This document contains lists of included services and exclusions as part of the Managed Services/MAPS Administrator engagement. It also contains security requirements and guidance for supported remote connectivity scenarios (and supported accounts and authentication types) used by the Evisions Professional Services Team.
This Professional Services engagement includes some or all of the following services:
- User Management
- Creation of users and groups per client instructions and policies
- Setting user roles and adding users to groups
- Single Sign On setup using required information from client’s Identity Management administrator
- MAPS Upgrades
- Upgrading service, Config, and applications to the latest versions
- IntelleCheck database upgrade with the consultation of client DBA
- Guidance on FormFusion evilp upgrade to client system administrator or DBA
- Automatic upgrades to environment as client requests
- Application messaging during server upgrades
- Basic testing and validation of upgrades
- Upgrade to 64-bit with close consultation and guidance with client
- Loading SSL certificates into MAPS with the assistance of the client
- Migrations and clones, assuming Windows servers already exist
- Maintenance of old log files and backups
- Actively keeping client licenses up to date
- Connection Setup
- Creation of ADO/OLE DB and native connections
- REST Connector
- Creation and configuration, but will not configure endpoints without client assistance
- Data Warehouse
- Enabling the feature and creating a connection to it
- Configuration and authorizations of auxiliary resources for MAPS, assuming the resources are already configured
- Email server
- Error Management and Tuning
- Checking client report errors
- Managing logging configuration based on environment needs
- General server troubleshooting
- Enabling Argos API referrer checking and adding referrers
- Scheduling Management
- Schedule configuration (such as number of concurrent threads and default timeout)
- Configuring system level schedule run as user
- Occasional cleanup of inactive schedules
This following are services NOT included in this engagement:
- User Management
- Creation of custom user roles without client involvement
- Setting overall structure of user roles, users, and groups without client involvement
- Setting password policies
- Windows server management
- OS maintenance such as applying patches or upgrades to the Windows server hosting MAPS
- Any direct system work on the server that requires server administrative access
- Creating and deploying new Windows servers for additional instances of MAPS
- Management of VMs for the servers hosting MAPS
- Any work to network or firewall configurations on the server hosting MAPS
- Installing database drivers updates for database providers
- Professional Services can provide guidance on installation
- Direct management of auxiliary systems and resources for MAPS
- Email servers
- FTP servers
- Includes installing print drivers or network printers directly onto the server hosting MAPS
- Generating SSL certificates and working with the client’s Certificate Authority
- Log into MAPS applications unauthorized
- Approving Data Dictionary Suggestions to Contributions
- Changing the MAPS environment to a clustering environment
- Resolution of server and applications slowness/instability issues
- Need to draw a line on when certain issues fall under Product Support and follow the process to flow into Engineering
Unless otherwise specified in the Statement of Work (SOW), Vendor (Evisions) shall be responsible for providing the Professional Services staff with the equipment, software and other resources necessary to provide consulting services.
Remote Access and Connectivity Guidelines
Remote access to customer environments includes access to servers/virtual machines within the customer network and environment is supported by the following means:
- Secure Remote Desktop Protocol (RDP) with Multi-factor authentication (MFA) support.
Note: Non-secure RDP isn’t supported. Secure RDP access without MFA is also not supported.
- Virtual private network (VPN) connection
- Customer must provide relevant Evisions staff each with a unique username and password.
- Customer provided VPN solution should allow Evisions employees to change the initial password assigned because customer staff also know that password.
- Multi-factor authentication (MFA) support is highly recommended.
User Account Provisioning Guidelines (Account Provisioned by Customer)
- User access must be configured using the principle of Least Privilege.
- Passwords must meet minimum configuration requirements that meet or surpass industry standard practices for password configuration, management and obscurity.
- A unique user account must be created for and assigned to each individual who has permission to access customers information systems. The Evisions account holder is responsible for all actions performed by the account which is why the initial password needs to be changed after first login by Evisions staff.
- Use of shared accounts is prohibited by Evisions.