Service Level Agreement

Services:

“Services” shall mean Aerospike Cloud Managed Service and related professional services.

Customer Responsibilities:

1. Customer is responsible for providing all data points needed to determine an appropriate capacity, cloud/systems architecture, and growth plan as requested by Aerospike and listed on the appropriate Order Form.
2. Customer is responsible for notifying Aerospike when the expected workload is going to change beyond the bounds of the original capacity, cloud/systems architecture, and growth plan.
3. Customer is responsible for the providing required cloud credentials (eg. Identity and Access Management credentials for the cloud provider) used by Aerospike infrastructure provisioning software.
4. Customer is responsible for all access controls and monitoring of Customer application access and activity on the Aerospike database.
5. Customer is responsible for all access controls and monitoring of non-Aerospike  (eg. Customer employees and contractors) access and activity on the Aerospike database.
6. If using external authorization (eg. LDAP to Customer’s employee directory) to manage Aerospike database access, Customer will also provide a minimum of 3 user credentials for Aerospike Operations Personnel (named and background checked individuals).
7. Customer will confidentially and immediately disclose any known breaches or potential breaches of sensitive data when the risk extends to Aerospike (e.g. secret exposure, attacks targeting Aerospike-managed systems, etc.).
8. Customer is responsible for configuring, deploying, monitoring, debugging and troubleshooting Customer applications that use the Managed Products.
9. Customer is responsible for ensuring Customer applications use the Managed Products as intended and provide immediate remediation when misused. Example mis-use and abuse includes, but is not limited to, excessive scan jobs, connection exhaustion, excessive secondary index creation, usage patterns not consistent with the Capacity Plan. Aerospike may terminate this agreement if Customer does not remediate mis-use of Managed Products within thirty (30) day from the date detection or of notification by Aerospike. Any Service Unavailability will not apply to any reporting period if the unavailability is determined to be caused by mis-use or abuse by Customer.
10. Customer application servers must support one of the Aerospike-defined TLS cipher suites.
11. Customer is responsible for defining and applying a cloud tagging protocol to all cloud resources used by Managed Clusters to assist in identifying the cloud resources used for the Managed Clusters. Customer is required to provide all security or update notifications received from the cloud provider that relates to any cloud resource used by Managed Clusters within 24-hours of receipt.
12. Customer is responsible to change their password for their issued credentials in the Aerospike Support Portal.
13. Customer is responsible for managing access for their authorized users of the Aerospike Support Portal.
14. Customer is responsible for downloading the Developer Feature Key to be used for development purposes.

Aerospike Cloud Managed Service Responsibilities:

1. Aerospike is responsible for determining appropriate cloud and system architecture and resource provisioning to handle Customer workload and meet performance objectives.
2. Aerospike is responsible for selecting which technology is used to configure, deploy, manage, and monitor the Aerospike server. This includes, but is not limited to, cloud resources and instance types, operating systems, system libraries, and operational tools.
3. Aerospike is responsible for restricting and monitoring access to services and tools used by Aerospike, including, but not limited to: SSH access to production infrastructure, infrastructure provisioning tools, execution of runbooks, monitoring dashboards (Prometheus, Grafana, etc.), and Operations Personnel access to the Aerospike database (if not managed by Customer’s employee directory).
4. Aerospike is responsible for logging the access and activity of Aerospike Operations Personnel and providing Customer access to these logs for audit purposes upon request.
5. Aerospike is responsible for proactively notifying Customer and providing access logs if unauthorized access is discovered.
6. Aerospike will confidentially disclose any known breaches or potential breaches of sensitive data when the risk extends to the Customer (eg. secret exposure, attacks targeting Aerospike-managed systems, etc.).
7. Aerospike will manage the TLS certificate lifecycle for the Aerospike server and provide the customer with the root CA certificate.
8. Aerospike will notify the customer of any changes to the supported TLS cipher suites.
9. Aerospike will manage the entire encryption key lifecycle including time-based (eg. annual) rotation policy.
10. Aerospike is responsible for providing relevant artifacts to the customer for debugging and troubleshooting Customer applications. This may include logs, configuration settings, and metric values.

Commencement of Managed Services:

Aerospike will have up to five (5) days from Effective Date of this agreement and the receipt of credentials to release Managed Clusters to Customer for general availability and use. Some of the checklist items for this process include:

1. Configure Identity and Access Management (IAM) policies
2. Deploy Managed Products and apply configurations
3. Deploy monitoring and alerting systems
4. Configure Cloud Console
5. Complete security and general validation for Production Managed Clusters

After successful completion of the validation protocols, Aerospike will provide the Managed Cluster connection details via Cloud Console when Managed Clusters are considered generally available for use.

Service Credits and Service Level Guarantees:

Aerospike will use commercially reasonable efforts to provide a service availability that matches the uptime Service Level Agreement commitment from the cloud provider account measured per month. “Service Availability” means that an Aerospike cluster managed under this agreement is available 24 hours per day, 7 days per week, excluding any scheduled and unscheduled maintenance time to implement updates, upgrades or other modifications.

Aerospike will use commercially reasonable efforts to notify Customer at least twenty-four (24) hours prior for any scheduled maintenance to minimize the effect of such maintenance on the subscription Services and as soon as practicable for any unscheduled maintenance or any known and verified unscheduled downtime.

Aerospike is not liable for performance SLA breaches as a result of mis-use of the Managed Product, Customer’s applications, networks and systems. Aerospike is not liable for unavailability as a result of severe abuse (eg. DoS attack from within the customer network).

Provisioning Agreement

The Managed Products base subscription includes configuration and management of the clusters defined in the Fees section. Aerospike will be authorized to provision the types and quantities of compute, network, security, and storage services to meet the expected workload and performance targets defined by Customer. The Provisioning Agreement will be completed by Aerospike and Customer during the onboarding meeting.

Unique Data Under Management

Unique Data size is defined by the total number of objects times the average object size excluding storage format overhead per Managed Cluster.

Production Cluster

A Production Cluster is a Managed Cluster that will be managed under the Service Availability definition and includes 24x7x365 monitoring, alerting, and Service Level Objective-based issue remediation policies. All unique data stored in a Production cluster will be considered Unique Data Under Management. A Production Cluster will be subject to performance validation by Aerospike prior to being made available to Customer. All Managed Clusters will be considered Production unless otherwise designated.

Non-Production Cluster

A non-production cluster is a Managed Cluster but will be designated by Customer as Non-Production. A Non-Production Cluster will not be subject to Service Availability description and all Customer data stored in a non-Production cluster will not be used to calculate Unique Data Under Management. Customer will separately define the compute, network, security, and services used to provision the non-Production cluster. A Non-Production Cluster will not be subject to performance validation by Aeropsike prior to being made available to Customer. A Non-Production Cluster will not include 24x7x365 monitoring, alerting, and Service Level Objective-based issue remediation policies.

Capacity Thresholds

Aerospike Cloud Managed Service uses alerts to provide notifications as Customer’s data grows or usage patterns evolve. A comprehensive set of metrics are actively monitored and a cluster scaling event will be initiated when one or more of the following occurs:

1. Disk storage exceeds threshold
2. Memory usage exceeds threshold
3. CPU utilization exceeds threshold
4. Network throughput exceeds threshold
5. Read/write throughput drives latency above predefined performance targets

Aerospike Cloud Managed Services defines operational alerts to notify Customer of the data growth and to obtain an extension to the Provisioning Agreement to allow Aerospike to provision additional capacity beyond the bounds set forth in that agreement.

If any threshold is breached at a critical level prior to Customer explicitly providing authorization, Aerospike is authorized to add additional infrastructure capacity to bring the cluster below threshold alert levels.

Service Availability

The following table details the credits available to Customer in the event the Service Availability during a Reporting Period  (“Reporting Period” a calendar month) falls below the indicated thresholds:

Service Availability is defined by issuing the INFO request to the target cluster at a one minute interval. Every INFO request should return with a message. The percentage of returned INFO requests during the period will be used to determine Service Availability.

See https://docs.aerospike.com/reference/info/ for a description of the INFO request.

Calculation of Service Availability

Service Availability is measured monthly and calculated by subtracting from 100% the total percentage of 1-minute periods during the Reporting Period for which an Aerospike cluster is Unavailable.

“Unavailable” is defined for any one (1) issued INFO command that does not receive a complete response during the reporting period subject to any scheduled and unscheduled maintenance time and time for any Exclusions.

“Exclusions” means the following: (i) unavailability caused by circumstances beyond Aerospike’s reasonable control, including, without limitation, acts of nature, acts of government, emergencies, natural disasters, flood, fire, civil unrest, acts of terror, strikes or other labor problems (other than those involving Aerospike employees), or any other force majeure event or factors; (ii) any problems resulting from Customer’s software applications; (iii) interruptions or delays in providing the Services resulting from telecommunications or Internet service provider failures; (v) any interruption or unavailability resulting from Customer’s use of the Services in an unauthorized or unlawful manner or any interruption resulting from the misuse, improper use, alteration, or damage of the Services; (vi) any problems caused by modifications in any version of the Services not made or authorized by Aerospike in writing; and (vii) any problems resulting from Customer’s or any third party’s acts, errors or omissions or any systems not provided by Aerospike.

SLA Exclusions

Notwithstanding anything to the contrary herein, this SLA does not apply to any performance or availability issues and will not count towards any service unavailability calculation that result from any voluntary actions or inactions from you or any third party such as rebooting, shutting down or any access to a cloud instance that is part of an Aerospike cluster; misconfigured security groups, VPC configurations or credential settings, disabling encryption keys or making the encryption keys inaccessible, expired or misconfigured Customer certificates, attempting to connect from an IP address that has not been confirmed and processed in the whitelist of approved IP addresses, attempting to connect when the number of connections is already at the connection limit, Customer-side DNS issues, etc.;

Request for Credit

Any Customer request for a credit that Customer is entitled to under this SLA may only be made on a calendar monthly basis and must be submitted in writing within 10 days after the end of the relevant calendar month or shall be deemed to have been waived by Customer. For those periods at the end of a Subscription Term that do not coincide with the end of a calendar month, Customer must make a claim for a credit within 10 days after the expiration of the Subscription Term or the claim for credit shall be deemed to have been waived by Customer. The total of all credits applicable to or accruing in any given Reporting Period shall not exceed 5% of the Subscription fees paid or payable to Aerospike by Customer for the Reporting Period. Credits will only be applied to future Aerospike Cloud Managed Service payments.

The right to a credit shall be the sole and exclusive remedy available to Customer in the event of unavailability of the Services as set forth herein. In no circumstance shall the unavailability of the Services be deemed a default under the Agreement or this SLA.

All credit requests will be verified against Aerospike’s system records. Aerospike will make available to Customer a monthly record of the Application Availability.

Application of Service Credits

A Service Credit shall be applied only to the Monthly Services Fee invoice applicable to the Service month following the month during which the event giving rise to the Service Credit occurred (Service Credits arising before Commencement of Online Availability shall be applied to the first Monthly Services Fee invoice).  In no event shall Customer be provided a Service Credit in cash, refund, or any other form other than a credit against Monthly Services Fees.

Termination Option

Customer may terminate its engagement for Aerospike Cloud Managed Service without penalty, if any of the following occurs in any single calendar month: (A) Customer would (if not for the limitation set forth in the first sentence – and only that first sentence – under “Maximum Service Credits”) have been entitled to receive fifteen (15) or more Service Credits resulting from three (3) or more separate failures to fulfill the Service Availability Guarantees during such calendar month, or (B) any single event entitling Customer to Service Credits under the section entitled “Service Availability Guarantee” exists for a period of eight (8) consecutive hours, or (C) any number of events entitling Customer to credits under the “Service Availability Guarantee” section exists for an aggregate of twenty-four (24) hours.

Customer may terminate the Services under the preceding paragraph by providing Aerospike written notice addressed to the attention of Aerospike Customer Care, with a cc: to the attention of Aerospike’s /Legal Department, within five (5) business days following the end of such calendar month.  Such termination will be effective ninety (90) days after receipt of written notice by Aerospike.

Performance

Aerospike Cloud Managed Service offers a target performance Service Level Objective (SLO) based on an initial cloud infrastructure plan. Aerospike Cloud Managed Service will monitor the cluster performance and will adjust the infrastructure as required to achieve the desired performance targets.

Change Requests

Changes to the configuration of a Managed Product or a request for additional Managed Products can be initiated by Customer. The following changes are considered permissible. Any configuration change request is classified as a Change Request if the request for the change occurs after the Production Validation period has expired.

Initiating the Change Request

Change Requests for Managed Products must be initiated through a support case by an authorized user.

Service Level Objective (SLO)

Aerospike Cloud Managed Service offers a SLO for each change request that begins when the change request has been validated by Cloud Operations from the support case. Best commercial efforts will be made to complete the requested change within this designated objective time.

Configuration Changes Allowed