windows desktops, Windows applications, and provides a remote display protocol for Subscriber to interact with the hosted applications.
In exchange for monthly payment in advance, UCclouds.com agrees to provision and host “Hosted Infrastructure” for the Subscriber subject to the terms of this agreement. Hosted Infrastructure varies from subscriber to subscriber, but generally includes, Data Storage, Software Use Rights for qualified Microsoft and VMware products (“Licensing”), and Resource Pools. Hosted infrastructure does not include devices Subscriber uses to interact with or connect to the Hosted Infrastructure. Subscriber’s Hosted Infrastructure is a logically isolated computing environment that is virtualized on hardware devices (servers, data storage, network switches, etc.) operated by UCclouds.com. UCclouds.com’s hardware devices are comingled among subscribers and virtualization technologies are used to serve multiple subscribers simultaneously from the same hardware resources. Clustering technologies are used to improve uptime and overall efficiency of the UCclouds.com Platform. Subscribers interact with Hosted Infrastructure through a remote display protocol.
The UCclouds.com Platform includes all facilities computer code, data, databases, software, operating systems, hypervisors, servers, network switches, third party services, and storage systems operated by UCclouds.com required to deliver services in accordance with the terms of this agreement. The VMware Horizon and UCclouds.com Thin/Zero Client (where applicable) are also considered part of the UCclouds.com Platform. Subscriber-owned computers/devices are not considered part of the UCclouds.com platform. Subscriber’s peripheral devices (e.g. printers, scanners, web cameras, thumb drives, audio devices, speakers, microphones, telephones, cameras, monitors, keyboards, human input/interface devices, etc.) are not part of the UCclouds.com Platform.
A Resource Pool is part of UCclouds.com’s service offering. A resource pool consists of 1 x 2.50 GHz vCPU (2.50 GHz) and 3 Gigabytes of vRAM. Each virtual machine in a Subscriber environment requires at least one resource pool to run. Subscriber may add additional resource pools to virtual machines for high performance applications up to a limit of 4 resource pools per virtual machine. As Subscriber’s users and workloads increase, additional resource pools may be necessary to meet Subscriber’s data processing needs.
Data Storage (storage) is part of UCclouds.com’s service offering. UCclouds.com provides storage to Subscriber’s virtual machines via VMware or equivalent virtual machine disks (vmdk). Subscriber’s vmdks are stored on a storage area network utilizing RAID technologies for hardware redundancy and fault tolerance. In addition, UCclouds.com utilizes Storage High Availability Clustering technologies are used to improve uptime and overall efficiency of the UCclouds.com Platform. Subscriber is billed based on used storage of each vmdk assigned to a Subscriber as measured by the VMware ESXi hypervisor. Vmdks are thin provisioned, as such subscriber is only billed for each Gigabyte of allocated storage. Each virtual machine may consume up to 40 Gigabytes of Subscriber’s committed storage for the virtual machine’s operating system and core software components prior to Subscriber importing any existing data or generating any new data (“usable data”). As Subscriber generates data through use of the platform, committed storage increases accordingly. Subscriber should be aware that deleting files and folders does not reduce the committed storage.
Software Use Rights
Licensing of Microsoft and VMware Software Use Rights is part of UCclouds.com’s service offering. Licensing is based on user accounts or “named users.” Subscribers are bound to all terms of UCclouds.com’s licensing agreements with VMware Systems and Microsoft. Such agreements are available upon request.
Licensing of Microsoft and VMware software and applications are based on use in a given calendar month (“metered software applications”). UCclouds.com meters software use based on entitlements assigned to a user account. Software is licensed per named user (user account). A license is required for each user authorized to access a hosted desktop and any Microsoft desktop applications installed on the assigned hosted desktop. Once a user has been authorized to use said desktop and applications in a given calendar month, a license is consumed and remains valid and reusable for the named user until the end of the calendar month. Named users or user accounts that do not intend to access a metered software application or desktop in a given calendar month (billing period) must contact UCclouds.com to de-authorize or delete the account prior to the commencement of the billing period in question. For Private Domain subscribers, contact your Active Directory Administrator to de-authorize or disable user accounts. Users seeking a credit for unused Microsoft desktop applications must contact UCclouds.com to uninstall the unused applications from the subscriber’s Desktop(s) before the beginning of the billing period.
Subscriber is granted software and use rights as a subscription based service, Subscriber in no way takes ownership of any license from VMware or Microsoft for pre-written software.
UCclouds.com does not meter licensing for any third party applications.
Thin and Zero Clients (Devices)
In certain scenarios, Subscriber may obtain a Zero Client device from UCclouds.com for an additional monthly fee. Zero Clients are small computers with a Microsoft Windows Embedded operating system. Thin Clients use a special configuration that limits user interaction with the local desktop and provides a seamless user experience with UCclouds.com Desktops. The Thin Client device may not be used for any purpose other than its intended purpose of accessing UCclouds.com hosted desktops. Other than hardware failure and providing instructions for setup and configuration, UCclouds.com does not provide any support for thin clients obtained from UCclouds.com. UCclouds.com thin clients should only be used on trusted networks behind a firewall. Thin Clients do not have any malware detection agent software installed. Subscriber may elect to install such software if required for Subscriber’s specific industry. UCclouds.com does not monitor, audit, or manage the Thin Client remotely. Subscriber should therefore secure the Thin Client “Technician” (administrator) account and avoid providing users with Technician credentials. Only IT professionals should utilize the Technician account for the specific purpose of installing peripheral devices, drivers, and performing updates to the VMware Horizon or Adobe Flash Player Plugin. In addition to User State Migrations, Thin Client installations can generally take a few minutes to setup and install the device.
Ownership of Software Services and Content
UCclouds.com does not convey any ownership of any software license to Subscriber. Virtual machines and all software provided by UCclouds.com are property of UCclouds.com and/or UCclouds.com’s software vendors. Only data imported and generated by Subscriber on an UCclouds.com virtual machine or storage device shall remain the intellectual property of Subscriber subject to all terms of this agreement.
Provisioning of UCclouds.com Services
UCclouds.com charges a one-time fee for the provisioning of its services. Provisioning means the initial setup or enabling/disabling features of services rendered, technical support, managed services, migration, system upgrades, and/or data import and export. Certain requests may take up to 48 hours to process depending on Subscriber’s hosted infrastructure configuration.
Migration of Subscriber’s Existing Data and Applications
UCclouds.com can provide for the migration of Subscriber’s existing applications, data, and/or system settings/user states to Subscriber’s Hosted Infrastructure for an additional charge.
It is possible that during Subscriber’s migration may discover pre-existing data corruption or application compatibility issues with Subscriber’s existing system configuration. Such issues may need to be resolved prior to performing a migration to UCclouds.com. These issues may require Subscriber to incur additional charges beyond migration costs, for an IT Professional to correct, or additional software licenses may need to be purchased from third parties so Subscriber’s applications function in a multi-user environment. It is also possible that Subscriber may still be required to incur these additional charges if Subscriber elects to cancel migration to UCclouds.com during the migration process, as these issues may need to be rectified in order to return Subscriber back to Subscriber’s original infrastructure.
Submitting Subscriber Data to UCclouds.com via Physical Media
Subscribers or IT Professionals who submit external hard drive disks on behalf of Subscriber to UCclouds.com for virtual USB mounting should encrypt the data or drive prior to submitting to UCclouds.com. Should Subscriber or Subscriber’s designee fail to encrypt data on a drive submitted to UCclouds.com, Subscriber shall indemnify, defend, and hold UCclouds.com harmless should the drive or data become lost or stolen while in UCclouds.com’s possession.
UCclouds.com will not distribute hard drives to Subscriber for the purposes of importing Subscriber’s existing data to UCclouds.com. UCclouds.com recommends importing data only through secure network connections such as ICA client drive mapping, third party folder synchronization services such as VMware Share File, or a VPN connection.
UCclouds.com utilizes third party owned and operated colocation facilities for housing UCclouds.com’s data storage and information processing equipment. Said Colocation facility shall comply with the terms of SAS 70 Type II, as well as the terms of TIA Tier III datacenter facilities for redundant cooling, power, and IP transit systems. UCclouds.com shall furnish evidence of compliance, certifications, and/or audits of the facilities to Subscriber upon request to the extent that said Colocation Facility makes such information available to its tenants. In Colocation Facilities only, the UCclouds.com Platform shall consist of hardware that facilitates a network and power supply topology that is at least n+1 redundant.
UCclouds.com may also utilize self-operated facilities for housing UCclouds.com data storage and information processing equipment that is primarily used for disaster recovery purposes and platform testing. Self-Operated facilities may not comply with the terms of SAS 70 Type II, nor comply with the terms of TIA Tier III datacenter facilities.
Microsoft & VMware Software
UCclouds.com maintains a Services Provider License Agreement (SPLA) with Microsoft. All Microsoft products and services installed on a Subscriber’s Desktop or Server must be licensed through the SPLA program with UCclouds.com and are subject to Microsoft’s terms and conditions contained herein. Notwithstanding the Microsoft Public License, Subscriber may not install Microsoft software licensed through other means such as retail purchases. Exceptions and/or reduced SPLA rates may apply for Subscribers with existing Microsoft Software Assurance contracts.
Similarly UCclouds.com is a VMware Service Provider (CSP). All VMware products and services installed on a Subscriber’s Desktop or Server must be licensed through the CSP program with UCclouds.com. Notwithstanding VMware Public License, Subscriber may not install VMware software licensed through any other means such as retail purchases.
Should Subscriber use the UCclouds.com Platform in any manner that conflicts with the Terms of Service, subscriber is doing so at their own risk. UCclouds.com will not support subscriber’s Cloud environment when used in any manner that conflicts with the following Terms of Service. Should subscriber use UCclouds.com in any manner that conflicts with the Terms of Service (knowingly and/or unknowingly), Subscriber waives all claims against UCclouds.com, and further agrees to indemnify, defend, and hold UCclouds.com harmless for any loss to any party arising out of or attributable to the use of UCclouds.com in said manner that conflicts with the Terms of Service.
Should Subscriber use UCclouds.com in any manner that conflicts with these Terms of Service, Subscriber may, at UCclouds.com’s discretion, be deemed in default of this agreement.
UCclouds.com desktops use the VMware ESXi Operating System and VMware Horizon. Windows 7 Professional virtualized desktops are through UCclouds.com under the Microsoft SPLA program. Subscriber is responsible for verifying that use of non-Microsoft applications on Windows 7 Professional, and/or use with virtualization technologies do not violate the software provider’s End User License Agreement, or any local, state, or federal law. UCclouds.com should not be utilized to host or deliver any application where temporary loss of access to such application could result in losses including, but not limited to, personal injury, death, failure to diagnose, treat, cure or prevent a medical disease and/or condition, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.
Hardware Acceleration/GPU Rendering Not Available
UCclouds.com applications run inside of a virtualized operating system. Virtualized operating systems do not have access to a Graphical Processing Unit (GPU). UCclouds.com desktops do not support Direct9 and/or DirectX features such as DirectDraw Acceleration, Direct3D Acceleration, and/or APG Texture Acceleration. Therefore, applications that rely on hardware acceleration technologies for graphical rendering may not function or render usable on UCclouds.com. Some examples of application types that may rely on these technologies include Computer Aided Design (CAD) / Graphic Design, Imaging, Video Editing, and Geographic Information Systems (GIS) software. Subscribers are responsible for testing functionality of all applications on UCclouds.com prior to using the UCclouds.com platform in a production environment.
Installing and Configuring Third Party Applications
Third Party Applications are generally installed onto UCclouds.com desktops in a manner similar to installing on a personal computer. UCclouds.com will do our very best effort for installing, maintaining, configuring, troubleshooting, patching, and updating any application or software licensed through a third party.
Application Streaming is a technology developed by VMware Systems to enhance application stability in a multi-user desktop environment. Application Streaming also provides for the centralized management of an application across multiple users, and restricts application enumeration at the user or session level, rather than the virtual machine level.
Licensing of Third Party Applications
Subscriber is solely responsible for complying with all End User License Agreements for third party applications used by Subscriber. Subscriber must also obtain licenses for all third party software installed in or streamed to Subscriber’s Hosted Infrastructure where required. Subscriber shall indemnify and defend UCclouds.com for any claim brought by a third party software provider for violation of their End User License Agreement provided such claim is attributable to Subscriber’s use of said software on the UCclouds.com Platform.
Remote Desktop Services Architecture Security Considerations (User Account Control)
User desktops within a Subscriber’s organization are isolated at the virtual machine. Users with administrator privileges can introduce a computer virus, malware, or other security vulnerability, which can affect users and user data within their organization. Users with administrator privileges also have full control over any user’s data, which is stored locally on the Desktop for which said user has administrator privileges. Because of these considerations, administrator privileges should be limited to a single user account for the sole purpose of installing and configuring software. This administrative account should only be used by a responsible user or trusted IT professional. UCclouds.com will not support any Desktop where multiple users or irresponsible users have been granted administrator privileges, and makes no warranty with respect to the security of said Desktop and its data, when multiple users or irresponsible users have been granted administrator privileges.
As recommended by VMware, UCclouds.com may disable User Account Control (UAC) on Subscriber’s Desktops when required for Application Streaming. When users are granted local administrator rights and UAC is disabled, the security of the Desktop can become further compromised. Subscribers choosing to add users to the local administrators group should enable UAC on the affected Desktops. UCclouds.com reiterates it will not support and make no warranty with respect to the security of a Desktop and its data, when a multiple users or irresponsible users have been granted administrator privileges.
For the purposes of this section, an irresponsible user includes a user unaware of the difference between a standard user account and an administrator account. An irresponsible user is also includes a user unable to distinguish between trusted executable/windows installer files and untrusted executable/windows installer files.
Network Display Protocol
UCclouds.com subscribers interact with UCclouds.com hosted applications and desktops through the VMware Independent Computing Architecture protocol (ICA). ICA is a network based display protocol, and image quality and integrity are directly affected by the quality of one’s internet/network connection. Because UCclouds.com relies on the internet in all cases to deliver hosted applications and desktops to users, UCclouds.com is not able to control network quality of service between UCclouds.com facilities and the Subscriber’s point of access. Subscriber should therefore test their applications with their current ISP connection to determine if performance will be acceptable.
Because of these network conditions, UCclouds.com uses image compression algorithms to improve the usability of hosted applications and desktops. Examples may include, but are not limited to, color compression, queuing and tossing, progressive compression, lossy compression, and jpeg/heavyweight compression. These image compression algorithms may intermittently or continuously degrade image quality. Certain abnormal network conditions including jitter and loss of bandwidth can invoke additional compression over and above what is normally used. Image compression algorithms can significantly degrade image quality during such circumstances. Subscribers should carefully consider the effects of loss of image quality and integrity on their organization’s workflows. UCclouds.com should not be used in any industry or use case where loss of image quality or integrity could result in losses including, but not limited to, personal injury, death, failure to diagnose, treat, cure, or prevent a medical disease and/or condition, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.
Not all devices will be compatible when used with UCclouds.com and UCclouds.com provides no support for peripheral devices, other than instructions on how to generally setup the type of device and how to generally use the device with a Cloud Desktop. UCclouds.com does not support native device drivers for peripheral (locally attached) hardware devices. Peripheral devices are unable to be redirected to UCclouds.com desktops using the device’s native driver (i.e. no isochronous redirection). Native device drivers should be installed locally on the client’s workstation or access point. VMware supported peripheral devices will generally map to the UCclouds.com desktop through VMware or Microsoft universal drivers for the type of device. Peripheral device mapping is limited to most printers, TWAIN compliant scanners (only when being used with a TWAIN compliant image capture software installed on the Cloud Desktop such as Adobe Professional), certain web cameras, microphones, speakers, basic human input devices (such as a keyboard and mouse), and thumb drives pre-formatted with FAT32 file system. Peripheral device performance and usability is reliant on low internet latency (consistently less than 30 milliseconds), and adequate bandwidth (consistently more than 5 Mbps download and 5 Mbps upload). Loss of bandwidth and/or increase in latency can cause peripheral devices to become unusable. Subscriber should verify desired peripheral device functionality with their access points and network connections prior to using UCclouds.com in production. Subscriber is prohibited from using UCclouds.com with any device that is (1) not supported by the device manufacturer for use with hosted desktop technologies and/or virtualization technologies, (2) a medical device or device used to diagnose, treat, cure, or prevent any medical disease and/or condition, (3) any device, where use with a Hosted Desktop, and/or loss of connectivity with a Hosted Desktop could lead to losses including, but not limited to, personal injury, death, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.
Client Drive Mapping
UCclouds.com Desktops by default does not allow users to read and write to local (client) drives and allows thumb drives from the user’s Cloud Desktop. If Subscriber needs to allow users from having read and write access to personal drives (to prevent users from importing or exporting data to or from Subscriber’s Cloud environment), Subscriber must contact the UCclouds.com EliteSupport Team to enable this functionality.
UCclouds.com implements an optimization technology from VMware Systems known as Flash Redirection. Flash Redirection offloads Flash content from the Subscriber’s hosted desktop to be rendered seamlessly, but locally on Subscriber’s workstation computer or Thin Client. Flash Redirection introduces potential access to local resources and should not be used by Subscriber unless the effects and security considerations resulting from such interactions have been properly evaluated. If Subscriber desires not to use Flash Redirection, Subscriber should contact UCclouds.com to disable the feature.
Web Browser CPU Throttling
UCclouds.com may implement technologies to limit the CPU (processor) consumption of Web Browsers installed on or streamed to Subscriber’s Cloud Desktops. Certain media-intensive websites can utilize excessive CPU, causing performance problems for Subscriber and other users. If Subscriber needs access to high performance web browsing for rendering of flash content, Subscriber should use the Microsoft Internet Explorer web browser with Flash Redirection.
Local Application Access
Local Application Access is an optional VMware technology that allows users to interact with applications installed on local workstation computers from the Cloud Desktop through seamless application windows, thus providing a single unified workspace where the user may access both local and cloud-hosted applications. This scenario may be desirable for certain applications as part of a comprehensive Cloud solution, provided the application does not store data locally, or the data generated by the locally accessed application is backed up by a third party. In other cases, this scenario can cause significant user confusion and result in users generating data locally that either (1) is not written to the correct location and thus becomes lost or (2) is not backed up or made highly available. There also exists a potential security risk, whereby local unauthenticated users may gain access to Subscriber’s Hosted Infrastructure if the local application is configured to access a database or data share located in the Cloud and credentials for the database or share are saved locally. Subscriber should consult with UCclouds.com prior to enabling this feature, and obtain appropriate training and an understanding of the security risks and required mitigation techniques prior to using this feature in production.
Remote Access Considerations
UCclouds.com is an inherently remote computing architecture by design. All UCclouds.com users are able to remotely access their Cloud environment from most mainstream computing devices with an internet connection. UCclouds.com cannot restrict user access to the system based on geographic location, physical address, or IP address. Subscriber should not use UCclouds.com if universal remote access is undesirable. Private Domain Subscribers may consider restricting logon hours to business hours for certain users through Active Directory.
Remote Management Software
Certain third party remote access, remote management, and/or online meeting software can conflict with the VMware ICA protocol, and/or VMware display drivers on a Desktop and the client computer being used to access the Desktop. UCclouds.com deploys its own Remote Management Software. Prior to installing any such software on a Desktop, or client workstation/access point, Subscriber must consult with UCclouds.com to verify its compatibility with VMware and Remote management Software. It is the discretion of UCclouds.com to allow these third party applications that may affect UCclouds.com software.
Subscriber’s Internet Access
Subscriber is solely responsible for internet access from any location used to access or remotely connect to Subscriber’s Hosted infrastructure. UCclouds.com requires reliable internet access with substantial bandwidth, low latency, and high Quality of Service to render hosted applications and hosted desktops usable to Subscribers. For production office environments, bandwidth of at least 15 Mbps download 15 Mbps upload is recommended for the first 30 concurrent users. Latency should be consistently less than 30 milliseconds round trip to UCclouds.com. Individual remote users not requiring a High Definition User Experience simply require a broadband or equivalent internet connection. UCclouds.com will not monitor, troubleshoot, or diagnose Subscriber’s internet connection. UCclouds.com will not provide any support, nor diagnose or troubleshoot any issue for Subscriber as would otherwise be required under the terms of this agreement, unless Subscriber’s internet connection meets the aforementioned minimum requirements.
Notice to Subscribers Traveling Abroad
UCclouds.com filters internet traffic to and from countries suspected of engaging in industrial espionage against the United States. Subscribers traveling to these regions will need to contact UCclouds.com to arrange traffic filtering exceptions to allow Subscriber to connect to hosted infrastructure while traveling in these countries/geographic regions. For a current list of countries and regions blocked by UCclouds.com, contact the EliteSupport Team.
Confidentiality of User Accounts and Credentials
UCclouds.com will never ask a user for their password. Subscriber must require all users in Subscriber’s environment not disclose user account credentials to any individual including users within the organization. Allowing multiple users to logon with the same user account (impersonation) poses a significant security risk. Should any of Subscriber’s credentials become compromised, Subscriber must immediately notify UCclouds.com to reset credentials.
Upon termination of an employee, the employee’s user account should be immediately disabled or placed into receivership (whereby the credentials are reset for the receiving user). All subscribers should coordinate this through the UCclouds.com EliteSupport Team to disable or reset user account credentials.
Disclosing user credentials to anyone other than the named user, or failing to report user credentials being compromised, can result in civil and/or criminal penalties and/or unauthorized access to Subscriber’s infrastructure. Such unauthorized access could be malicious or unintentional, and result in data loss, downtime, identity theft, theft and/or corruption of data, and or financial loss. Subscriber shall indemnify, defend, and hold UCclouds.com harmless from any loss arising out of or attributable to Subscriber’s disclosure of user account credentials to any party and/or impersonation of user accounts (shared accounts), or for Subscriber’s failure to report compromised credentials.
UCclouds.com will not support any configuration where user accounts are assigned to devices and not named users. UCclouds.com makes no warranty of system performance when Subscriber assigns accounts to devices and not users.
Malware Detection & Removal
Malware is a malicious or unwanted form of software or computer code, that when executed on Subscriber’s hosted infrastructure can cause security to be compromised on Subscriber’s hosted infrastructure. Malware is generally inadvertently executed or installed by users, whom are tricked by websites, emails, and other electronic information sources that make false representations about its prospective software and its authenticity.
To mitigate this threat, UCclouds.com uses Gateway Security Protection and Endpoint Protection software/monitoring agents installed into Subscriber’s architecture. Users also should not be provided any kind of administrator credentials as users with administrator credentials can unknowingly override an Endpoint Protection agent’s attempt to block or quarantine the malware. UCclouds.com also facilitates filtering of known malicious or phishing websites by making Gateway Security available to Subscriber.
Should UCclouds.com detect malware, Subscriber will be notified and a maintenance window scheduled to remove the malware. Removal of malware must be performed by UCclouds.com, and malware removal is mandatory once malware is detected, and Subscriber may not opt out of removal of malware.
Subscriber agrees not to tamper with any Endpoint protection software or monitoring agents installed into Subscriber’s environment, and shall indemnify, defend, and hold UCclouds.com harmless from any loss arising out of or attributable to Subscriber’s tampering or inhibiting the Endpoint Protection software from normally functioning, updating, and reporting to UCclouds.com servers.
Subscriber shall indemnify, defend, and hold UCclouds.com harmless from any loss arising out of Endpoint Protection software’s failure to detect any malware, malicious software, or other unwanted attack on Subscriber’s hosted infrastructure.
Responsibility to Report Suspected Malware
Should Subscriber suspect any part of Subscriber’s hosted infrastructure is infected with Malware, or that the security of any part of said infrastructure is compromised, Subscriber agrees to promptly report such suspicion to UCclouds.com by contacting the EliteSupport Team at 1-678-701-5677 option #2 or open an EliteSupport Ticket from UCclouds.com Client Portal. Subscriber’s failure to report suspected malware to UCclouds.com shall constitute an event of default by Subscriber as well as a full assumption of Subscriber’s liability and indemnification of UCclouds.com for losses arising out of or attributable to said Malware infection.
Email Security and Email Considerations
UCclouds.com does not provide any email screening or email security services. Subscribers should obtain these services from their email provider. Subscribers choosing to self-host Microsoft Office 365 or other email server software on UCclouds.com servers are required to point MX records to a UCclouds.com approved third-party email screening and security service. Subscribers should contact UCclouds.com for a current list of UCclouds.com approved third party email screening services. Subscriber is prohibited from pointing any MX record directly to any UCclouds.com IP address. UCclouds.com also filters IP traffic to and from known malicious IP addresses and countries suspected of engaging in industrial espionage against the United States. To communicate with these regions via email, Subscriber should configure outbound emails to route through a trusted email proxy such as Postini, or Microsoft Exchange Hosted Security.
Private Domain Subscribers (if applicable)
UCclouds.com offers its Private Domain architecture as an option to subscribers requiring their own Directory Service (Active Directory). Private Domain environments are for technically sophisticated subscribers requiring exclusive control over user accounts and security principals. In this Private Domain architecture, object security is fully delegated to the Subscriber. Subscriber is therefore fully responsible for the security, maintenance, and management of its own Active Directory and its objects. Subscribers without the resources or need to manage their own Microsoft Active Directory Forest should consider using the UCclouds.com Public Domain architecture as an alternative.
The need to secure or “harden” Active Directory is escalated in a Cloud environment, primarily because logon points are readily accessible from the internet. Failure to secure Active Directory may result in civil and/or criminal penalties and/or unauthorized access to Subscriber’s infrastructure. Such unauthorized access could be malicious or unintentional, and result in data loss, downtime, identity theft, theft and/or corruption of data, and or financial loss. Subscriber shall indemnify, defend, and hold UCclouds.com harmless from any loss arising out of or attributable to Subscriber’s failure to secure and/or maintain its own Active Directory Forest on an ongoing basis.
UCclouds.com will provision the Subscriber’s Active Directory Forest, however because security requirements vary from organization to organization, UCclouds.com does not secure subscriber’s Active Directory. Prior to use in production, Subscriber or Subscriber’s designee should implement Active Directory hardening best practices. Hardening best practices include, but are not limited to, minimum user account password complexity, limiting user account password age and history, automatic disconnection or locking of idle user sessions, account lockout for invalid logon attempts, disabling the domain “Guest” account, and renaming the domain “Administrator” account. Domain administrator accounts should never be granted access to hosted applications and desktops and/or any logon point which is accessible from the internet. Desktop/Application users should not be granted administrator rights. Guidance on securing subscriber’s Active Directory may be obtained by reading the UCclouds.com Private Domain Advisory.
Subscriber’s failure to maintain the requirements set forth in this paragraph will result in termination of service by UCclouds.com and could compromise Subscriber’s security. Subscriber must designate and maintain an Active Directory Administrator, principally responsible for administering Subscriber’s Active Directory. Subscriber may not install, uninstall, or interfere with any Microsoft, VMware, or ActivAeon software or agent within their virtual machines. Subscriber must maintain one non-transitive external bidirectional Forest Trust with gateway UCclouds.com on an ongoing basis. This Trust relationship is required for UCclouds.com’s VMware architecture to deliver Subscriber’s applications and desktops and does not subordinate any control of Subscriber’s Active Directory to UCclouds.com. UCclouds.com cannot reset Subscriber’s Active Directory Administrator password or any user account passwords.
Subscribers Utilizing Non-Microsoft Operating Systems
Certain Subscribers may opt to have UCclouds.com host virtual machines/servers using an operating system not manufactured by Microsoft. In this case, the operating system must (1) be supported by UCclouds.com’s current hypervisor vendor and (2) Subscriber must obtain any required licenses from the operating system manufacturer for use of the operating system in a multi-tenant Public Cloud.
UCclouds.com does provide support for non-Microsoft operating systems, and does provide any security services such as providing endpoint protection agents and monitoring for malware for the operating system.
Non-Microsoft operating systems are not compatible as a host for the VMware ICA protocol. Subscriber will only be able to access such Non-Microsoft operating systems through third or protocols or protocol built-in to the non-Microsoft operating system.
Private Domain Subscribers are assigned a static internet IP address as well as a PVLAN (Private Virtual Local Area Network). These Subscribers may request opening of specific firewall ports and Network Address Translation rules to forward web service ports to application servers located on Subscriber’s PVLAN. Subscriber’s designated Active Directory Administrator is principally responsible for authorizing UCclouds.com to open such firewall ports. Subscriber must understand risks associated with opening firewall ports and port forwarding and take necessary measures to secure application servers for internet traffic. For web applications that do not require direct integration with Subscriber’s PVLAN, Subscriber should consider dedicated web hosting from third party hosting providers.
If Subscriber still requires web applications on a UCclouds.com Server, Subscribers should take necessary measures to secure their web application and user accounts. Such measures should include installing and maintaining valid SSL certificates on the application server, requiring authentication against an independent directory service, and redirecting/limiting internet-exposed ports to secure ports such as SSL/TLS (TCP 443). Users transmitting credentials to an application server in plaintext or without a valid SSL certificate risk interception of credentials by an attacker. In this scenario, if the web application’s authentication is integrated with Subscriber’s Active Directory, the user’s UCclouds.com hosted applications and desktops will also be compromised because UCclouds.com authenticates Private Domain subscribers to Subscriber’s Active Directory.
Other than malware detection on the host operating system, UCclouds.com does monitor Private Domain web applications or firewalls for uptime.
For certain deployments, Subscriber may request a site-to-site VPN tunnel to link a Local Area Network with Subscriber’s UCclouds.com Virtual Local Area Network (VLAN). VPN tunnels expose subscriber’s UCclouds.com network to external and potentially unsecured networks such as Subscriber’s on site Local Area Network. Subscriber understands that the security of their UCclouds.com network is limited by the Security of Subscriber’s on site Local Area Network. Subscriber should therefore take steps necessary to secure their on-site Local Area Network, or any other Network or device which will be given access to the VPN Tunnel. VPN tunnels should only have access to network(s) trusted by Subscriber.
UCclouds.com uses the Sonicwall Appliance to create and maintain VPN tunnels. In certain circumstances, there may be compatibility issues across firewall vendors when configuring a site-to-site IPSEC VPN Tunnel. Certain compatibility issues may result in the tunnel intermittently dropping, or loss of connectivity, and/or ability to traverse the tunnel. UCclouds.com therefore cannot provide any warranty with respect to site-to-site tunnels with third party VPN endpoints located at the Subscriber’s facility.
Data Protection Service
UCclouds.com includes with the EliteDesk Professional service our Data Protection Service. Data Protection Service is a nightly backup service for Subscriber’s hosted infrastructure, capable of reverting subscriber’s hosted operating systems to a previous state, and/or restoring individual files or folders. The nightly backup is designed to perform a quiesced snapshot of the subscriber’s operating system to ensure backups are crash consistent. Crash consistent backups are different from application aware backups. For example, database applications may require additional repairs after reverting to a previous snapshot. Subscriber should consult with application vendors to determine if crash-consistent backups are adequate for disaster recovery solution.
The Data Protection service is intended to protect subscribers from Subscriber’s acts of data corruption or accidental deletion. Backups of subscriber systems will run between the hours of 6:00 p.m. and 6:00 a.m. on qualified nights. It is possible for individual backup “jobs” to not complete under certain circumstances (i.e. maintenance of the backup system, backup job failure, etc.), in which case recovery of data to a specific point in time in accordance with the following Retention of Backup Data may not be possible. When a valid restore point is available, the data recovery process may take several hours depending on the amount of data being recovered and assuming the request is made during normal business hours. The ability to execute a data recovery job or restore a system is not guaranteed between the hours of 6:00 p.m. and 6:00 a.m. as the backup system may be running scheduled backup jobs or be undergoing maintenance. Subscribers may need to wait until the next business day for data recovery. In any case of inability to recover data, subscriber shall hold UCclouds.com harmless.
The UCclouds.com Nightly Backup Service does not restore application items (application item recovery). Examples may include specific database tables, SQL databases, database transaction logs. The UCclouds.com Data Protection Service does provide for recovery of system states.
Subscriber should verify Windows shadow copies are enabled on all drives in Subscriber’s system. Shadow copies provide for fast self-service recovery of accidentally deleted or corrupt files and folders with a shorter recovery point objective at the expense of a smaller retention of backup data. Should Subscriber require UCclouds.com retrieve data from the Nightly Backup service or revert or temporarily boot Subscriber’s System to a previous snapshot. Additional charges for resource pools and storage may apply if the restored environment coexists with the production environment.
Retention of Backup Data
For subscribers of UCclouds.com’s Data Protection Service only, UCclouds.com will retain successfully completed backup job restore points in accordance with the following schedule:
- 7 most recent nightly backups
- and 10 most recent weekly backups.
Upon termination of this agreement, UCclouds.com may, at its sole discretion, destroy or delete all of Subscriber’s backup retention data.
Backup data is de-duplicated, hypothecated, and may be comingled with previous backup data and backup data of other Subscribers to improve system performance.
UCclouds.com is not a data archival service and will not provide any archival of any software, data, or database. Subscriber is responsible for archival of all data through internal procedures or third party archival service providers.
UCclouds.com will provision Subscriber’s Hosted Infrastructure using a highly available commercial-grade architecture with server clustering technologies and storage clustering technologies. Clustering technologies will be configured to provide automated and expeditious system recovery from more severe types of hardware or system failures. Fault tolerant networking architectures will be used to prevent service interruptions when a single network hardware component fails.
Disaster Recovery & Business Continuity
UCclouds.com will replicate Subscriber’s virtual machines to a second geographic location (Disaster Recovery Site). The virtual machine replication process will consist of an initial synchronization, followed by incremental changes replicated approximately every 24 hours. Bandwidth and processing constraints may increase the incremental backup window increasing the recovery point objective window. Replica virtual machines will generally boot from a crash consistent state however will not have been application aware image-processed. UCclouds.com also does not replicate Nightly backup data to the redundant site.
UCclouds.com shall have the right, at its sole discretion, to failover all UCclouds.com processing to the Disaster Recovery Site. UCclouds.com will make this decision provided a qualifying disaster event has occurred and failing over UCclouds.com to the Disaster Recovery Site is in the best interest of UCclouds.com subscribes collectively. During such an event, downtime, and up to 24 hours of data loss is possible for Subscriber (“incremental data loss”). Subscriber agrees to indemnify, defend, and hold UCclouds.com harmless for any loss arising out of or attributable to UCclouds.com’s decision to failover to the Disaster Recovery Site.
Encryption & Transport Security
UCclouds.com remote application and desktop sessions use the VMware ICA protocol. UCclouds.com will embed the ICA protocol into the SSL/TLS protocol (port 443) with 256 bit AES encryption when the session traverses a public network (“the internet”).
UCclouds.com will store all Subscriber data at rest using hard drive encryption technologies. All data at rest will be stored using 128 bit or better encryption.
If Subscriber initiates external communications on their own from the UCclouds.com environment (email clients, web browsers, remote assistance agents and executable, etc.), UCclouds.com is not a party to such transaction, and therefore cannot secure its communications. Subscribers must still be conscious of and secure communications with third parties as a Subscriber normally would from a traditional hardware device.
Scheduled Maintenance Windows
UCclouds.com shall have the right to cause service interruptions between the hours of 10:00 p.m. and 5:00 a.m. for platform enhancements, updates, improvements, and fixes. UCclouds.com shall notify either Subscriber or Subscriber’s Private Domain Administrator at least 6 hours prior to the start of a Scheduled Maintenance Window. UCclouds.com will also provide an estimate of the Scheduled Maintenance Window completion time, however makes no warranty with respect to the estimate’s accuracy. Scheduled Maintenance Windows are not considered “downtime,” and as such are not eligible for any claim under UCclouds.com’s Service Level Agreement (See UCclouds.com Service Level Agreement).
Emergency Maintenance Windows
UCclouds.com shall have the right to cause service interruptions without advance notice to Subscriber or Subscriber’s Private Domain Administrator during an emergency event. An emergency event exists when UCclouds.com internally determines, at its sole discretion, that a service interruption is in the best interest of Subscriber(s) to repair or correct conditions including downtime, suspected security breach, impending system or hardware failure, or to apply a critical hotfix or security update. UCclouds.com will notify Subscriber or Subscriber’s Private Domain Administrator via email of such service interruption as soon as practicable following an emergency.
UCclouds.com Service Level Agreement (SLA)
Should Subscriber lose access to hosted desktops or applications (“downtime”) during a calendar month for a single continuous period totaling 2.1 hours to 6 hours, Subscriber shall be entitled to a credit dollar amount consisting of five percent (5%) of the previous calendar month’s subscription billing, for 6.1 hours to 10 hours, Subscriber shall be entitled to a credit dollar amount consisting of ten percent (10%) of the previous calendar month’s subscription billing for 10.1 hours to 14 hours, Subscriber shall be entitled to a credit dollar amount consisting of fifteen percent (15%) of the previous calendar month’s subscription billing for 14.1 hours to 18 hours, Subscriber shall be entitled to a credit dollar amount consisting of twenty percent (20%) of the previous calendar month’s subscription billing. For the purposes of this section, downtime does not begin until Subscriber has notified UCclouds.com of such inability to connect to hosted desktops or applications, and ends when UCclouds.com has notified Subscriber the condition has been fixed. Only downtime events caused solely caused by an UCclouds.com operated datacenter hardware device, or operating system used for to deliver UCclouds.com services. Downtime arising out of a malfunction of subscriber’s hosted operating system(s), or any software installed therein, is not eligible for SLA claims. Scheduled Maintenance, and downtime caused by other parties or causes beyond the direct control of UCclouds.com are not eligible for claims to compensation under this SLA. This SLA shall be Subscriber’s sole remedy against UCclouds.com for any loss incurred due to downtime. Subscriber is limited to a maximum of one SLA claim each calendar month and such qualifying downtime event must have occurred during said calendar month (i.e. Subscriber may not bank, or “roll over” a subsequent SLA event or claim from a calendar month for a credit to be applied to an invoice in a latter billing period).
In order to receive credit for a qualifying downtime event under this SLA, Subscriber must notify UCclouds.com via Ticket of its desire to collect under an SLA claim no later than 30 days after the SLA qualifying incident occurs. Failure to notify UCclouds.com within this period shall constitute a waiver to any compensation or credit as provided by this SLA.
Should Subscriber lose access to hosted desktops or applications (“extended downtime”) for a continuous period of at least 48 hours or more in one occurrence, Subscriber may terminate this agreement without penalty. Said termination shall be Subscriber’s sole remedy for any loss arising out of extended downtime.
UCclouds.com’s acceptance of an SLA claim and subsequent compensation shall not ever be construed as an admission of liability for downtime or extended downtime by UCclouds.com. Nor shall said acceptance of an SLA claim and subsequent compensation ever be an admission by UCclouds.com that UCclouds.com a negligent act, error, and/or omission by UCclouds.com has occurred. UCclouds.com’s acceptance of an SLA claim and subsequent compensation shall never be construed as an admission of a breach of contract by UCclouds.com or that UCclouds.com has failed to perform a contractual obligation and/or duty.
Subscriber’s acceptance of SLA compensation shall constitute a final settlement and waiver of any claim for damages (future or otherwise) by Subscriber arising out of or attributable to said downtime or extended downtime.
Despite best efforts, no system, including UCclouds.com, is completely immune from failure, downtime, or service interruptions. Subscriber should understand that the possibility for downtime exists with UCclouds.com services even when UCclouds.com performs all duties under this agreement. Subscriber must consider carefully this risk and the potential effect of downtime on its organization when choosing a hosted application service such as UCclouds.com.
Notwithstanding the remedies provided by the Service Level Agreement, Subscriber shall hold UCclouds.com harmless for any direct loss, indirect loss, and/or consequential damages arising out of or attributable to downtime and/or extended downtime.
UCclouds.com warrants to Subscriber that the UCclouds.com Platform will perform in a manner that does not unreasonably impede or restrict Subscriber from working productively, provided Subscriber adheres to the terms and conditions of this agreement, and uses UCclouds.com in a supported configuration, with tested third party software applications, peripheral devices, properly functioning access points (computers, laptops, tablets, mobile phones, etc.), and an adequate internet/network connection.
Should Subscriber determine UCclouds.com in a supported configuration unreasonably impedes or restricts Subscriber from working productively, Subscriber’s sole remedy shall be termination of this agreement within the termination window. Subscriber’s failure to terminate this agreement within the termination window constitutes an ongoing acceptance by Subscriber that the UCclouds.com platform is performing in a manner that does not unreasonably impede or restrict Subscriber from working productively.
Because UCclouds.com is a multi-user environment, Subscriber should avoid installing applications, applying patches, updates, and/or changing system configurations, during production hours. Doing so can have undesirable results, cause data loss, negatively impact or interrupt other users currently logged on, and in extreme cases, cause service outages or a system crash.
Billing and Payment
UCclouds.com shall not be required to provide notification to Subscriber prior to a use of services that results in additional charges, or when a service requested or rendered will result in additional costs (i.e. billable support services). UCclouds.com’s failure to provide such notification that a service or use is billable shall not alleviate Subscriber of Subscriber’s responsibility to render payment for services provided under the terms of this agreement.
"Anniversary Billing Date" means the date of the month of the Effective Date except as provided in this definition. For example, if the Effective Date is May 20, 2012, then the Anniversary Billing Date is the twentieth of the calendar month. If the Anniversary Billing Date is a date in a calendar month which does not exist in each calendar month, then the Anniversary Billing Date shall be the last date of such month (i.e. if the Anniversary Billing Date is the 30th, then in February, the Anniversary Billing Date shall be either February 28 or 29, depending on the year).
All fees for the provision of Services (except as provided below for Additional Service Fees, Hourly Service Fees and One Time Fees) are due in advance of the first day of the relevant term. For example, the fees for such Services during the Initial Term shall be due on the Effective Date or before the provision of Services. The fees for the Services for Renewal Term would be due on or prior to the Anniversary Billing Date for such Renewal Term. The amount due may be adjusted by addition of Services, upgrade of Services, discontinuance of Services or downgrade of Services and through the use of SLA Credits. The fees for additional or upgraded Services for which the Order is accepted on the Anniversary Billing Date will be due on the Anniversary Billing Date. The fees for additional or upgraded Services for which the Order is accepted after an Anniversary Billing Date will be pro-rated on a calendar day basis to the next Anniversary Billing Date.