Cisco Managed Services Portfolio: Requirements Document
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 2
Requirements Document
Table of Contents Introduction 3 MSCP Service Descriptions 4 Managed Connectivity 4 Managed Security 5 Managed Unified Communications 5 Managed Mobile Communications 6 Managed Data Center 7 Managed Connectivity 8 MPLS VPN 9 Metro Ethernet 16 Managed Internet Service 21 IP Trunking 25 Router 32 IPSec VPN 33 LAN 35 Frame Relay/ATM 37 Managed Security 38 Firewall 39 IDS/IPS 44 Secure Router 50 Managed Unified Communications 52 Business Communications 53 Unified Contact Center (Managed) 58 Unified Contact Center (Hosted) 64 Hosted Unified Communications 70 Managed Mobile Communications 72 Wireless LAN 73 Managed Data Center 76 WaaS 77
Hosting/Co-Location 81 Appendix 1: Acronyms 83
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 3
Requirements Document
Introduction
This document outlines the managed service specific requirements at all levels of the MSCP model and should be used in conjunction with the Cisco Offer Based Channel Model Audit and Policies Document when preparing for a Managed Services Channel Program Audit.
The Cisco Offer Based Channel Model Audit and Policies Document covers the core requirements of the MSCP regardless of the types of managed services offered; it focuses on the Network Operations Center service management according to ITIL recommendations.
To qualify as a Cisco Managed Service, the offer must include proactive monitoring, remote troubleshooting capabilities from your NOC, and minimum 1-year SLA with the end-user customer, and must meet the additional requirements specified within this document.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 4
Requirements Document
MSCP Service Descriptions
These tables provide an overview of services only. See linked sections for details.
Managed Connectivity
MPLS VPN A Cisco Powered managed MPLS VPN service provides private IP networks with high quality, secure, any-to-any connectivity.
The service is based on the Cisco IP NGN Architecture, Multi Protocol Label Switching (MPLS) and Cisco Design and Implementation Guides.
The service delivers appropriate levels of latency, jitter, and packet loss to ensure the successful, concurrent handling of multiple types of traffic, especially voice and video, from customer site to customer site.
The network classifies and prioritizes traffic flows from end to end, enabling SLAs for multiple classes of service.
The service also provides comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.
Metro Ethernet A Cisco Powered managed Metro Ethernet service provides high-speed, site-to-site connectivity. It supports the delivery of voice, video and other mission-critical applications.
This service is based on the Cisco IP NGN Architecture, Cisco Design and Implementation Guide, and Metro Ethernet Forum standards and specifications.
The service delivers a variety of point-to-point and multipoint Ethernet services over Layer 1, Layer 2, and Layer 3 topologies with seamless integration. It allows for QoS functionality, including classification and prioritization techniques to enable multiple levels of service.
The service also provides comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.
Managed Internet Service
A Cisco Powered managed Internet service delivers secure Internet connectivity.
This service is based on the Cisco self-defending network architecture and is built upon a secure infrastructure.
The service delivers connectivity for users regardless of location and access methods. It is backed by comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.
The service offers service-level agreements for network performance and service availability, supports quality of service (QoS) techniques, access control lists, and other industry best practices.
IP Trunking A Cisco Powered managed IP Trunking service is a Session Initiation Protocol (SIP)-based trunk from the service provider to an IP PBX or key system, delivering voice, multimedia, and data traffic.
The service provider provides basic connectivity, emergency services, dial plan management and operator services. Local and long distance call connections are completed by the service provider. A managed IP Trunking service includes the IP termination service and features a PBX with a gateway, an IAD or an IP PBX.
The service provides comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.
Router A managed router service provides remote router configuration, management, and maintenance. This service delivers 24x7 management and monitoring of customer site routers in a Wide Area Network (WAN).
IPSec VPN A managed security IPSec VPN service provides secure site-to-site connectivity through encrypted data streams over a private or public network.
This service is based on RFC specifications and protocol, a framework of open standards.
This service delivers IPSec encryption and tunneling protocols, data confidentiality, data integrity, and data authentication over unprotected networks such as the Internet.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 5
Requirements Document
LAN A managed Local Area Network (LAN) service provides remote LAN switch configuration, management and maintenance.
Frame Relay/ATM A managed Frame Relay/ATM service delivers Layer 2 site to site connectivity over a Frame Relay or ATM network.
This service delivers 24x7 management, monitoring and maintenance of customer site routers in a Wide Area Network (WAN).
Managed Security
Firewall A Cisco Powered managed firewall service provides Cisco proven firewall technology solutions to help customers better protect their business infrastructure.
The service is managed from a security operations center (SOC). It supports the key features available on the Cisco firewall solutions, such as network bandwidth optimization and anti-IP address spoofing, and conforms to Cisco and industry best practices.
The service provides comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.
IDS/IPS A Cisco Powered managed Intrusion Detection (IDS)/Intrusion Prevention (IPS) service provides Cisco deep-packet, inspection-based technology to better protect a customer’s business Infrastructure.
This service delivers real-time monitoring and detection and mitigation of many types of malicious network traffic, such as DDoS attacks.
The service is managed from a security operations center (SOC) and is deployed at strategic locations across the enterprise network. It supports the key features available on the Cisco IDS/IPS solutions and conforms to Cisco and industry best practices.
The service provides comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.
Secure Router A managed secure router is a managed WAN router with integrated security to provide secure connectivity.
This service is based on the Integrated Services Router (ISR) security bundles that are packaged in 3 forms: Entry bundle for basic security, enhanced bundle for added performance and scale, and V3PN for integrated security and IP communications.
This service delivers 24x7x365 management, monitoring, and maintenance of network traffic flows. Included are comprehensive SLAs covering the overall performance of the service and online access to real-time and historical service-performance reports.
Managed Unified Communications
Business Communications
A Cisco Powered managed firewall service provides Cisco proven firewall technology solutions to help customers better protect their business infrastructure.
The service provides the integration of voice, video, and other collaborative data applications into intelligent network communications solutions. These solutions, including IP telephony, unified communications, and rich-media conferencing, take full advantage the power, resilience, and flexibility of an organization’s UC network. The service is provided with quality of service (QoS) capabilities that ensure a consistent experience, service resiliency options for site design, and embedded security capabilities that protect the customer environment.
The service provides comprehensive SLAs for service performance and a Web portal that provides real time and historical performance analysis.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 6
Requirements Document
Unified Contact Center (Managed)
A Cisco Powered Managed Unified Contact Center Service provides an IP-based, centralized infrastructure that can support many distributed sites.
The service offers a full suite of contact management services that can be implemented immediately or incrementally.
The service enables customer deployments of < 10 agents and scaling up to > 1,000 agents and provides customers administrative control options for their environment.
This service delivers intelligent call routing, network-to-desktop CTI, and multi-channel contact management over an IP network to contact center agents. The solution also delivers TDM to IP connectivity with Cisco VoIP gateways, and media termination with Cisco IP phones.
The service provides comprehensive SLAs for service performance, a Web Portal that provides real time and historical performance analysis.
Unified Contact Center (Hosted)
A Cisco Powered Managed Unified Contact Center Service provides an IP-based, centralized infrastructure that can support many distributed sites.
The service offers a full suite of contact management services that can be implemented immediately or incrementally.
The service enables customer deployments of < 10 agents and scaling up to > 1,000 agents and provides customers administrative control options for their environment.
This service delivers intelligent call routing, network-to-desktop CTI, and multi-channel contact management over an IP network to contact center agents. The solution also delivers TDM to IP connectivity with Cisco VoIP gateways, and media termination with Cisco IP phones.
The service provides comprehensive SLAs for service performance, a Web Portal that provides real time and historical performance analysis.
Hosted Unified Communications
A Cisco Powered Hosted Unified Communication Service (HUCS) has been designed to deliver a suite of UC applications for deployments where a centralized, partitionable environment provides an economic advantage to a more traditional, on customer premises distributed deployment.
The Cisco HUCS solution provides maximum scalability and simplified provisioning. The infrastructure equipment and service are both owned and managed by the service provider, so end users can eliminate the cost and complexity of buying and managing their own unified communications solutions.
In a Cisco HUCS environment, each customer has a unique dial plan, set of phone numbers, voicemail, and other resources. The service provider operates one call-control network for all customers, enjoying significant economies of scale that can lead to lower capital and operational expenses, competitive prices to customers, and a new revenue stream.
The Cisco HUCS gives managed service providers a new way to cost effectively leverage their network infrastructure to gain new revenue. For end users, the service saves time, money, and reduces complexity letting them concentrate on their core competencies.
Managed Mobile Communications
Wireless LAN A managed wireless LAN service extends the corporate network securely, allowing employees to conduct business anywhere, anytime, from any device.
The service has integral security capabilities that protect both the device and the enterprise network with quality of service (QoS), availability, and reliability.
It supports advanced wireless capabilities such as Wi-Fi Multimedia, virtual LANs, and fast, secure layer 2 and 3 roaming for seamless mobility.
Hosting/Co-Location This Cisco Powered managed hosting service provides the secure hosting of Web or other application servers, and related Internet connectivity. The service scales from basic co-location, where the customer owns the equipment “in the cage”, to traditional Web hosting, where the provider owns the servers and all related equipment.
Essentially, the baseline offering would provide space, power, and pipe in an environmentally controlled fire protected facility with redundant power and network connectivity. The higher end offering is a more complex service built upon a highly network secured and resilient infrastructure that conforms to Cisco’s data center V-Frame design guidelines for virtual application/server functionality and application control server load balancing.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 7
Requirements Document
The service ranges from offering 24x7 continuous monitoring over servers and network, to incremental offerings of real time and historical traffic reporting and server performance via a customer portal with some level of customer control if required. Additionally, the hosted applications scale from being horizontally offered, to multiple vertically defined offers across industry sectors.
The service is backed by comprehensive SLAs for service performance, including network availability, server availability, and server implementation timelines.
Managed Data Center
WAAS A Cisco Powered Managed Wide Area Application Service (WAAS) is a powerful application acceleration and WAN optimization solution that optimizes the performance of any TCP-based application delivered across a WAN.
A Managed WAAS is a component of Cisco’s Data Center 3.0 architecture that enables partners to offer a comprehensive portfolio of application networking solutions and technologies that result in the optimization and secure delivery of business applications from data centers to branches and mobile end users.
This purpose-built software and hardware service allows customers to consolidate costly branch servers and storage into data centers, and deploy new applications centrally, while still offering LAN-like performance for any employee regardless of location.
The service offers lower total cost of ownership (TCO), ease of operation through network transparency, reliable deployment of applications and preserves the security of accelerated traffic.
Hosting/Co-Location This Cisco Powered managed hosting service provides the secure hosting of Web or other application servers, and related Internet connectivity. The service scales from basic co-location, where the customer owns the equipment “in the cage”, to traditional Web hosting, where the provider owns the servers and all related equipment.
Essentially, the baseline offering would provide space, power, and pipe in an environmentally controlled fire protected facility with redundant power and network connectivity. The higher end offering is a more complex service built upon a highly network secured and resilient infrastructure that conforms to Cisco’s data center V-Frame design guidelines for virtual application/server
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 8
Requirements Document
Managed Connectivity
Benefits and Requirements
Benefit Description Cisco
Powered Strategic Legacy
Eligible for Discount Products within this category are eligible for program discount (upon certification or designation approval) • • •
Eligible for Rebate Products within this category are eligible for program rebate (upon certification or designation approval) •
Eligible for Global Procurement
Products within this category are eligible for global procurement (upon certification or designation approval) • • •
Eligible for Branding and Additional Marketing Benefits
Approved managed services within this category are eligible for branding and additional marketing benefits •
Trade-In Credits Approved managed services within this category can be combined with trade-in credits • • •
Incentive Programs, Rebates, Offers
Approved managed services within this category can be combined with resale-based incentive program discounts (OIP, VIP, SIP), rebates, and offers
Benefit Description Cisco
Powered Strategic Legacy
Real-time Monitoring Managed Services are proactively monitored via the Partner’s NOC • • •
24x7 Service Availability
Service management is available 24x7 • • •
SLAs The Managed Service provider must back SLAs with terms of one-year (or greater) • • •
Technical Attributes Technical attributes for the managed services in this category are defined • •
Service Management Service management requirements are stipulated • • POS Customer Reports
Partner must provide POS customer information on a monthly basis. Customer information collected as part of the requirement will be used for program governance only.
• • •
Eligible Products Managed services within this category have a pre-established set of eligible Cisco products • • •
≥ 50% Cisco Infrastructure
The transport Managed Services in this category must be based partially or wholly on Cisco infrastructure, with at least 50% of the provider edge provisioned on Cisco platforms and that absorb Cisco based infrastructure ports when the Managed Service is provisioned
• •
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 9
Requirements Document
MPLS VPN
Network Requirements Cisco Powered Managed Services To qualify as a Cisco Powered Managed service, the IP transport must be based partially or wholly on Cisco infrastructure, with at least 50% of the provider edge provisioned on Cisco platforms and that absorb Cisco based infrastructure ports when the Managed Service is provisioned.
Strategic Managed Services
Same as Cisco Powered Managed Services requirements
Legacy Managed Services
N/A
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Network foundation for VPN service must be based on IP/MPLS
Network design diagram or Technical Service Description (TSD) demonstrating the deployment of MPLS over a Cisco IP network. Refer to RFC 2547—BGP/MPLS VPN.
Connectivity provided to the Internet from the VPN
Partner must demonstrate that the service offers Internet connectivity across the MPLS backbone to eliminate the need to carry Internet bound traffic back to a customer’s regional HQ site and then on to the external Internet connection. A default route to the Internet can be injected in to the VPN, drawing traffic that does not go to a specific location on the customer network. A managed firewall then screens traffic.
Customer ability to select a full mesh VPN option where all sites can pass traffic directly to each other
Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Customer ability to select a design configuration option that will emulate a hub and spoke environment
Part of the MSD, or Partner must be able to demonstrate network design option available to customer
Extranet access to VPN The service offering needs to include the ability to connect to a Community of interest network. This extranet allows interested companies to connect together to share information. Partner must demonstrate how this service is secured to ensure that each customer’s VPN is protected from access by another company.
Layer 3 network reach The network needs to support IP routing capability, as opposed to Layer 1 or Layer 2 backhaul services, to provide the full benefits of Layer 3 connectivity in each country or region the service is offered in. Partner must be able to demonstrate the existence of a network design process to ensure this. This must include the decision criteria of what the routing node distribution needs to be to adequately cover population densities in each country served.
Customer Edge—Provider Edge routing protocol support
Partner must support BGP, OSPF, EIGRP and static routing protocols between the CPE and the Provider Edge Router
Remote access via Internet Service must support the ability to gain access to VPN resources via the Internet. Partner must demonstrate how this is achieved. May require client software on remote User access devices.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 10
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Network foundation for VPN service must be based on IP/MPLS
Network design diagram or technical service description demonstrating the deployment of MPLS over a Cisco IP network. Refer to RFC 2547—BGP/MPLS VPN.
Connectivity to the Internet must be available as an option for the service
Partner must demonstrate that the service offers Internet connectivity across the MPLS backbone to eliminate the need to carry Internet bound traffic back to a customers regional HQ site and then on to the external Internet connection. A default route to the Internet can be injected in to the VPN, drawing traffic that does not go to a specific location on the customer network. A managed firewall then screens traffic.
Customer ability to select a full mesh VPN option where all sites can pass traffic directly to each other
Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Remote access via Internet Service must support the ability to gain access to VPN resources via the Internet. Partner must demonstrate how this is achieved. May require client software on remote User access devices.
Legacy Managed Services
N/A
Quality of Service
Quality of Service (QoS) features that enhance the capabilities of the service to support all traffic types over a converged infrastructure
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
At least 5 classes of service available Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
If narrowband (< E1/T1) access links are supported, support mechanisms must be offered to help ensure that delay-sensitive traffic receives the required QoS
Network design criteria for narrowband links must include consideration for supporting multiple traffic classes; mechanisms may include MLPPP and FRF.12
Overall network design capability to transport customer settings across the network transparently, regardless of the number of classes of service supported and the QoS settings available
Detailed in MSD or part of network design criteria
The following QoS features must be implemented in the PE nodes:
• Policed High Priority-Queue
• Assured Forwarding Queue
• Packet Sequence Preservation
Partner must demonstrate that a mechanism is in place to limit overall traffic entering the HP-Q such that the lower classes are not starved of bandwidth. Partner must demonstrate that the Video traffic from a customer can be streamed into the AF-Queue. This must be shaped to provide the required behavior for Video, allowing it to not be dropped but still receive predictable jitter and delay. If the customer sends more traffic for a class than is subscribed to, the excess traffic must not be put in to a separate class, but remain in the same CoS queue and marked for discard in the event of congestion. This avoids a TCP stream being split up and potentially being delivered via two queues which are drained at different rates, causing out of sequence arrival.
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
At least 3 classes of service available Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 11
Requirements Document
Device-Level Security
Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must demonstrate that the following capabilities have been implemented to protect the data plane on each device:
• Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
• Unicast Reverse Path Forwarding (URPF)—mitigates problems caused by the introduction of malformed or spoofed IP Source addresses
• Remotely Triggered Black Hole (RTBH)—drops packets based on source address and can be used while device is under attack
• QoS tools—used to protect against flooding attacks
Clearly defined and documented security procedures that describe how the following are implemented as part of an overall security policy:
• Infrastructure ACLs are applied to the network core
• Drops packets without a verified source address
• A filtering method for dropping malicious traffic at the peering edge of the network
• Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit) Note: Current specifications are applicable, but newer releases and revisions may supersede the herein outlined requirements.
Note: Current specifications are applicable, but newer releases and revisions may supersede the herein outlined requirements.
Control Plane
Partner must demonstrate the following capabilities have been implemented to protect the control plane on each device:
• Receive ACLs—limits the type of traffic that can be forwarded to the processor
• Control Plane Policing (CPP)—provides QoS control for the packets destined to the control plane of the device. Ensures adequate bandwidth reserved for high priority traffic such as routing protocols
• Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
• Auto secure procedures in place
Partner must
• Demonstrate use of ACLs in security policy
• Demonstrate use of QoS control in security policy
• Demonstrate use of MD5 neighbor authentication in security policy
• Demonstrate lock down of devices using industry best practices (NSA)
Management Plane
Partner must demonstrate the following capabilities have been implemented to protect the management plane on each device:
• CPU and memory thresholding— protects CPU and memory resources of IOS devices against DDoS attacks
• Dual export syslog—increases availability by exporting information to dual collectors
• Procedures to prevent unauthorized management access to devices
• Procedure in place to react to thresholds being exceeded or documentation in support of functionality
• Part of design for collection of management information from each device
• Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 12
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Data Plane
Policy for protection against security attacks Clearly defined and documented security policy covering protection of infrastructure from security attacks
Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core
QoS tools—used to protect against flooding attacks
Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services
N/A
Security Infrastructure: DDoS Protection
Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Cleanpipes DDoS infrastructure protection—detailed at http://www.cisco.com/en/US/netsol/ns615/networking_solutions_sub_solution.html Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Regional Cleaning Centers deployed using Cisco Guard solution
Evidence of network design that includes Cleaning Centers
Network based mechanism to identify, classify and mitigate attacks based on anomaly characteristics
Demonstrated process to identify, classify and mitigate attacks based on anomaly characteristics
Process to baseline normal traffic loads periodically, at least weekly; must be repeated on a regular basis as agreed with the customer
Demonstrated process for periodic baseline of traffic loads; must be at least weekly and repeated as agreed with customer
Ability to conduct network based traffic tuning on the detection network for at least 24 hours at peak traffic time
Demonstrated process for network based traffic tuning on the detection network for at least 24 hours at peak traffic time
Strategic Managed Services
Not a requirement at this level
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 13
Requirements Document
Resiliency and Redundancy
Implementation of technology that enables network wide resiliency for IP networks, as described at http://www.cisco.com/ en/US/partner/products/ps6550/products_ios_technology_home.html Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Device level resiliency H/W—effective design process to ensure deployment where applicable to enhance device level hardware resiliency
Design processes or sample PE node config. which makes use of features such as redundant processors, line cards, switch fabric and power
Device level resiliency S/W—effective design process to ensure use of software features enhance device level resiliency
Use of Non-Stop Forwarding (NSF) and Stateful Switchover (SSO)
Transport level resiliency—effective deployment of link or transport level resiliency features within network design
Design features such as SONET/SDH APS, Resilient Packet Ring (RPR), Etherchannel, Spanning-Tree Protocol (STP)
Protocol level resiliency—effective deployment of protocol level resiliency features to enhance availability
Layer 3 protocols. These should include: Hot Standby Routing Protocol (HSRP) RFC 2281, Virtual Router Redundancy Protocol (VRRP) RFC 2338, MPLS-TE, BGP graceful restart, NSF on OSPF/IS-IS.
Convergence time tuning procedures— procedures in place to tune convergence times where applicable
Demonstrated use of features such as fast reroute (FRR), BGP multipath, failure detection and recovery tuning, routing protocol optimization, IP even dampening
Application level resiliency—procedures to ensure availability of critical applications
Use of features such as Global server load balancing, S NAT, Stateful IPSec, DNS, DHCP, Cisco server load balancing
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Network architecture design to meet the levels of guaranteed service availability
Demonstration of design process in place to ensure target network availability can be met. Should include reference to areas of availability specified in Cisco Powered Managed Services requirements.
Legacy Managed Services
N/A
Options for Site Network Resiliency
Implementation of technology that enables network wide resiliency for IP networks, as described at http://www.cisco.com/ en/US/partner/products/ps6550/products_ios_technology_home.html Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
If leased lines are delivered over a SONET/SDH infrastructure, protection must be offered for the circuit
Marketing Service Description (MSD) must include this as an option, or Partner must demonstrate service designs that have incorporated this feature
Customer option to backup a link from a site into the VPN network
MSD must include an option for sites to connect to the same PE node. Technology such as ISDN, EVDO may be used depending on access type and speed. Consideration in network design must be given for impact on traffic supported, such as rerouting Voice traffic to an alternate path.
Ability to dual home the CPE into 2 separate nodes in the aggregation network
As above, MSD should include this option or Partner must demonstrate use of it in network designs
Customer option to encrypt the access link between Customer premises and Provider Edge
Partner must demonstrate support for IPSec encryption, or similar solution, for additional level of security before the traffic gets into the MPLS VPN
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 14
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Customer option to backup a link from a site into the VPN network
MSD must include an option for sites to connect to the same PE node. Technology such as ISDN, EVDO may be used depending on access type and speed. Consideration in network design must be given for impact on traffic supported, such as rerouting Voice traffic to an alternate path.
Customer option to encrypt the access link between Customer premises and Provider Edge
Partner must demonstrate support for IPSec encryption, or similar solution, for additional level of security before the traffic gets into the MPLS VPN
Legacy Managed Services
N/A
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 4 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 4 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.99% availability
Jitter: Jitter guarantee of <30 msecs Partner must provide actual SLA offering Jitter guarantee of <30 msecs
Packet Delay: Guarantee of <150msecs Intra-continental (e.g., within Europe or U.S.) and <300 msecs for Global (e.g., between Europe and U.S. Trans-Oceanic)
Partner must provide actual SLA offering guarantee of <150msecs Intra-continental (e.g., within Europe or U.S.) and <300 msecs for Global (e.g., between Europe and U.S. Trans-Oceanic)
Packet Loss Ratio: Guarantee of 1% or less packet loss for voice, video and business class data
Partner must provide actual SLA offering guarantee of 1% or less packet loss for these classes of service
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 60 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 60 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 24 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 24 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.9% availability
Jitter: Must offer an SLA for High Priority service class
Must offer an SLA for Jitter for High Priority service class
Packet Delay: Must offer an SLA for High Priority service class
Must offer an SLA for Packet delay for High Priority service class
Packet Loss Ratio: Must offer an SLA for at least one class of service
Must offer an SLA for Packet Loss for at least one class of service
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 15
Requirements Document
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
VPN Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status of individual VPN. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Separate performance reports for each class of service supported
Example reports for each class of service
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
VPN Service Reports distributed on a regular schedule agreed with the customer
Example reports provided or demonstration of Web portal with ability to select report(s)
Separate performance reports for each class of service supported
Example reports for each class of service
Legacy Managed Services
N/A
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Network health
• Real-time status map
• Trouble ticket status
• Summary reports
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Not a requirement at this level
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 16
Requirements Document
Metro Ethernet
Network Requirements
Cisco Powered Managed Services
To qualify as a Cisco Powered Managed service, the IP transport must be based partially or wholly on Cisco infrastructure, with at least 50% of the provider edge provisioned on Cisco platforms and that absorb Cisco based infrastructure ports when the Managed Service is provisioned.
Strategic Managed Services
Same as Cisco Powered Managed Services requirements
Legacy Managed Services
N/A
Architecture and Technical Attributes
If Partner can provide evidence of certification to Metro Ethernet Forum 6 and 10.1 or MEF 9 test suite then this section is considered compliant. See http://metroethernetforum.org Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Support for at least two of the three service types defined in the Metro Ethernet Forum (MEF) guidelines sections 6 and 10.1
Partner must demonstrate support for at least two of the three following service types: point-to-point EVC (E-Line), root-to-leaf EVC and multipoint to multipoint EVC (E-LAN), as described in section 6.1
Ability to connect multiple CPE devices from the same site
Documented evidence in the Marketing Service Description (MSD) or equivalent documentation outlining customer design options
Service frame transparency—deliver frames across the service without adversely affecting the format
See MEF 10.1 sec 6.5.3
Layer 2 control processing requirements Conformance to the mandatory requirements in MEF 6 section 7 table 9
E-LMI support Service must support the E-LMI functionality mandated in MEF 16, specifically the ability to auto-configure the CE and to provide EVC status information
Provision of a service that allows the customer to specify which VLAN ID they use
See MEF 10.1 sec 7. The service must allow the preservation of the CE-VLAN ID, or for this to be different at the ingress and egress UNI.
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support for at least one service as defined in the Metro Ethernet Forum (MEF) guidelines sections 6 and 10.1—Ethernet Virtual Leased Lines or Virtual Private LAN Service
Partner must demonstrate support for at least two of the three following service types: point to point EVC, multipoint EVC E-Line) and multipoint to multipoint EVC—(E-LAN), described in section 6.1. UNI 1.1 or UNI 1.2 as specified in MEF 13
Service frame transparency—deliver frames across the service without adversely affecting the format
See MEF 10.1 sec 6.5.3
Layer 2 control processing requirements Conformance to the mandatory requirements in MEF 6 section 7 table 9
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 17
Requirements Document
Quality of Service
Quality of Service (QoS) features that enhance the capabilities of the service to support all traffic types over a converged infrastructure
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Ability to support hierarchal shaping, including:
• Class level
• VLAN level
• Physical or port level
Demonstrated capability in the network design
Bandwidth profile for ingress and egress ports See MEF 10.1 sec 7.11. Partner must offer the ability to enforce a bandwidth profile on both the ingress and egress UNIs. Coloring must be in accordance with table 7.11.2.
At least 2 classes of services are available Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Full range of Access Support As specified in MEF 10.1 table 12
Ability to scale bandwidth offered to the customer through remote configuration, including offering customer access to different bandwidth options over the physical link
Demonstration of capability from customer portal or description from Marketing Service Description (MSD)
Support for a VLAN connected to the Internet with appropriate security support (see below)
Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Support of access to an MPLS VPN; if this option is used, the customer must be able to use this service as a connection option with the same QoS/CoS characteristics
Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Ability to support Gigabit Ethernet access Detailed in Marketing Service Description (MSD) or part of network design criteria
Support for a VLAN connected to the Internet Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 18
Requirements Document
Options for Site Network Resiliency: Service Protection
If Partner can provide evidence of certification to Metro Ethernet Forum 2 then this section is considered compliant. See http://metroethernetforum.org Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Ability for subscriber of the service to request different protection parameters for Ethernet services
See MEF 2 section 9.1 http://metroethernetforum.org/page_loader.php?p_id=29
Partner must provide the following options for site network resiliency:
• Unprotected service: Basic service with no resiliency options
• Fully load shared links: Traffic is load shared down redundant paths
• Active/passive links: One link is active and monitored. Under failure conditions the backup link is enabled
Demonstrated in Technical Service Description (TSD) or other available document
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Site resiliency options MSD (or other available document) must detail at least two levels of site resiliency. Features to enable this include Layer 1 protection (SONET/SDH), option to connect multiple CPEs onsite, dual homing
Legacy Managed Services
N/A
Service Level Management: Required SLA Components
If Partner can provide evidence of certification to Metro Ethernet Forum 2 then this section is considered compliant. See http://metroethernetforum.org Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 4 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 4 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.99% availability
Service Restoration Time: Measures how quickly the network will respond to failure on a specific service to restore connectivity without operator intervention
See MEF 2. SLA must offer all of the four options—from 50 msecs to sub 5 secs specified in 9.1.2 R4
Jitter: Jitter guarantee of <30 msecs Partner must provide actual SLA offering Jitter guarantee of <30 msecs
Packet Delay: Guarantee of <150msecs Intra-continental (e.g., within Europe or U.S.) and <300 msecs for Global (e.g., between Europe and U.S. Trans-Oceanic)
Partner must provide actual SLA offering guarantee of <150msecs Intra-continental (e.g., within Europe or U.S.) and <300 msecs for Global (e.g., between Europe and U.S. Trans-Oceanic
Packet Loss Ratio: Guarantee of 1% or less packet loss for voice, video and business class data
Partner must provide actual SLA offering guarantee of 1% or less packet loss for these classes of service
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 19
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 60 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 60 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 24 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 24 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.9% availability
Service Restoration Time: Must offer an SLA for Service Restoration Time
See MEF 2. SLA must offer all of the four options—from 50 msecs to sub 5 secs specified in 9.1.2 R4
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
VPN Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Separate performance reports for each class of service supported
Examples of separate reports for each class of service
Bandwidth on Demand: Partner must offer the customer the option to provision bandwidth via a Web portal without Partner intervention
Capability demonstrated via Web portal
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Partner must provide service performance reports to the customer on a regular basis that compare actual performance to agreed service levels
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 20
Requirements Document
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Network health
• Real-time status map
• Trouble ticket status
• Summary reports
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Partner must demonstrate the capability to pro-actively inform the customer on key issues that affect the ability for the service to meet agreed performance levels.
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 21
Requirements Document
Managed Internet Service
Device-Level Security
Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must demonstrate that the following capabilities have been implemented to protect the data plane on each device:
• Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
• Unicast Reverse Path Forwarding (URPF)—mitigates problems caused by the introduction of malformed or spoofed IP Source addresses
• Remotely Triggered Black Hole (RTBH)—drops packets based on source address and can be used while device is under attack
• QoS tools—used to protect against flooding attacks
Clearly defined and documented security procedures that describe how the following are implemented as part of an overall security policy:
• Infrastructure ACLs are applied to the network core
• Drops packets without a verified source address
• A filtering method for dropping malicious traffic at the peering edge of the network
• Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Note: Current specifications are applicable, but newer releases and revisions may supersede the herein outlined requirements.
Control Plane Partner must demonstrate the following capabilities have been implemented to protect the control plane on each device:
• Receive ACLs—limits the type of traffic that can be forwarded to the processor
• Control Plane Policing (CPP)—provides QoS control for the packets destined to the control plane of the device. Ensures adequate bandwidth reserved for high priority traffic such as routing protocols
• Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
• Auto secure procedures in place
Partner must
• Demonstrate use of ACLs in security policy
• Demonstrate use of QoS control in security policy
• Demonstrate use of MD5 neighbor authentication in security policy
• Demonstrate lock down of devices using industry best practices (NSA)
Management Plane Partner must demonstrate the following capabilities have been implemented to protect the management plane on each device:
• CPU and memory thresholding— protects CPU and memory resources of IOS devices against DDoS attacks
• Dual export syslog—increases availability by exporting information to dual collectors
• Procedures to prevent unauthorized management access to devices
• Procedure in place to react to thresholds being exceeded or documentation in support of functionality
• Part of design for collection of management information from each device
• Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 22
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Data Plane
Policy for protection against security attacks Clearly defined and documented security policy covering protection of infrastructure from security attacks
Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core
QoS tools—used to protect against flooding attacks
Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+. Demonstrated in Technical Service Description (TSD) or other available document
Legacy Managed Services No device-level security requirements at this level
Security Infrastructure: DDoS Protection
Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Cleanpipes DDoS infrastructure protection—detailed at http://www.cisco.com/en/US/netsol/ns615/networking_solutions_sub_solution.html Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Regional Cleaning Centers deployed using Cisco Guard solution
Evidence of network design that includes Cleaning Centers
Network based mechanism to identify, classify and mitigate attacks based on anomaly characteristics
Demonstrated process to identify, classify and mitigate attacks based on anomaly characteristics
Process to baseline normal traffic loads periodically, at least weekly; must be repeated on a regular basis as agreed with the customer
Demonstrated process for periodic baseline of traffic loads; must be at least weekly and repeated as agreed with customer
Ability to conduct network based traffic tuning on the detection network for at least 24 hours at peak traffic time
Demonstrated process for network based traffic tuning on the detection network for at least 24 hours at peak traffic time
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
N/A
Legacy Managed Services
No DDoS protection requirements at this level
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 23
Requirements Document
Resiliency and Redundancy
Implementation of technology that enables network wide resiliency for IP networks, as described at http://www.cisco.com/ en/US/partner/products/ps6550/products_ios_technology_home.html Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Device level resiliency H/W—effective design process to ensure deployment where applicable to enhance device level hardware resiliency
Design processes or sample PE node config. which makes use of features such as redundant processors, line cards, switch fabric and power
Device level resiliency S/W—effective design process to ensure use of software features enhance device level resiliency
Use of Non-Stop Forwarding (NSF) and Stateful Switchover (SSO)
Transport level resiliency—effective deployment of link or transport level resiliency features within network design
Design features such as SONET/SDH APS, Resilient Packet Ring (RPR), Etherchannel, Spanning-Tree Protocol (STP)
Protocol level resiliency—effective deployment of protocol level resiliency features to enhance availability
Layer 3 protocols. These should include: Hot Standby Routing Protocol (HSRP) RFC 2281, Virtual Router Redundancy Protocol (VRRP) RFC 2338, MPLS-TE, BGP graceful restart, NSF on OSPF/IS-IS
Convergence time tuning procedures—procedures in place to tune convergence times where applicable
Demonstrated use of features such as fast reroute (FRR), BGP multipath, failure detection and recovery tuning, routing protocol optimization, IP even dampening
Application level resiliency—procedures to ensure availability of critical applications
Use of features such as Global server load balancing, S NAT, Stateful IPSec, DNS, DHCP, Cisco server load balancing
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Network architecture design to meet the levels of guaranteed service availability
Demonstration of design process in place to ensure target network availability can be met. Should include reference to areas of availability specified in Cisco Powered Managed Services requirements.
Legacy Managed Services
No resiliency and redundancy requirements at this level
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR
Partner must provide actual SLA offering MTTR for high priority issues
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.99% availability
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR
Partner must provide actual SLA offering MTTR for high priority issues
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.9% availability
Legacy Managed Services
Minimum 1 year Service Level Agreement in place with end-user customer
Partner must provide SLA outlining performance of the service to be expected
Proactive management of CPE devices Demonstration that the management capabilities offered to the customer meet the stated entry criteria for the program
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 24
Requirements Document
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Service reports available to the customer providing an overview of service performance
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services
No service reporting requirements at this level
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Real-time status map
• Monitoring report
• Usage report
Demonstration of Web portal from customer perspective demonstrating real time views, optional reports and service summary
Strategic Managed Services
Not a requirement at this level
Legacy Managed Services
No dashboard requirements at this level
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 25
Requirements Document
IP Trunking
Network Requirements
Cisco Powered Managed Services
To qualify as a Cisco Powered Managed service, the IP transport must be based partially or wholly on Cisco infrastructure, with at least 50% of the provider edge provisioned on Cisco platforms and that absorb Cisco based infrastructure ports when the Managed Service is provisioned.
Strategic Managed Services
Same as Cisco Powered Managed Services requirements
Legacy Managed Services
N/A
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
IP Trunking Service must be in compliance with RFC 3261
Partner must demonstrate that the service offers Internet connectivity across the MPLS backbone to eliminate the need to carry Internet bound traffic back to a customers regional HQ site and then on to the external Internet connection
IP Trunking Architecture must support Emergency Calls
As an example, E911 or country-specific regulatory specification
IP Trunking Architecture must be in compliance with RFC3264 “An Offer/Answer Model with Session Description Protocol (SDP)”
Part of the Marketing Service Description (MSD) or Partner must be able to demonstrate network design option available to customer
IP Trunking Service support for Managed Dial Plan Service: unified dial plan across multiple locations (N-digit/private dial plan w/ overlap between enterprises)
Part of the MSD or Partner must be able to demonstrate network design option available to customer in documentation
The Service Elements of IP Trunking Architecture must be hardened against DOS attacks and secured appropriately to counter unauthorized access
Conformance to NFP best practices for securing service elements using the same methods described for the MPLS VPN and other connectivity services
IP Trunking Architecture must be in compliance with RFC 2833 (DTMF Relay)
Part of the Marketing Service Description (MSD) or Partner must be able to demonstrate network design option available to customer
IP Trunking Service must support the codecs G.711 u-law and/or a-law
Part of the Marketing Service Description (MSD) or Partner must be able to demonstrate network design option available to customer
IP Trunking Architecture must provide demarcation between service provider network and customer network in order to grant the correct operational independence and security level for both networks
Part of the Marketing Service Description (MSD) or service diagram demonstrating compliance with Cisco IP-to-IP gateway
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 26
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
IP Trunking Service must be in compliance with RFC 3261
Partner must demonstrate that the service offers Internet connectivity across the MPLS backbone to eliminate the need to carry Internet bound traffic back to a customers regional HQ site and then on to the external Internet connection
IP Trunking Architecture must support Emergency Calls
As an example, E911 or country-specific regulatory specification
IP Trunking Architecture must be in compliance with RFC 2833 (DTMF Relay)
Part of the Marketing Service Description (MSD) or Partner must be able to demonstrate network design option available to customer
IP Trunking Service must support the codecs G.711 u-law and/or a-law
Part of the Marketing Service Description (MSD) or Partner must be able to demonstrate network design option available to customer
IP Trunking Architecture must provide demarcation between service provider network and customer network in order to grant the correct operational independence and security level for both networks
Part of the Marketing Service Description (MSD) or service diagram demonstrating compliance with Cisco IP-to-IP gateway
Legacy Managed Services
N/A
Quality of Service
Quality of Service (QoS) features that enhance the capabilities of the service to support all traffic types over a converged infrastructure
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
At least 5 classes of service available Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
If narrowband (< E1/T1) access links are supported, support mechanisms must be offered to help ensure that delay-sensitive traffic receives the required QoS; mechanisms may include MLPPP and FRF.12
Network design criteria for narrowband links must include consideration for supporting multiple traffic classes
Overall network design capability to transport customer settings across the network transparently, regardless of the number of classes of service supported and the QoS settings available
Detailed in MSD or part of network design criteria
Following QoS features must be implemented in the PE nodes
• Policed High Priority-Queue
• Assured Forwarding Queue
• Packet Sequence Preservation
• Real-time view of connectivity and status of individual VPN
Partner must demonstrate a mechanism is in place to limit overall traffic entering the HP-Q such that the lower classes are not starved of bandwidth. Partner must demonstrate that the Video traffic from a customer can be streamed into the AF-Q
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 27
Requirements Document
IP packet marking between SP and Enterprise Edge are recommended as follows:
• SIP Signaling Message: Diffserv PHB CS5 DSCP Value 40
• RTP Media: Diffserv PHB EF DSCP Value 46
• WAN Network Outage Survivability, in case of IP WAN Network Failure all sites must maintain capability to make calls through PSTN
Demonstrated in Technical Service Description (TSD) or other available document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
At least 3 classes of service available Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Legacy Managed Services N/A
Device-Level Security
Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must demonstrate that the following capabilities have been implemented to protect the data plane on each device:
• Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
• Unicast Reverse Path Forwarding (URPF)—mitigates problems caused by the introduction of malformed or spoofed IP Source addresses
• Remotely Triggered Black Hole (RTBH)—drops packets based on source address and can be used while device is under attack
• QoS tools—used to protect against flooding attacks
Clearly defined and documented security procedures that describe how the following are implemented as part of an overall security policy:
• Infrastructure ACLs are applied to the network core
• Drops packets without a verified source address
• A filtering method for dropping malicious traffic at the peering edge of the network
• Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Note: Current specifications are applicable, but newer releases and revisions may supersede the herein outlined requirements.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 28
Requirements Document
Control Plane Partner must demonstrate the following capabilities have been implemented to protect the control plane on each device:
• Receive ACLs—limits the type of traffic that can be forwarded to the processor
• Control Plane Policing (CPP)— provides QoS control for the packets destined to the control plane of the device. Ensures adequate bandwidth reserved for high priority traffic such as routing protocols
• Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
• Auto secure procedures in place
Partner must
• Demonstrate use of ACLs in security policy
• Demonstrate use of QoS control in security policy
• Demonstrate use of MD5 neighbor authentication in security policy
• Demonstrate lock down of devices using industry best practices (NSA)
IP Trunking architecture must support Transport Layer Security Protocol
Demonstrated in Technical Service Description (TSD) or other available document
IP Trunking architecture must have capability to reject non-TLS Traffic if desired
Demonstrated in Technical Service Description (TSD) or other available document
IP Trunking architecture must support MD5 Message Digest Algorithm
Demonstrated in Technical Service Description (TSD) or other available document
IP Trunking architecture must Support IPSec protocol
Demonstrated in Technical Service Description (TSD) or other available document
IP Trunking architecture must support the WWW-Authenticate header with “Digest” Authentication as specified in RFC-3261
Demonstrated in Technical Service Description (TSD) or other available document
IP Trunking architecture must support the HTTP authentication as specified in RFC-3261
Demonstrated in Technical Service Description (TSD) or other available document
Management Plane
Partner must demonstrate the following capabilities have been implemented to protect the management plane on each device:
• CPU and memory thresholding—protects CPU and memory resources of IOS devices against DDoS attacks
• Dual export syslog—increases availability by exporting information to dual collectors
• Procedures to prevent unauthorized management access to devices
• Procedure in place to react to thresholds being exceeded or documentation in support of functionality
• Part of design for collection of management information from each device
• Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Data Plane
Policy for protection against security attacks Clearly defined and documented security policy covering protection of infrastructure from security attacks
Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core
QoS tools—used to protect against flooding attacks
Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 29
Requirements Document
Control Plane Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
The Service Elements of IP Trunking Architecture must be hardened against DOS attacks and secured appropriately to counter unauthorized access
Demonstrated in Technical Service Description (TSD) or other available document
IP Trunking architecture must support Transport Layer Security Protocol
Demonstrated in Technical Service Description (TSD) or other available document
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services
N/A
Options for Site Network Resiliency Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
If leased lines are delivered over a SONET/SDH infrastructure, protection must be offered for the circuit
Marketing Service Description (MSD) must include this as an option, or Partner must demonstrate service designs that have incorporated this feature
Customer option to backup a link from a site into the VPN network
MSD must include an option for sites to connect to the same PE node. Technology such as ISDN, EVDO may be used depending on access type and speed. Consideration in network design must be given for impact on traffic supported, such as rerouting Voice traffic to an alternate path.
Ability to dual home the CPE into 2 separate nodes in the aggregation network
As above, MSD should include this option or Partner must demonstrate use of it in network designs
Customer option to encrypt the access link between Customer premises and Provider Edge
Partner must demonstrate support for IPSec encryption, or similar solution, for additional level of security before the traffic gets into the MPLS VPN
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Customer option to backup a link from a site into the VPN network
MSD must include an option for sites to connect to the same PE node. Technology such as ISDN, EVDO may be used depending on access type and speed. Consideration in network design must be given for impact on traffic supported, such as rerouting Voice traffic to an alternate path.
Customer option to encrypt the access link between Customer premises and Provider Edge
Partner must demonstrate support for IPSec encryption, or similar solution, for additional level of security before the traffic gets into the MPLS VPN
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 30
Requirements Document
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 4 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 4 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.99% availability
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 60 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 60 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 24 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 24 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.9% availability
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer.
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Separate performance reports for each class of service supported
Example reports for each class of service
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
VPN Service Reports distributed on a regular schedule agreed with the customer
Example reports provided or demonstration of Web portal with ability to select report(s)
Separate performance reports for each class of service supported
Example reports for each class of service
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 31
Requirements Document
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Network health
• Real-time status map
• Trouble ticket status
• Summary reports
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Partner must demonstrate the capability to proactively inform the customer on key issues that affect the ability for the service to meet agreed performance levels
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 32
Requirements Document
Router
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services N/A Legacy Managed Services Requirement Auditor Instructions (What to Look for)
Regular backups of router configuration Demonstrated process to ensure timely backup of configurations and ability to restore saved configurations if required
Software patch management Demonstrated support for proactive software patch management to help ensure the Managed Router has the correct service level
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
N/A
Legacy Managed Services
Requirement Auditor Instructions (What to Look for)
Minimum 1 year Service Level Agreement in place with end-user customer
Partner must provide SLA outlining performance of the service to be expected
Proactive management of CPE devices Demonstration that the management capabilities offered to the customer meet the stated entry criteria for the program
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
N/A
Legacy Managed Services
Requirement Auditor Instructions (What to Look for)
Service is proactively monitored by the Network Operations Center and customer is notified of any disruption to service levels
Network operations procedures verified to include proactive monitoring of the CPE, constant access to remote devices, alarm management to start working on problems without direct customer intervention
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 33
Requirements Document
IPSec VPN
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Partner must offer DES, 3DES and AES (where permitted) encryption for IPSec
Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Partner must offer managed Firewall service Generally part of the Marketing Service Description (MSD); other service description may also be acceptable
Legacy Managed Services
N/A
Device-Level Security
Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services
N/A
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Remote Access Service Accessibility: Must offer an SLA for successful remote access connections to the Gateway
Partner must provide actual SLA offering Remote Access Service Accessibility
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.99% availability
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 34
Requirements Document
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 35
Requirements Document
LAN
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services N/A Legacy Managed Services Requirement Auditor Instructions (What to Look for)
Solution design architected to meet customer requirements for levels of service performance
Demonstrated ability to translate customer business needs to network design. Staff training program to ensure up to date knowledge of latest solution capabilities
Software patch management Demonstrated support for proactive software patch management to help ensure the LAN equipment has the correct service level
Device-Level Security Cisco Powered Managed Services N/A Strategic Managed Services N/A Legacy Managed Services Requirement Auditor Instructions (What to Look for)
Procedures to prevent unauthorized management access to devices
Partner must demonstrate procedures to prevent unauthorized management access to devices
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
N/A
Legacy Managed Services
Requirement Auditor Instructions (What to Look for)
Minimum 1 year Service Level Agreement in place with end-user customer
Partner must provide SLA outlining performance of the service to be expected
Proactive management of CPE devices Demonstration that the management capabilities offered to the customer meet the stated entry criteria for the program
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 36
Requirements Document
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
N/A
Legacy Managed Services
Requirement Auditor Instructions (What to Look for)
Service is proactively monitored by the Network Operations Center and customer is notified of any disruption to service levels
Network operations procedures verified, including proactive monitoring of the CPE, constant access to remote devices, alarm management to start working on problems without direct customer intervention
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 37
Requirements Document
Frame Relay/ATM
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services N/A Legacy Managed Services Requirement Auditor Instructions (What to Look for)
Regular backups of router configuration Demonstrated process to ensure timely backup of configurations and ability to restore saved configurations if required
Software patch management Demonstrated support for proactive software patch management to help ensure the LAN equipment has the correct service level
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
N/A
Legacy Managed Services
Requirement Auditor Instructions (What to Look for)
Minimum 1 year Service Level Agreement in place with end-user customer
Partner must provide SLA outlining performance of the service to be expected
Proactive management of CPE devices Demonstration that the management capabilities offered to the customer meet the stated entry criteria for the program
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
N/A
Legacy Managed Services
Requirement Auditor Instructions (What to Look for)
Service is proactively monitored by the Network Operations Center and customer is notified of any disruption to service levels
Partner must be able to demonstrate the ability to proactively monitor the CPE in accordance to the basic rules of the program
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 38
Requirements Document
Managed Security
Benefits and Requirements
Benefit Description Cisco
Powered Strategic Legacy
Eligible for Discount Products within this category are eligible for program discount (upon certification or designation approval) • • •
Eligible for Rebate Products within this category are eligible for program rebate (upon certification or designation approval) •
Eligible for Global Procurement
Products within this category are eligible for global procurement (upon certification or designation approval) • • •
Eligible for Branding and Additional Marketing Benefits
Approved managed services within this category are eligible for branding and additional marketing benefits •
Trade-In Credits Approved managed services within this category can be combined with trade-in credits • • •
Incentive Programs, Rebates, Offers
Approved managed services within this category can be combined with resale-based incentive program discounts (OIP, VIP, SIP), rebates, and offers
Benefit Description Cisco
Powered Strategic Legacy
Real-time Monitoring Managed Services are proactively monitored via the Partner’s NOC • • •
24x7 Service Availability
Service management is available 24x7 • • •
SLAs The Managed Service provider must back SLAs with terms of one-year (or greater) • • •
Technical Attributes Technical attributes for the managed services in this category are defined • •
Service Management Service management requirements are stipulated • • POS Customer Reports
Partner must provide POS customer information on a monthly basis. Customer information collected as part of the requirement will be used for program governance only.
• • •
Eligible Products Managed services within this category have a pre-established set of eligible Cisco products • • •
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 39
Requirements Document
Firewall
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for Authentication, Authorization and Accounting features
Partner must demonstrate the use of User authentication servers such as RADIUS, TACACS, SDI, NT, LDAP, Local, Kerberos/Active Directory
Ability to fall back to local user database when external AAA is down
Partner must demonstrate the ability to support this function
Stateful, stateless failover in transparent and routed mode, active/active, and active/passive States
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of voice media failover Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Stateful failover protocols including TCP, UDP, ESP, IKE, GRE, and IPSec (pre-shared only)
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Access control based on Layer 2, Layer 3, Layer 4 and Layer 7 parameters. Layer 2 must support ether-type, source and destination IP addresses, protocols, TCP/UDP ports, and time schedule
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Multiple context of firewall Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Transparency of the firewall Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of a VoIP Inspection Engine, such as H323, MGCP, SCCP, or SIP. May include MGCP version 0.1 and 1.0, Cisco Unified Call Manager 4.1, SIP RFC 2543.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
QoS features, including support for traffic priority and policing and priority queuing; including committed rate conform action, burst rate and exceed action
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for tunneling protocols, including GRE, MPLS, IP-in-IP, and IPv6
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for multimedia applications, including Stream Works 2.0, Yahoo messenger, AOL (Chat or voice), MSN messenger (Chat or voice), MS Windows (SIP messenger)
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Access lists Generally part of the Technical Service Description (MSD), or demonstrated in configurations
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 40
Requirements Document
Device-Level Security
If the service includes Cisco IOS based Firewall services, the Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must demonstrate that the following capabilities have been implemented to protect the data plane on each device:
• Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
• Unicast Reverse Path Forwarding (URPF)—mitigates problems caused by the introduction of malformed or spoofed IP Source addresses
• Remotely Triggered Black Hole (RTBH)—drops packets based on source address and can be used while device is under attack
• QoS tools—used to protect against flooding attacks
Clearly defined and documented security procedures that describe how the following are implemented as part of an overall security policy:
• Infrastructure ACLs are applied to the network core
• Drops packets without a verified source address
• A filtering method for dropping malicious traffic at the peering edge of the network
• Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Note: Current specifications are applicable, but newer releases and revisions may supersede the herein outlined requirements.
Control Plane
Partner must demonstrate the following capabilities have been implemented to protect the control plane on each device:
• Receive ACLs—limits the type of traffic that can be forwarded to the processor
• Control Plane Policing (CPP)— provides QoS control for the packets destined to the control plane of the device. Ensures adequate bandwidth reserved for high priority traffic such as routing protocols
• Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
• Auto secure procedures in place
Partner must
• Demonstrate use of ACLs in security policy
• Demonstrate use of QoS control in security policy
• Demonstrate use of MD5 neighbor authentication in security policy
• Demonstrate lock down of devices using industry best practices (NSA)
Management Plane
Partner must demonstrate the following capabilities have been implemented to protect the management plane on each device:
• CPU and memory thresholding—protects CPU and memory resources of IOS devices against DDoS attacks
• Dual export syslog—increases availability by exporting information to dual collectors
• Procedures to prevent unauthorized management access to devices
• Procedure in place to react to thresholds being exceeded or documentation in support of functionality
• Part of design for collection of management information from each device
• Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 41
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must have clearly defined and documented security policy covering protection of the infrastructure from security attacks
Security policy covering protection of infrastructure from security attacks
Access Control lists—protect devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core
QoS tools—used to protect against flooding attacks
Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as—Secure shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services
N/A
Resiliency and Redundancy
Implementation of technology that enables network wide resiliency for IP networks, as described at http://www.cisco.com/ en/US/partner/products/ps6550/products_ios_technology_home.html
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Device level resiliency H/W—effective design process to ensure deployment where applicable to enhance device level hardware resiliency
Design processes that incorporate customer requirements for service resiliency
Device level resiliency S/W—effective design process to ensure use of software features enhance device level resiliency
Design processes that incorporate customer requirements for service resiliency
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Network architecture design to meet the levels of guaranteed service availability
Demonstration of design process in place to ensure target network availability can be met. Should include reference to areas of availability specified in Cisco Powered Managed Services requirements.
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 42
Requirements Document
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; must be in 4 hours or less in 95% of cases
Partner must provide actual SLA offering MTTR in 4 hours or less in 95% of cases
Turnaround Time for Customer-Initiated Changes: Must be with 24 hours for standard changes
Partner must provide actual SLA offering Turnaround Time for Customer-Initiated Changes within 24 hours
Incident Handling Alerting Mode and Response Time (via mail, pager, mobile): Customer alerting and recommendations must be offered 24x7
Partner must provide actual SLA offering Incident Handling Altering and Response 24x7
Change Request for Rules: Priority rules must be changed within 30 minutes; all others within 4 hours
Partner must provide actual SLA offering Rules Changes within 30 minutes for priority rules and all others within 4 hours
Event Log Retention: Must be retained for at least 3 months
Partner must provide actual SLA offering Event Log Retention for at least 3 months
Notification of Security Update and Bug Fixes: Must offer an SLA for Notification of Security Update and Bug Fixes
Partner must provide actual SLA offering Notification of Security Updates and Bug Fixes
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR
Partner must provide actual SLA offering MTTR
Service Availability: Must offer an SLA for Service Availability
Partner must provide actual SLA offering Service Availability
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 43
Requirements Document
Incident Management Reports:
• Monitoring and management of faults
• Monitoring and management of security incidents
• Automated blocking, shunning, and TCP Reset
• Manual shunning/update of access control
• Manual port configuration
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Service reports available to the customer providing an overview of service performance
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services N/A
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Real-time status map
• Monitoring report
• Usage report
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Strategic Managed Services
Not a requirement at this level
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 44
Requirements Document
IDS/IPS
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Deploy as IDS or IPS. Service must have the ability to deploy the sensor in several modes: monitor-only, fully-managed service, promiscuous mode—listen only and alarm, inline—bump in line with drop/alarm, signature updates, customization and tuning.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Intrusion detection is supported. Intrusion monitoring is supported, including event correlation/alarm filtering, classification and customization. Monitoring must include log trending with analysis.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of voice media failover Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of the following detection methodologies:
• Simple Pattern Matching: Looking for a fixed sequence of bytes in a single packet; can be associated with a specific service
• Stateful Pattern Matching: Matches are made in context within the state of stream.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Dynamically deploy signatures and/or ACLs to respond to new attacks. The IDS/IPS must be able to be configured to check for signature updates and push them to the sensors in the network. New signatures must be able to be added to the existing policies on the mitigation devices.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Recognize new outbreaks and deploy threat specific ACL within 60 minutes, and new signature within 90 minutes. Intrusion Prevention Service must be capable of deploying outbreak prevention policies on mitigation devices.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for signatures for evaluation of VoIP (H323 and H225) traffic, including:
• Ensuring protocol compliance for call setup messages
• Protecting against attacks on voice gateways
• Preventing excess memory allocation through detection of ULR overflow
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for tunneling protocols, including GRE, MPLS, IP-in-IP, and IPv6
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 45
Requirements Document
An automatically scheduled mechanism to update signature files. The user has 3 choices in IPS MC 2.2 when dealing with signature updates:
• Check only: Allows the IPS MC to check for new updates and notify the user
• Check and download: Checks for new signature updates
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Deploy as IDS or IPS. Service must have the ability to deploy the sensor in several modes: monitor-only, fully-managed service, promiscuous mode—listen only and alarm, inline—bump in line with drop/alarm, signature updates, customization and tuning.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Intrusion monitoring is supported, including event correlation/alarm filtering and classification. Monitoring must include log trending with basic analysis.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of the following detection methodologies:
• Simple Pattern Matching: Looking for a fixed sequence of bytes in a single packet; can be associated with a specific service
• Stateful Pattern Matching: Matches are made in context within the state of stream.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Dynamically deploy signatures to respond to new attacks. The IDS/IPS must able to be configured to check for signature updates and push them to the sensors in the network.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Recognize new outbreaks and deploy threat specific ACL within 60 minutes, and new signature within 90 minutes. Intrusion Prevention Service must be capable of deploying outbreak prevention policies on mitigation devices.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Access lists Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Legacy Managed Services N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 46
Requirements Document
Device-Level Security
If the service includes Cisco IOS based Firewall services, the Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must demonstrate that the following capabilities have been implemented to protect the data plane on each device:
• Access Control Lists (ACL)—protects devices from malicious traffic by explicitly permitting legitimate traffic
• Unicast Reverse Path Forwarding (URPF)—mitigates problems caused by the introduction of malformed or spoofed IP Source addresses
Clearly defined and documented security procedures that describe how the following are implemented as part of an overall security policy:
• Infrastructure ACLs are applied to the network core
• Drops packets without a verified source address
Note: Current specifications are applicable, but newer releases and revisions may supersede the herein outlined requirements.
Control Plane
Partner must demonstrate the following capabilities have been implemented to protect the control plane on each device:
• Receive ACLs—limits the type of traffic that can be forwarded to the processor
• Control Plane Policing (CPP)—provides QoS control for the packets destined to the control plane of the device. Ensures adequate bandwidth reserved for high priority traffic such as routing protocols.
• Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
• Auto secure procedures in place
Partner must
• Demonstrate use of ACLs in security policy
• Demonstrate use of QoS control in security policy
• Demonstrate use of MD5 neighbor authentication in security policy
• Demonstrate lock down of devices using industry best practices (NSA)
Management Plane
Partner must demonstrate the following capabilities have been implemented to protect the management plane on each device:
• CPU and memory thresholding—protects CPU and memory resources of IOS devices against DDoS attacks
• Dual export syslog—increases availability by exporting information to dual collectors
• Procedures to prevent unauthorized management access to devices
• Procedure in place to react to thresholds being exceeded or documentation in support of functionality
• Part of design for collection of management information from each device
• Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 47
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must have clearly defined and documented security policy covering protection of the infrastructure from security attacks
Security policy covering protection of infrastructure from security attacks
Access Control lists—protect devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services
N/A
Resiliency and Redundancy
Implementation of technology that enables network wide resiliency for IP networks, as described at http://www.cisco.com/ en/US/partner/products/ps6550/products_ios_technology_home.html Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Device level resiliency H/W—effective design process to ensure deployment where applicable to enhance device level hardware resiliency
Design processes that incorporate customer requirements for service resiliency
Device level resiliency S/W—effective design process to ensure use of software features enhance device level resiliency
Design processes that incorporate customer requirements for service resiliency
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Network architecture design to meet the levels of guaranteed service availability
Demonstration of Design process in place to ensure target network availability can be met. Should include reference to areas of availability referenced in Tier 1 (Cisco Powered) requirements.
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 48
Requirements Document
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): Must offer an SLA for MTTN
Partner must provide actual SLA offering MTTN
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR
Partner must provide actual SLA offering MTTR
Real-time Intrusion Monitoring: Must be offered 24x7
Partner must provide actual SLA offering Real Time Intrusion Monitoring 24x7
Real-time Event Correlation and Interpretation: Must be offered 24x7
Partner must provide actual SLA offering Real-Time Event Correlation and Interpretation 24x7
Signature Update Response Time: Must offer an SLA for Signature Update Response Time
Partner must provide actual SLA offering Signature Update Response Time
Solution Performance: Must offer an SLA for Solution Performance, based on throughput, connection rate, resource guarantees
Partner must provide actual SLA offering Solution Performance
Turnaround Time for Customer-Initiated Changes: Must offer an SLA for Turnaround Time for Customer-Initiated Changes
Partner must provide actual SLA offering Turnaround Time for Customer-Initiated Changes
Incident Handling Alerting Mode and Response Time (via mail, pager, mobile): Customer alerting and recommendations must be offered 24x7
Partner must provide actual SLA offering Incident Handling Alert Mode and Response Time 24x7
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR
Partner must provide actual SLA offering MTTR
Service Availability: Must offer an SLA for Service Availability
Partner must provide actual SLA offering Service Availability
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 49
Requirements Document
Incident Management Reports:
• Monitoring and management of faults
• Monitoring and management of security incidents
• Automated blocking, shunning, and TCP Reset
• Manual shunning/update of access control
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status of individual VPN. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Service reports distributed on a regular schedule agreed with the customer
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services N/A Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Attack data
• Real-time status map
• Total attack status
• List of attacks
• Monitoring reports
Demonstration of Web portal from customer perspective demonstrating real time views, optional and service summary
Strategic Managed Services
Not a requirement at this level
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 50
Requirements Document
Secure Router
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Hardware based encryption for VPN Must offer a service that utilizes this capability of the ISR if performance requirements demand it
Must support software load appropriate for security features
Software loads include advanced security, advanced IP services and advanced enterprise feature sets. Referred to as K-9
Support for Voice media encryption Uses Secure Real-Time Transport Protocol (SRTP)
Support for dedicated hardware for IDS and content security
The 2800 and 3800 support an IDS network module and a content engine network module for increased performance. These modules must be available as a design option.
Support for firewalls Ability to support firewalls
Legacy Managed Services
N/A
Device-Level Security
If the service includes Cisco IOS based Firewall services, the Partner must be able to demonstrate adherence to the policies and best practices outlined within the Cisco Network Foundation protection framework, as described at http://www.cisco.com/go/nfp Cisco Powered Managed Services N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must have clearly defined and documented security policy covering protection of the infrastructure from security attacks
Security policy covering protection of infrastructure from security attacks
Access Control lists—protect devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core.
QoS tools—used to protect against flooding attacks
Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 51
Requirements Document
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): Must provide 24 hour response time
Partner must provide actual SLA offering MTTN of 24 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.9% availability
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Service reports available to the customer providing an overview of service performance
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 52
Requirements Document
Managed Unified Communications
Benefits and Requirements
Benefit Description Cisco
Powered Strategic Legacy
Eligible for Discount Products within this category are eligible for program discount (upon certification or designation approval) • • •
Eligible for Rebate Products within this category are eligible for program rebate (upon certification or designation approval) •
Eligible for Global Procurement
Products within this category are eligible for global procurement (upon certification or designation approval) • • •
Eligible for Branding and Additional Marketing Benefits
Approved managed services within this category are eligible for branding and additional marketing benefits •
Trade-In Credits Approved managed services within this category can be combined with trade-in credits • • •
Incentive Programs, Rebates, Offers
Approved managed services within this category can be combined with resale-based incentive program discounts (OIP, VIP, SIP), rebates, and offers
Benefit Description Cisco
Powered Strategic Legacy
Real-time Monitoring Managed Services are proactively monitored via the Partner’s NOC • • •
24x7 Service Availability
Service management is available 24x7 • • •
SLAs The Managed Service provider must back SLAs with terms of one-year (or greater) • • •
Technical Attributes Technical attributes for the managed services in this category are defined • •
Service Management Service management requirements are stipulated • • POS Customer Reports
Partner must provide POS customer information on a monthly basis. Customer information collected as part of the requirement will be used for program governance only.
• • •
Eligible Products Managed services within this category have a pre-established set of eligible Cisco products • • •
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 53
Requirements Document
Business Communications
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Integrated soft phone support, allowing customer to be able to use a soft phone as part of the service
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for phones that allow integrated video calls
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
A Unified Messaging service that supports e-mail, voice and fax delivered to one inbox
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Emergency number support solution that offers diverse paths for emergency calls to help ensure the user will be successfully routed
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Mobility feature that provides the customer the ability to log on to any IP phone as their customized extension.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Options for localized or central voicemail support
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Voicemail access in different formats and not tied to a specific phone. This may include the ability to receive voicemail via e-mail or a PC account.
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Automatic Call Distributor (ACD) support features, including Auto Attendant and Call Queuing
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for voice signaling protocols, including H323 and SIP based wide-area networking
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Clear migration plan capability that allows the customer to move to the new service while interoperating with the existing service
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Emergency number support solution that offers diverse paths for emergency calls to help ensure the user will be successfully routed
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Options for localized or central voicemail support
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Automatic Call Distributor (ACD) support features, including Auto Attendant and Call Queuing
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for voice signaling protocols, including H323 and SIP based wide-area networking
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Clear migration plan capability that allows the customer to move to the new service while interoperating with the existing service
Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Legacy Managed Services N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 54
Requirements Document
Quality of Service Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for at least two VLANs at access layer, including a native VLAN for data traffic and a Voice VLAN
Demonstrated in Technical Service Description (TSD) or other available document
Pre-classification of traffic into appropriate classes before CPE egress
Demonstrated in Technical Service Description (TSD) or other available document
Priority queuing of RTP voice packet streams into multiple egress queues
Demonstrated in Technical Service Description (TSD) or other available document
Ability for voice and video traffic that traverse the WAN to run over a QoS-enabled infrastructure
Demonstrated in Technical Service Description (TSD) or other available document
Ability for service to support call admission control as an option
Demonstrated in Technical Service Description (TSD) or other available document
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support for at least two VLANs at access layer, including a native VLAN for data traffic and a Voice VLAN
Demonstrated in Technical Service Description (TSD) or other available document
Pre-classification of traffic into appropriate classes before CPE egress
Demonstrated in Technical Service Description (TSD) or other available document
Priority queuing of RTP voice packet streams into multiple egress queues.
Demonstrated in Technical Service Description (TSD) or other available document
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 55
Requirements Document
Device-Level Security Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support of device authentication Demonstrated in Technical Service Description (TSD) or other available document
Support of signaling and media encryption Demonstrated in Technical Service Description (TSD) or other available document
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support of device authentication Demonstrated in Technical Service Description (TSD) or other available document
Support of signaling and media encryption Demonstrated in Technical Service Description (TSD) or other available document
Legacy Managed Services
N/A
Options for Site Network Resiliency Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Gate Keeper redundancy Demonstrated in Technical Service Description (TSD) or other available document
Redundancy for key services, including TFTP, DNS, DHCP, LDAP and IP Phone Services
Demonstrated in Technical Service Description (TSD) or other available document
Redundant media resources, including conference bridges and music on hold
Demonstrated in Technical Service Description (TSD) or other available document
Redundant voicemail servers Demonstrated in Technical Service Description (TSD) or other available document
Redundant media gateways that provide integration with PSTN and legacy services
Demonstrated in Technical Service Description (TSD) or other available document
Hot standby routing protocol (HSRP) at the distribution layer routers
Demonstrated in Technical Service Description (TSD) or other available document
Either 1:1 or 1:2 redundancies for call processing servers
Demonstrated in Technical Service Description (TSD) or other available document
Ability for remote site to continue to support voice calls in the event of a WAN outage, using survivable remote site telephony (SRST)
Demonstrated in Technical Service Description (TSD) or other available document
For Cisco Unified CallManager solutions only: Supports for clustering of call control servers for scale and redundancy
Demonstrated in Technical Service Description (TSD) or other available document
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Redundancy for key services, including TFTP, DNS, DHCP, LDAP and IP Phone Services
Demonstrated in Technical Service Description (TSD) or other available document
Ability for remote site to continue to support voice calls in the event of a WAN outage, using survivable remote site telephony (SRST)
Demonstrated in Technical Service Description (TSD) or other available document
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 56
Requirements Document
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 4 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 4 hours
User Addition to Service: Commitment must be at least 50 per day with 3 days notice.
Partner must provide actual SLA offering User Addition to Service at the rate of at least 50 per day with 3 days notice. This requirement does not apply if customer manages the end devices themselves (no restrictions on user additions).
Existing User Changes: Must offer an SLA for Exciting User Changes
Partner must provide actual SLA offering Existing User Changes for a pre-defined number of users per day, with an agreed notice period. This requirement does not apply if customer manages the end devices themselves (no restrictions on user changes).
Packet Loss Ratio: Guarantee of 1% or less packet loss for these classes of service
Partner must provide actual SLA offering guarantee of 1% or less packet loss for these classes of service
User Availability: Must offer an SLA for User Availability
Partner must provide actual SLA offering User Availability, e.g., >99% availability if all aspects of the service delivery are under the control of the Managed Service Provider
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Partner must offer an SLA, specific requirements not defined by Cisco
Partner must provide actual SLA with specific requirements
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Separate performance reports for each class of service supported
Example reports for each class of service
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 57
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Separate performance reports for each class of service supported
Example reports for each class of service
Legacy Managed Services N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Network health
• Real-time status map
• Trouble ticket status
• Summary reports
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Summary reports, extracted from detailed reports above, providing key information about the performance of the service. Made available to the customer on an agreed schedule.
Examples of summary reports
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Partner must demonstrate the capability to proactively inform the customer on key issues that effect the ability for the service to meet agreed performance levels
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 58
Requirements Document
Unified Contact Center (Managed)
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for intelligent routing of calls using defined business logic. Redirection of the call must not cause the loss of any data collected during interaction with the customer.
Review Call Center procedures, as applicable. Verify data flow in lab or at an existing installation. (Name, account number, status or equivalent)
Routing of calls based on specific customer profiles
Review Call Center procedures, as applicable
Handling of bulk e-mail interactions. Supported via the Cisco e-mail manager option.
Review Call Center procedures, as applicable
Service deployments of <10 Agents and scaling up to >1,000 Agents
Review Call Center procedures, as applicable. Verify 1000 agents via lab simulation or actual installation
Customer instance created for each customer that requires full admin control
Review Call Center procedures, as applicable
Network Level IP Call Switching Control Review network diagram for Cisco NAM/CICM servers
Network Level Call Routing (ACD) and Treatment Capability (IVR)
Review network diagram for Cisco Customer Voice Portal (CVP)
Support of both IP- and TDM-based Contact Centers
Review procedures to integrate with legacy TDM
Hosted Call Processing Review network diagram for Cisco NAM/CICM servers
Real time and historical reporting of the system Review actual reports of lab or installation. Show ability to access hypothetical records going back two years.
Support of Emergency Calls Review support of emergency calls. If the SP/SI geography makes this not relevant, this item may be skipped
All servers running antivirus application with latest virus definition files
Review procedures to ensure anti-virus updates are done in a reasonable period of time. Compatible antivirus listed at Cisco Intelligent Contact Management (ICM) Bill of Materials available on cisco.com.
Management portals for customers for daily activities
Review the actual portal (not a network diagram). Verify usability for, at a minimum, a medium complex call routing, including five types of skills and links to appropriate reporting. Show support for remote office and home based workers.
Agent and supervisor controls plus CTI screen pop capabilities. CTI OS servers can be shared by multiple customers.
Witness the CTI screen pops in a lab or installation. Verify the ability to customize the screen pops per customer.
Allowance for presentation of any caller data to the agent (CTI)
Verify the presentation of caller data (at a minimum Name, account number, reason for calling) via CTI
Integrated Web collaboration tools as part of the customer interaction
Verify the use of Web collaboration tools
Multichannel skills-based routing, manages agent and tasks states across all media types and controls call queuing
Verify in lab or installation at least five defined skill categories for skill based routing and observe them in lab or installation. Verify routing of contact via both voice and email.
Call re-routing based on Wait Time Verify, in lab or installation re-routing based on wait time. Examine a test or actual wait time flow for usability. Ensure that the call flow makes maximum use of customer resources (minimize agent down time to an acceptable level).
Individual Subscriber System Management and Reporting Tools from browser based to full admin workstation
Verify, in lab or installation
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 59
Requirements Document
Report templates with multi-media statistics, including measuring of service level across all media types
Review reports and verify service levels. Ensure that the following information is easily accessed from the reports:
• Agent productivity
• Caller wait time (minimum, maximum, average)
• Efficient use of network (percentage of traffic that stays on net verses PSTN
Integrated reporting across all media for IPCC and TDM customers
Verify integrated reporting
Integration of Cisco Unified Customer Voice Portal (CVP)
Verify use of CVP and demonstrate VXML call flow with at least five skill levels
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Support for intelligent routing of calls using defined business logic. Redirection of the call must not cause the loss of any data collected during interaction with the customer.
Review Call Center procedures, as applicable. Verify data flow in lab or at an existing installation. (Name, account number, status or equivalent)
Routing of calls based on specific customer profiles
Review Call Center procedures, as applicable
Handling of bulk e-mail interactions. Supported via the Cisco e-mail manager option
Review Call Center procedures, as applicable
Service deployments of <10 Agents and scaling up to >1,000 Agents
Review Call Center procedures, as applicable. Verify 1000 agents via lab simulation or actual installation.
Customer instance created for each customer that requires full admin control
Review Call Center procedures, as applicable
Multichannel skills-based routing, manages agent and tasks states across all media types and controls call queuing
Verify in lab or installation at least five defined skill categories for skill based routing and observe them in lab or installation. Verify routing of contact via both voice and email.
Network Level IP Call Switching Control Review network diagram for Cisco NAM/CICM servers
Network Level Call Routing (ACD) and Treatment Capability (IVR)
Review network diagram for Cisco Customer Voice Portal (CVP)
Support for both IP- and TDM-based Contact Centers
Review procedures to integrate with legacy TDM
Hosted Call Processing Review network diagram for Cisco NAM/CICM servers
Real time and historical reporting of the system Review actual reports of lab or installation. Show ability to access hypothetical records going back two years.
Support of Emergency Calls Show support of emergency calls. If the SP/SI geography makes this not relevant, this item may be skipped.
All servers running antivirus application with latest virus definition files
Show procedure to update anti virus in a reasonable period of time. Compatible antivirus listed at Cisco Intelligent Contact Management (ICM) Bill of Materials available on cisco.com.
Management portals for Customers for daily activities
Review the actual portal (not a network diagram). Verify usability for, at a minimum, a medium complex call routing, including five types of skills and links to appropriate reporting.
Agent and supervisor controls plus CTI screen pop capabilities. CTI OS servers can be shared by multiple customers.
Witness the CTI screen pops in a lab or installation. Verify the ability to customize the screen pops per customer.
Allowance for presentation of any caller data to the agent (CTI)
Verify the presentation of caller data (at a minimum Name, account number, reason for calling) via CTI
Legacy Managed Services N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 60
Requirements Document
Quality of Service Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Intelligent queuing of customer interactions to maximize productivity of the agent. Examples include:
• Allowing an agent handling text sessions to accept additional text sessions
• Allowing an agent dealing with e-mail queries to accept priority voice calls
Verify requirement in lab or installation
Use of Remote agents. Requires QoS across the Multiservice WAN to provide the remote agent the same capabilities regardless of location.
Verify network diagram. Verify QoS to a level that will allow remote agents to work seamlessly. Latency between ICM Central Controllers and remote PGs cannot exceed 200 ms one way (400 ms round-trip).
Performance monitoring of remote agents Use of the Microsoft Windows Performance Monitor (PerfMon) or something similar to track performance of remote agents
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Intelligent queuing of customer interactions to maximize productivity of the agent. Examples include:
• Allowing an agent handling text sessions to accept additional text sessions
• Allowing an agent dealing with e-mail queries to accept priority voice calls
Verify requirement in lab or installation
Legacy Managed Services
N/A
Device-Level Security Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for Firewall services Verify network design
Support for Intrusion detection services Verify network design
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support for Firewall services Verify network design
Legacy Managed Services
N/A
Options for Site Network Resiliency Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for real-time application failover Verify network design
Resiliency options for managing hardware component failures
Verify network design
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 61
Requirements Document
Offer resiliency options for managing network failures
Verify network design
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support for real-time application failover Verify network design
Resiliency options for managing hardware component failures
Verify network design
Offer resiliency options for managing network failures
Verify network design
Legacy Managed Services
N/A
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 15 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 15 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 2 hours available as an option
Partner must be able to offer a MTTR for high priority issues of 2 hours. Verify procedures. Upon recertification, review records or logbook.
Agent Availability: Must offer an SLA for User Availability
Partner must provide actual SLA offering User Availability, e.g., >99% availability if all aspects of the service delivery are under the control of the Managed Service Provider
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 4 hours available as an option
Partner must provide actual SLA offering MTTN for high priority issues of 4 hours
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 62
Requirements Document
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Separate performance reports for each class of service supported
Example reports for each class of service
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Separate performance reports for each class of service supported
Example reports for each class of service
Legacy Managed Services
N/A
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Agent Status: High level status indicator for each agent and call information
• Agent Communications
• Three Way Conference
• Agent Status: Ability to change an Agent status remotely
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 63
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Agent Status: High level status indicator for each agent and call information
• Agent Communications
• Three Way Conference
• Agent Status: Ability to change an Agent status remotely
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 64
Requirements Document
Unified Contact Center (Hosted)
Architecture and Technical Attributes Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for intelligent routing of calls using defined business logic. Redirection of the call must not cause the loss of any data collected during interaction with the customer.
Review Call Center procedures, as applicable. Verify data flow in lab or at an existing installation. (Name, account number, status or equivalent)
Routing of calls based on specific customer profiles
Review Call Center procedures, as applicable
Handling of bulk e-mail interactions. Supported via the Cisco e-mail manager option.
Review Call Center procedures, as applicable
Service deployments of <10 Agents and scaling up to >1,000 Agents
Review Call Center procedures, as applicable. Verify 1000 agents via lab simulation or actual installation.
Customer instance created for each customer that requires full admin control
Review Call Center procedures, as applicable
Network Level IP Call Switching Control Review network diagram for Cisco NAM/CICM servers
Network Level Call Routing (ACD) and Treatment Capability (IVR)
Review network diagram for Cisco Customer Voice Portal (CVP)
Support of both IP- and TDM-based Contact Centers
Review procedures to integrate with legacy TDM
Hosted Call Processing Review network diagram for Cisco NAM/CICM servers
Real time and historical reporting of the system Review actual reports of lab or installation. Show ability to access hypothetical records going back two years.
Support of Emergency Calls Review support of emergency calls. If the SP/SI geography makes this not relevant, this item may be skipped.
All servers running antivirus application with latest virus definition files
Review procedures to ensure anti-virus updates are done in a reasonable period of time. Compatible antivirus listed at Cisco Intelligent Contact Management (ICM) Bill of Materials available on cisco.com.
Management portals for customers for daily activities
Review the actual portal (not a network diagram). Verify usability for, at a minimum, a medium complex call routing, including five types of skills and links to appropriate reporting. Show support for remote office and home based workers.
Agent and supervisor controls plus CTI screen pop capabilities. CTI OS servers can be shared by multiple customers.
Witness the CTI screen pops in a lab or installation. Verify the ability to customize the screen pops per customer.
Allowance for presentation of any caller data to the agent (CTI)
Verify the presentation of caller data (at a minimum Name, account number, reason for calling) via CTI
Integrated Web collaboration tools as part of the customer interaction
Verify the use of Web collaboration tools
Multichannel skills-based routing, manages agent and tasks states across all media types and controls call queuing
Verify in lab or installation at least five defined skill categories for skill based routing and observe them in lab or installation. Verify routing of contact via both voice and email.
Call re-routing based on Wait Time Verify, in lab or installation re-routing based on wait time. Examine a test or actual wait time flow for usability. Ensure that the call flow makes maximum use of customer resources (minimize agent down time to an acceptable level).
Individual Subscriber System Management and Reporting Tools from browser based to full admin workstation
Verify, in lab or installation
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 65
Requirements Document
Report templates with multi-media statistics, including measuring of service level across all media types
Review reports and verify service levels. Ensure that the following information is easily accessed from the reports:
• Agent productivity
• Caller wait time (minimum, maximum, average)
• Efficient use of network (percentage of traffic that stays on net verses PSTN
Integrated reporting across all media for IPCC and TDM customers
Verify integrated reporting
Integration of Cisco Unified Customer Voice Portal (CVP)
Verify use of CVP and demonstrate VXML call flow with at least five skill levels
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Support for intelligent routing of calls using defined business logic. Redirection of the call must not cause the loss of any data collected during interaction with the customer.
Review Call Center procedures, as applicable. Verify data flow in lab or at an existing installation. (Name, account number, status or equivalent)
Routing of calls based on specific customer profiles
Review Call Center procedures, as applicable
Handling of bulk e-mail interactions. Supported via the Cisco e-mail manager option.
Review Call Center procedures, as applicable
Service deployments of <10 Agents and scaling up to >1,000 Agents
Review Call Center procedures, as applicable. Verify 1000 agents via lab simulation or actual installation.
Customer instance created for each customer that requires full admin control
Review Call Center procedures, as applicable
Multichannel skills-based routing, manages agent and tasks states across all media types and controls call queuing
Verify in lab or installation at least five defined skill categories for skill based routing and observe them in lab or installation. Verify routing of contact via both voice and email.
Network Level IP Call Switching Control Review network diagram for Cisco NAM/CICM servers
Network Level Call Routing (ACD) and Treatment Capability (IVR)
Review network diagram for Cisco Customer Voice Portal (CVP)
Support for both IP- and TDM-based Contact Centers
Review procedures to integrate with legacy TDM
Hosted Call Processing Review network diagram for Cisco NAM/CICM servers
Real time and historical reporting of the system Review actual reports of lab or installation. Show ability to access hypothetical records going back two years.
Support of Emergency Calls Show support of emergency calls. If the SP/SI geography makes this not relevant, this item may be skipped.
All servers running antivirus application with latest virus definition files
Show procedure to update anti virus in a reasonable period of time. Compatible antivirus listed at Cisco Intelligent Contact Management (ICM) Bill of Materials available on cisco.com.
Management portals for Customers for daily activities
Review the actual portal (not a network diagram). Verify usability for, at a minimum, a medium complex call routing, including five types of skills and links to appropriate reporting
Agent and supervisor controls plus CTI screen pop capabilities. CTI OS servers can be shared by multiple customers.
Witness the CTI screen pops in a lab or installation. Verify the ability to customize the screen pops per customer.
Allowance for presentation of any caller data to the agent (CTI)
Verify the presentation of caller data (at a minimum Name, account number, reason for calling) via CTI
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 66
Requirements Document
Legacy Managed Services N/A
Quality of Service Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Intelligent queuing of customer interactions to maximize productivity of the agent. Examples include:
• Allowing an agent handling text sessions to accept additional text sessions
• Allowing an agent dealing with e-mail queries to accept priority voice calls
Verify requirement in lab or installation
Use of Remote agents. Requires QoS across the Multiservice WAN to provide the remote agent the same capabilities regardless of location.
Verify network diagram. Verify QoS to a level that will allow remote agents to work seamlessly. Latency between ICM Central Controllers and remote PGs cannot exceed 200 ms one way (400 ms round-trip).
Performance monitoring of remote agents Use of the Microsoft Windows Performance Monitor (PerfMon) or something similar to track performance of remote agents
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Intelligent queuing of customer interactions to maximize productivity of the agent. Examples include:
• Allowing an agent handling text sessions to accept additional text sessions
• Allowing an agent dealing with e-mail queries to accept priority voice calls
Verify requirement in lab or installation
Legacy Managed Services
N/A
Device-Level Security Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for Firewall services Verify network design
Support for Intrusion detection services Verify network design
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support for Firewall services Verify network design
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 67
Requirements Document
Options for Site Network Resiliency Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
Support for real-time application failover Verify network design
Resiliency options for managing hardware component failures
Verify network design
Offer resiliency options for managing network failures
Verify network design
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Support for real-time application failover Verify network design
Resiliency options for managing hardware component failures
Verify network design
Offer resiliency options for managing network failures
Verify network design
Legacy Managed Services
N/A
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 15 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 15 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 2 hours available as an option
Partner must be able to offer a MTTR for high priority issues of 2 hours. Verify procedures. Upon recertification, review records or logbook.
Agent Availability: Must offer an SLA for User Availability
Partner must provide actual SLA offering User Availability, e.g., >99% availability if all aspects of the service delivery are under the control of the Managed Service Provider
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 20 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 20 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 4 hours available as an option
Partner must provide actual SLA offering MTTN for high priority issues of 4 hours
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 68
Requirements Document
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer
Demonstration of portal from customer viewpoint, including real-time view of connectivity and status. Mechanisms may include password protection or similar restrictions to access the online Web portal for downloading reports.
Separate performance reports for each class of service supported
Example reports for each class of service
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Service Reports distributed on a regular schedule agreed with the customer:
• Asset Report
• Parameter Settings Report
• Trend Report
• Resource Utilization Report
• Configuration Report
Example reports provided or demonstration of Web portal with ability to select reports listed
Separate performance reports for each class of service supported
Example reports for each class of service
Legacy Managed Services
N/A
Service Level Management: CIO Dashboard
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Agent Status: High level status indicator for each agent and call information
• Agent Communications
• Three Way Conference
• Agent Status: Ability to change an Agent status remotely
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 69
Requirements Document
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Summary level dashboard to communicate key performance criteria, including:
• Agent Status: High level status indicator for each agent and call information
• Agent Communications
• Three Way Conference
• Agent Status: Ability to change an Agent status remotely
• Network monitoring and periodic reporting (Daily/Weekly/Monthly/Quarterly)
Demonstration of summary dashboard on Web portal provided to customer or description provided in customer documentation of capabilities to be expected
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 70
Requirements Document
Hosted Unified Communications
Architecture and Technical Attributes
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
The Service Provider architecture for Hosted Voice Service has to be in compliance with Cisco Validated architectures and best practices.
Auditors validate the Service Provider Hosted Voice Service Architecture with the Cisco Hosted/Managed—Unified Communications Services Customer Requirements Document.
The Partner’s Hosted Voice Service must support the Multi Tenant capability with Overlapping number support
Auditor validate the Partners voice service capability support to Multi tenant from the Service Provider’s Marketing Service Description document.
The Partner’s Hosted Voice Service must deploy Cisco Unified Communication Manager for Voice Call Processing
Auditor validate the partners voice Service architecture document to show only Cisco Unified Communication Manager being used for Call Processing
The Hosted Voice Service must support the capability to support both Intra and Inter Customer calls
Auditor validate the Partner’s Hosted Voice Service Marketing Service Document to state it states both Inter and Intra Customer voice calls
The Hosted Voice Service must support high availability at the remote locations
Auditor interview the Hosted Voice Service Product Manager to validate the high availability of the remote locations are supported using SRST features on the Cisco Customer Edge Router.
The Hosted Voice Service must support the capability for SS7 and PRI for PSTN Access
Auditor validate from Technical Service Description or interview the Hosted Voice Service Product Manager, to verify the Partner hosted service support SS7 and PRI for PSTN access.
The Hosted Voice Service must support the capability for QSIG, DPNSS and H.323
Auditor validate from Technical Service Description or interview the Hosted Voice Service Product Manager, to verify the Partner hosted service support QSIG, DPNSS and H.323
The Hosted Voice Service must support the capability for Local Number Portability
Auditor validate from Technical Service Description or interview the Hosted Voice Service Product Manager, to verify the support for Local Number Portability
The Hosted Voice Service must support the capability for Emergency Services
Auditor validate from Marketing Service Description or interview the Hosted Voice Service Product Manager, to verify the support for Emergency Services.
The Hosted Voice Service must deploy Cisco PGW product for PSTN access, no other product can be used
Auditor validate from Hosted Voice Service Architecture or interview the Hosted Voice Service Product Manager, to verify only Cisco PGW product is being used for PSTN access.
The Hosted Voice Service must deploy Cisco Unity and/or IP Unity products for voice mail. The Hosted Voice Service must support the Voice mail capability
Auditor validate from Hosted Voice Service Architecture or interview the Hosted Voice Service Product Manager, to verify only Cisco Unity (for single tenant) or IP Unity (multi-tenant) product is being used for voice mail or unified messaging.
The Partner must perform the end customer’s LAN assessment to ensure the readiness of the LAN network to support the bandwidth and QoS required for VoIP.
Auditor must interview the Hosted Voice Service Product Manager to ensure a best practice for assessment of end customer’s LAN is in place.
The Partner Hosted Voice Service must support for Multilevel provisioning and tenant self-provisioning as a feature of the service
Auditor must interview the Hosted Voice Service Product Manager to ensure that Partner has deployed the Vision OSS network management system to manage and provision the Hosted Voice Service.
The Partner Hosted Voice Service must support the capability for Directory Service
Auditor must validate the Marketing Service Description document to validate that Hosted Voice Service support the Directory Services
The Partner Hosted Voice Service must support the capability for Extension mobility for end users
Auditor must validate the Marketing Service Description document to validate that Hosted Voice Service support the Mobility for end users
The Partner Hosted Voice Service must be transported on the Layer 3 capable network
Auditor must interview the Hosted Voice Service Product Manager to ensure that Partner’s Hosted Voice Service is transported over the Layer 3 capable network
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 71
Requirements Document
The Partner’s Hosted Voice service network must have No VLAN or broadcast domain provisioned to traverse the core of the network.
Auditor must interview the Hosted Voice Service Product Manager to ensure that Hosted Voice service network must have No VLAN or broadcast domain provisioned to traverse the core of the network
The Partner’s Hosted Voice Service network must support distribution layer network high availability using Hot Standby Redundancy Protocol (HSRP) or Virtual Redundancy Router Protocol (VRRP)
Auditor must interview the Hosted Voice Service Product Manager to ensure that Hosted Voice service distribution layer network must deploy HSRP or VRRP protocols.
Architecture and Technical Attributes
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
The Service Provider architecture for Hosted Voice Service has to be in compliance with Cisco Validated architectures and best practices.
Auditors validate the Service Provider Hosted Voice Service Architecture with the Cisco Hosted/Managed—Unified Communications Services Customer Requirements Document.
The Partner’s Hosted Voice Service must support the Multi Tenant capability with Overlapping number support
Auditor validate the Partners voice service capability support to multi-tenant from the Service Provider’s Marketing Service Description document.
The Partner’s Hosted Voice Service must deploy Cisco Unified Communication Manager for Voice Call Processing
Auditor validate the partners voice Service architecture document to show only Cisco Unified Communication Manager being used for Call Processing
The Hosted Voice Service must support the an ability to support both Intra and Inter Customer calls
Auditor validate the Partner’s Hosted Voice Service Marketing Service Document to state it states both Inter and Intra Customer voice calls
The Hosted Voice Service must support the capability for Emergency Services
Auditor validate from Marketing Service Description or interview the Hosted Voice Service Product Manager, to verify the support for Emergency Services.
The Hosted Voice Service must deploy Cisco PGW product for PSTN access, no other product can be used
Auditor validate from Hosted Voice Service Architecture or interview the Hosted Voice Service Product Manager, to verify only Cisco PGW product is being used for PSTN access.
The Hosted Voice Service must deploy Cisco Unity and/or IP Unity products for voice mail. The Hosted Voice Service must support the Voice mail capability
Auditor validate from Hosted Voice Service Architecture or interview the Hosted Voice Service Product Manager, to verify only Cisco Unity (for single tenant) or IP Unity (multi-tenant) product is being used for voice mail or unified messaging.
The Partner Hosted Voice Service must support for Multilevel provisioning and tenant self-provisioning as a feature of the service
Auditor must interview the Hosted Voice Service Product Manager to ensure that Partner has deployed the Vision OSS network management system to manage and provision the Hosted Voice Service.
The Partner Hosted Voice Service must support the capability for Directory Service
Auditor must validate the Marketing Service Description document to validate that Hosted Voice Service support the Directory Services
The Partner Hosted Voice Service must support the capability for Extension mobility for end users
Auditor must validate the Marketing Service Description document to validate that Hosted Voice Service support the Mobility for end users
The Partner Hosted Voice Service must be transported on the Layer 3 capable network
Auditor must interview the Hosted Voice Service Product Manager to ensure that Partner’s Hosted Voice Service is transported over the Layer 3 capable network
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 72
Requirements Document
Managed Mobile Communications
Benefits and Requirements
Benefit Description Cisco
Powered Strategic Legacy
Eligible for Discount Products within this category are eligible for program discount (upon certification or designation approval) • • •
Eligible for Rebate Products within this category are eligible for program rebate (upon certification or designation approval) •
Eligible for Global Procurement
Products within this category are eligible for global procurement (upon certification or designation approval) • • •
Eligible for Branding and Additional Marketing Benefits
Approved managed services within this category are eligible for branding and additional marketing benefits •
Trade-In Credits Approved managed services within this category can be combined with trade-in credits • • •
Incentive Programs, Rebates, Offers
Approved managed services within this category can be combined with resale-based incentive program discounts (OIP, VIP, SIP), rebates, and offers
Benefit Description Cisco
Powered Strategic Legacy
Real-time Monitoring Managed Services are proactively monitored via the Partner’s NOC • • •
24x7 Service Availability
Service management is available 24x7 • • •
SLAs The Managed Service provider must back SLAs with terms of one-year (or greater) • • •
Technical Attributes Technical attributes for the managed services in this category are defined • •
Service Management Service management requirements are stipulated • • POS Customer Reports
Partner must provide POS customer information on a monthly basis. Customer information collected as part of the requirement will be used for program governance only.
• • •
Eligible Products Managed services within this category have a pre-established set of eligible Cisco products • • •
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 73
Requirements Document
Wireless LAN
Service Requirements
Cisco Powered Managed Services
N/A
Strategic Managed Services
To qualify as a Strategic Managed service, the Managed Wireless LAN service must be sold as part of a Cisco based managed LAN infrastructure service
Legacy Managed Services
N/A
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Must offer Guest services Service design must include procedures to set up and provide ongoing self-management of Guest access
Must support Voice services Service design must incorporate ability to support wireless VoIP service
Legacy Managed Services
N/A
Device-Level Security Cisco Powered Managed Services N/A Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Data Plane
Partner must have clearly defined and documented security policy covering protection of the infrastructure from security attacks
Security policy covering protection of infrastructure from security attacks
Access Control lists—protect devices from malicious traffic by explicitly permitting legitimate traffic
Infrastructure ACLs are applied to the network core
QoS tools—used to protect against flooding attacks
Defined QoS policies to rate limit or drop offending traffic (identify, classify and rate limit)
Control Plane
Routing protection—MD5 neighbor authentication protects routing domains from spoofing attacks
Demonstrated use of MD5 neighbor authentication in security policy
Auto secure procedures in place Demonstrated lock down of devices using industry best practices (NSA)
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 74
Requirements Document
Management Plane
Procedures to prevent unauthorized management access to devices
Partner must have security procedure in place. Can use features such as Secure Shell only access (SSH), VTY access control list, Cisco IOS software login enhancements, SNMP V3, TACACS+.
Legacy Managed Services N/A
Infrastructure Protection
Integrated security policy for Wireless LAN service—see http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/netbr09186a00801f7d0b.html Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Wireless link encryption—All wireless traffic must be encrypted between the client and the access point to ensure information integrity
Can use any of a variety of mechanisms, e.g., WEP, EAP/LEAP, WPA/2
Support for user and device authentication Implemented using Cisco secure services client
Implemented operational and policy control framework
Partner must demonstrate the use of a framework for management of the wireless service. This will typically include asset tracking, NAC policies, segmentation (guest access) and the use of management tools such as Cisco MARS.
Implemented threat mitigation process This will typically include policies for features such as rogue access point detection, IDS/IPS policies for wireless users, and DOS attack management
Legacy Managed Services
N/A
Resiliency and Redundancy
Implementation of technology that enables network wide resiliency for IP networks, as described at http://www.cisco.com/ en/US/partner/products/ps6550/products_ios_technology_home.html
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Network architecture design to meet the levels of guaranteed service availability
Demonstration of design process in place to ensure target network availability can be met. Should include reference to areas of availability specified in Cisco Powered Managed Services requirements.
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 75
Requirements Document
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Mean Time to Respond (MTTN): May vary according to severity levels; best case of 60 minutes supported for high-priority issues
Partner must provide actual SLA offering MTTN for high priority issues of 60 minutes
Mean Time to Fix/Repair (MTTR): May vary according to customer needs; best case of 24 hours available as an option
Partner must provide actual SLA offering MTTR for high priority issues of 24 hours
Service Availability: Must offer an SLA for per-customer service availability
Partner must provide actual SLA offering Service Availability, e.g., 99.9% availability
Legacy Managed Services
N/A
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
WLAN Service Reports distributed on a regular schedule agreed with the customer
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services
N/A
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 76
Requirements Document
Managed Data Center
Benefits and Requirements
Benefit Description Cisco
Powered Strategic Legacy
Eligible for Discount Products within this category are eligible for program discount (upon certification or designation approval) • • •
Eligible for Rebate Products within this category are eligible for program rebate (upon certification or designation approval) •
Eligible for Global Procurement
Products within this category are eligible for global procurement (upon certification or designation approval) • • •
Eligible for Branding and Additional Marketing Benefits
Approved managed services within this category are eligible for branding and additional marketing benefits •
Trade-In Credits Approved managed services within this category can be combined with trade-in credits • • •
Incentive Programs, Rebates, Offers
Approved managed services within this category can be combined with resale-based incentive program discounts (OIP, VIP, SIP), rebates, and offers
Benefit Description Cisco
Powered Strategic Legacy
Real-time Monitoring Managed Services are proactively monitored via the Partner’s NOC • • •
24x7 Service Availability
Service management is available 24x7 • • •
SLAs The Managed Service provider must back SLAs with terms of one-year (or greater) • • •
Technical Attributes Technical attributes for the managed services in this category are defined • •
Service Management Service management requirements are stipulated • • POS Customer Reports
Partner must provide POS customer information on a monthly basis. Customer information collected as part of the requirement will be used for program governance only.
• • •
Eligible Products Managed services within this category have a pre-established set of eligible Cisco products • • •
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 77
Requirements Document
WaaS
Supported Features: Cisco Powered Managed Services Requirement Auditor Instructions (What to Look for)
The Provider must offer a “WAN Optimization” type service(s) based on technologies enabled by WAAS Transport license. The WAAS Transport license includes Data Redundancy Elimination (DRE), Persistent LZ Compression (PLZ), Transport (TCP) Flow Optimization (TFO), and Application Traffic Policy (ATP).
Verify WAAS Transport licenses are enabled as a minimum on all WAEs supporting a “WAN Optimization” type service offer by the Provider.
The Provider must offer an “Application Acceleration” type service(s) specifically for one or more applications that are outlined in the categories below, as enabled by the WAAS Enterprise license. The offered service may additionally be accompanied by the appropriate related server consolidation (the migration of servers to the centralized data center as enabled by WAAS). – File Services: CIFS acceleration (Windows), file Pre-Positioning – Print Services (for Windows) – Email: Microsoft Exchange, Internet Mail, Lotus Notes – Web & Collaboration: HTTP, WebDAV, FTP, Microsoft Sharepoint – Software Distribution: Microsoft SMS, Altiris, HP Radia – Enterprise Applications: Microsoft SQL, Oracle, SAP, Lotus Notes – Backup Applications: Microsoft NT Backup, Legato Networker, Veritas Netbackup, CommVault Galaxy – Data Replication: EMC SRDF/A, EMC IP Replicator, NetApp SnapMirror, Data Domain, Double-Take, Veritas Vol Replicator
Verify WAAS Enterprise licenses are enabled as a minimum on all WAEs supporting an “Application Acceleration” type service offer by the Provider. Verify if the service is accompanied by its appropriate related server consolidation (optional).
If the Provider offers greater application networking solutions to complement a managed WAAS service then they are entitled to the same product discount on the following Cisco product families: ACE XML Gateway, ACE Global Services Switch (or Global Site Selector) GSS, Application Velocity System (AVS), Application Networking Manager (ANM), Content Switching Module (CSM), ASA 5500 Series Adaptive Security Appliances, PIX 500 Series Security Appliances, VPN 3000 Series Products, Cisco Secure Access Control Server
Verify if Provider is offering greater application networking services to complement their managed WAAS offerings.
Each WAAS remote branch site must be deployed in one of the following configurations: 1) Integrated router WAE network module running in network integrated off-path
intercept mode with WCCPv2 protocol 2) WAE appliance running in network integrated off-path intercept mode with
WCCPv2 protocol 3) WAE appliance running in simple transparent in-line mode
Verify each branch site is deployed in one of the three configurations stated. However, all sites combined can be deployed in any combination of the three configurations.
The WAAS headend site, which is pairing with each remote site, must be deployed in one of the following configurations: 1) WAE appliance running in network integrated off-path intercept mode with
WCCPv2 protocol 2) WAE appliance running in network integrated intercept mode with ACE
(Application Control Engine) series. ACE can be deployed on either a blade integrated into a switch/router or as a standalone appliance.
Verify headend is deployed in one of two configurations stated.
WAAS Headend sites must be deployed in a high-availability redundant configuration, meaning a cluster must exist with two or more WAEs using either of the following configurations: 1) Network integrated off-path intercept mode with WCCPv2 protocol
With WCCPv2 intercept, active/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, fail-over, and fail-through operation.
2) Network integrated intercept mode with ACE (Application Control Engine) series ACE can be deployed on either a blade integrated into a switch/router or as a standalone appliance. ACE is recommended for the most demanding headend environments and can scale to support hundreds of WAEs in numerous clusters and also provide automatic load-balancing, load redistribution, fail-over, and fail through operation.
Validate headend is deployed in a cluster configuration of two or more WAEs running in WCCPv2 mode or with ACE network integration.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 78
Requirements Document
The Provider must offer a high-availability redundant WAE option for remote branch sites. Each of these remote branch sites must be deployed in either of the following configurations: 1) Two or more WAE appliances in a cluster running in network integrated
off-path intercept mode with WCCPv2 2) Two or more WAE appliances running transparent serial in-line clustering
Verify the Provider offers or has customers on a high-availability redundant deployment option for remote branch sites. Verify these remote sites conform to the two options as outlined.
Disk encryption for data at rest must be deployed for all headend and remote WAEs, using FIPS 140-2 level 2 compliant 256-bit AES disk encryption with automatic and centralized key management.
Verify Provider requires WAAS service to have all WAEs running disk encryption as outlined. Verify all deployments have required Enterprise license and are running WAAS 4.0 or greater software.
Provider must offer complete stateful firewall inspection and network virus scanning for all accelerated traffic, and integrate seamlessly and transparently into network security, visibility, and control functions. It must not break security practices of tunneling through and opening application ports in firewalls.
Verify Provider offers or has customers running stateful firewall inspection and network virus scanning services, and that they are not violating security practices of tunneling through or opening ports in firewalls.
Strategic Managed Services Requirement Auditor Instructions (What to Look for)
The Provider must offer a "WAN Optimization" type service(s) based on technologies enabled by WAAS Transport license. The WAAS Transport license includes Data Redundancy Elimination (DRE), Persistent LZ Compression (PLZ), Transport (TCP) Flow Optimization (TFO), and Application Traffic Policy (ATP).
Verify WAAS Transport licenses are enabled as a minimum on all WAEs supporting a "WAN Optimization" service offer by the Provider.
Each WAAS remote branch site must be deployed in one of the following configurations: 1) Integrated router WAE network module running in network integrated off-path
intercept mode with WCCPv2 protocol 2) WAE appliance running in network integrated off-path intercept mode with
WCCPv2 protocol 3) WAE appliance running in simple transparent in-line mode
Verify each branch site is deployed in one of the three configurations stated. However, all sites combined can be deployed in any combination of the three configurations.
The WAAS headend site, which is pairing with each remote site, must be deployed in the following configuration: 1) WAE appliance running in network integrated off-path intercept mode with
WCCPv2 protocol
Verify headend is deployed in one of two configurations stated.
Disk encryption for data at rest must be offered for headend and remote WAEs, using FIPS 140-2 level 2 compliant 256-bit AES disk encryption with automatic and centralized key management.
Verify Provider offers or has customers running disk encryption as outlined. Verify those offers and deployments have required Enterprise license and are running WAAS 4.0 or greater software.
Service Level Management: Required SLA Components
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Service is proactively monitored 24x7 and customer is notified of any disruption to service level(s)
Verify network operations procedures include proactive monitoring of WAAS service gear and alarm management to start working fault(s) without direct customer intervention.
Service Availability: Must offer an SLA for per-customer service availability
Verify Provider offers an actual SLA for Service Availability
Mean Time to Respond (MTTN): Must offer an SLA for MTTN Verify Provider offers an actual SLA for MTTN
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR Verify Provider offers an actual SLA for MTTR
Must offer WAE and ACE software upgrades: As needed, requested, and scheduled, as agreed with customer.
Verify Provider offers an actual SLA for WAE and ACE software upgrades
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 79
Requirements Document
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Service Availability: Must offer an SLA for per-customer service availability
Verify Provider offers an actual SLA for Service Availability
Mean Time to Fix/Repair (MTTR): Must offer an SLA for MTTR
Verify Provider offers an actual SLA for MTTR
Service Level Management: Service Reports
Cisco Powered Managed Services
Requirement Auditor Instructions (What to Look for)
Central Manager must be deployed on dedicated WAE at the headend with an option for a redundant configuration. Central Manager provides the following fuctionality: • Manages central configuration, provisioning, monitoring,
fault-management, logging, and reporting for up to 2500 WAEs within a Cisco WAAS topology.
• Comprehensive statistics: comprehensive logs, reports, graphs, and statistics for Cisco WAE device functions help IT administrators to optimize system performance and troubleshooting.
• Monitoring, reporting, and alerts. The option for a redundant configuration would provide: Active/standby deployment with automatic failover, replication of Central Manager database, and encryption keys.
Verify Central Manager(s) is deployed on dedicated WAE appliance(s) at the WAAS headend, with an option of a redundant configuration. Verify CM license(s) are enabled with WAAS 4.0 or greater software.
Service Reports distributed on a regular schedule as agreed to with the customer: – Top optimized application being used – General optimization statistics (e.g. WAN bandwidth savings) – Traffic volumes per application and per device (WAE) – Asset ReportParameter Settings Report – Trend Report – Resource Utilization Report – Configuration Report
Example reports provided or demonstration of Web portal with ability to select report(s)
Provider must offer a secure Web portal to communicate current status and performance, including specific reports available online as agreed with the customer.
Demonstration of portal from a customer perspective, including service status, access to reports, and password protection.
Provider may offer as an option, customer self-monitoring capability using RBAC (Roles-based Access Control) to isolate users to specific capabilities and domains of management within Central Manager.
Demonstration of customer self-monitoring capability within Central Manager, plus verify RBAC hierarchy, all as an optional service.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 80
Requirements Document
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Central Manager must be deployed on a WAE appliance at the WAAS headend. Central Manager provides the following fuctionality: • Manages central configuration, provisioning, monitoring,
fault-management, logging, and reporting for up to 2500 WAEs within a Cisco WAAS topology.
• Comprehensive statistics: comprehensive logs, reports, graphs, and statistics for Cisco WAE device functions help IT administrators to optimize system performance and troubleshooting.
• Monitoring, reporting, and alerts
Verify Central Manager is deployed on a WAE appliance at the WAAS headend. Verify CM license are enabled with WAAS 4.0 or greater software.
Service reports available to the customer providing an overview of service performance.
Example reports provided or demonstration of Web portal with ability to select report(s)
Provider may offer as an option, customer self-monitoring capability using RBAC (Roles-based Access Control) to isolate users to specific capabilities and domains of management within Central Manager.
Demonstration of customer self-monitoring capability within Central Manager, plus verify RBAC hierarchy, all as an optional service.
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 81
Requirements Document
Hosting/Co-Location
Architecture and Technical Attributes Cisco Powered Managed Services N/A Strategic Managed Services Requirement Auditor Instructions (What to Look for)
Application and/or Web type hosting: Horizontally offered across industry sectors
Identification of which customer specific application or Web/Internet service is being hosted
Server load balancing to redundant servers Demonstration of Cisco ACE technology deployed
Hot standby servers (with operating system and application loaded) when Provider hosted
Identification of types of servers that are on standby, plus verifies operating system and application load as being identical to those that are live
Server restoral from storage backup Identification of type of storage backup
Following security services offered: MSCP Managed Firewall service and MSCP Cisco IPS/IDS service
Identification of, if any, managed security services deployed in conjunction with hosting service
Connectivity Access Speeds: 1Mbps to 10Gbps Identification of network connectivity line rate method (i.e. MPLS, Ethernet, etc.)
Administrative Services: Domain Name Registration, IP Address Allocation (dynamic and static)
Documentation of registered domain names and IP address allocation plus demonstrates DHCP, NAT, etc.
Caching and Pre-positioning services offered Identification of implementation and demonstrates (via performance reports perhaps) Web applications are being accelerated
Legacy Managed Services
Connectivity Access Speeds: 1Mbps to 10Gbps
Identification of network connectivity line rate method (i.e. MPLS, Ethernet, etc.)
Administrative Services: Domain Name Registration, IP Address Allocation (dynamic and static)
Documentation of registered domain names and IP address allocation plus demonstrates DHCP, NAT, etc.
Service Level Management: Required SLA Components
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
Network Availability Guarantee: Must offer an SLA for Network Availability
Partner must provide actual SLA offering Network Availability Guarantee
Maximum Network Latency Guarantee: Must offer an SLA for Maximum Network Latency
Partner must provide actual SLA offering Maximum Network Latency Guarantee
Packet Delivery Guarantee: Must offer an SLA for Packet Delivery
Partner must provide actual SLA offering Packet Delivery Guarantee
Server Availability (when SP Hosted) Guarantee: Must offer an SLA for Server Availability
Partner must provide actual SLA offering Server Availability Guarantee (when SP hosted)
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 82
Requirements Document
New Server Implementation Timeline Guarantee: Must offer an SLA for New Server Timeline
Partner must provide actual SLA offering New Server Implementation Timeline Guarantee
Time to Restore Servers from Storage Guarantee: Must offer an SLA for Time to Restore Servers from Storage
Partner must provide actual SLA offering Time to Restore Servers from Storage Guarantee
Real-time Facility Monitoring: Continuous 24x7 Camera Monitoring with On-Site Security Guards, Secure Card Access
Partner must provide actual SLA offering Real-Time Facility Monitoring 24x7
Facility Accessibility: 24x7* *applies only to co-location option
Partner must provide actual SLA offering Facility Accessibility Guarantee of 24x7
Real-time Network Monitoring: Continuous 24x7 (with fault restoration)
Partner must provide actual SLA offering continuous Real-Time Network Monitoring 24x7
Real-time Server/Application Monitoring: Continuous 24x7 (with fault restoration)
Partner must provide actual SLA offering continuous Real-Time Server/ Application Monitoring
Operating Systems Updates and Patches: Scheduled
Partner must provide actual SLA offering Operating Systems Updates and Patches
UPS: 4 hours or more via battery and/or generator back-up minimal
Partner must provide actual SLA offering UPS for 4 hours or more
Controlled Environment: Including fire detection and suppression
Partner must provide actual SLA offering Controlled Environment for fire detection and suppression
Legacy Managed Services Network Availability Guarantee: Must offer an SLA for Network Availability
Partner must provide actual SLA offering Network Availability Guarantee
Packet Delivery Guarantee: Must offer an SLA for Packet Delivery
Partner must provide actual SLA offering Packet Delivery Guarantee
Real-time Facility Monitoring: Continuous 24x7 Camera Monitoring with On-Site Security Guards, Secure Card Access
Partner must provide actual SLA offering Real-Time Facility Monitoring 24x7
Facility Accessibility: 24x7* *applies only to co-location option
Partner must provide actual SLA offering Facility Accessibility Guarantee of 24x7
UPS: 4 hours or more via battery and/or generator back-up minimal
Partner must provide actual SLA offering UPS for 4 hours or more
Controlled Environment: Including fire detection and suppression
Partner must provide actual SLA offering Controlled Environment for fire detection and suppression
Service Level Management: Service Reports
Cisco Powered Managed Services
N/A
Strategic Managed Services
Requirement Auditor Instructions (What to Look for)
On-line Monitoring Tools: Available for Customer query
Example reports provided or demonstration of Web portal with ability to select report(s)
Real-time and historical performance reports: Available for Packet and Server performance
Example reports provided or demonstration of Web portal with ability to select report(s)
Monitoring and Restoral Service: Available for Network Connectivity and Server
Example reports provided or demonstration of Web portal with ability to select report(s)
Legacy Managed Services Monitoring and Restoral Service: Available for Network Connectivity and Server
Example reports provided or demonstration of Web portal with ability to select report(s)
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 83
Requirements Document
Appendix 1: Acronyms
Acronym Definition
MPLS Multi Protocol Label Switching
MSD Marketing Service Description
TSD Technical Service Description
QoS Quality of Service
SLA Service Level Agreement
WAN Wide Area Network
LAN Local Area Network
VLAN Virtual Local Area Network
VPN Virtual Private Network
SOC Security Operations Center
NOC Network Operations Center
IDS Intrusion Detection Service
IPS Intrusion Protection Service
DoS Denial of Service
ISR Integrated Services Router
SRTP Secure Real-Time Transport Protocol
ACL Access Control List
RTBH Remote Trigger Black Hole
MEF Metro Ethernet Forum
MTTN Mean Time To Notification
MTTR Mean Time to Repair
CTI Computer Telephony Integration
TDM Time Division Multiplexing
BGP Border Gateway Protocol
OSPF Open Shortest Path First
EVC Ethernet Virtual Circuits
EAP/LEAP Extensible Authentication Protocol
PSTN Public Switched Telephone Network
WPA Wireless Protected Access
EIGRP Enhanced Interior Gateway Routing Protocol
V4.0 05/01/08 This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 84
Requirements Document
05/08