Terms of Service and Disclosures
By logging on or accessing a CloudConnect account, or by transferring data to CloudConnect, Subscribers agree to be bound to these terms of service, and acknowledge receipt and careful consideration of all disclosures contained herein.
Technical Content Notice
Given that CloudConnect renders highly technical services, this agreement and its disclosures are highly technical in nature. If you do not understand this agreement or any terms or clauses contained in this agreement, you should consult an Attorney and an Information Technology Professional before signing this agreement.
The agreement shall commence on the execution date of this agreement.
The initial term of this agreement shall begin on the commencement date and end one year from the first day of the first full calendar month following the commencement date.
Subscriber may cancel this agreement for a full refund up to sixty days after the commencement date (“cancelation window”). Subscriber must notify CloudConnect in writing of its intent to cancel this agreement during the cancelation window.
This agreement shall automatically renew without notice on each anniversary of the first day of the first full calendar month following the commencement date (“renewal date”) and such agreement shall renew for additional one year terms. Should Subscriber choose not to renew this agreement, Subscriber must notify CloudConnect in writing at least sixty days prior to the renewal date.
Summary of CloudConnect Services Provided
CloudConnect is a Cloud Services Provider, Citrix Services Provider, and Microsoft Software Services Provider. Generally, CloudConnect hosts Microsoft Windows desktops, Windows applications, and provides a remote display protocol for Subscriber to interact with the hosted applications.
In exchange for monthly payment in arrears, CloudConnect agrees to provision and host “Hosted Infrastructure” for the Subscriber subject to the terms of this agreement. Hosted Infrastructure varies from subscriber to subscriber, but generally includes, Data Storage, Software Use Rights for qualified Microsoft and Citrix products (“Licensing”), and Resource Pools. Hosted infrastructure does not include devices Subscriber uses to interact with or connect to the Hosted Infrastructure. Subscriber’s Hosted Infrastructure is a logically isolated computing environment that is virtualized on hardware devices (servers, data storage, network switches, etc.) operated by CloudConnect. CloudConnect’s hardware devices are comingled among subscribers and virtualization technologies are used to serve multiple subscribers simultaneously from the same hardware resources. Clustering technologies are used to improve uptime and overall efficiency of the CloudConnect Platform. Subscribers interact with Hosted Infrastructure through a remote display protocol.
The CloudConnect Platform includes all facilities computer code, data, databases, software, operating systems, hypervisors, servers, network switches, third part services, and storage systems operated by CloudConnect required to deliver services in accordance with the terms of this agreement. The Citrix Receiver and CloudConnect Thin Client (where applicable) are also considered part of the CloudConnect Platform. Subscriber-owned computers/devices are not considered part of the CloudConnect platform. Subscriber’s peripheral devices (e.g. printers, scanners, web cameras, thumb drives, audio devices, speakers, microphones, telephones, cameras, monitors, keyboards, human input/interface devices, etc.) are not part of the CloudConnect Platform.
A Resource Pool is part of CloudConnect’s service offering. A resource pool consists of 2 x 2.93 GHz vCPU (5.86 GHz) and 4 Gigabytes of vRAM. Each virtual machine in a Subscriber environment requires at least one resource pool to run. Subscriber may add additional resource pools to virtual machines for high performance applications up to a limit of 4 resource pools per virtual machine. As Subscriber’s users and workloads increase, additional resource pools may be necessary to meet Subscriber’s data processing needs.
Data Storage (storage) is part of CloudConnect’s service offering. CloudConnect provides storage to Subscriber’s virtual machines via VMware or equivalent virtual machine disks (vmdk). Subscriber’s vmdks are stored on a storage area network utilizing RAID technologies for hardware redundancy and fault tolerance. Subscriber is billed based on used storage of each vmdk assigned to a Subscriber as measured by the VMware ESXi hypervisor. Vmdks are thin provisioned, as such subscriber is only billed for each Gigabyte of committed or used storage, not allocated storage. Each virtual machine may consume up to 20 Gigabytes of Subscriber’s committed storage for the virtual machine’s operating system and core software components prior to Subscriber importing any existing data or generating any new data (“usable data”). As Subscriber generates data through use of the platform, committed storage increases accordingly. Subscriber should be aware that deleting files and folders does not reduce the committed storage.
Software Use Rights
Licensing of Microsoft and Citrix Software Use Rights is part of CloudConnect’s service offering. Licensing is based on user accounts or “named users.” Subscribers are bound to all terms of CloudConnect’s licensing agreements with Citrix Systems and Microsoft. Such agreements are available upon request.
Licensing of Microsoft and Citrix software and applications are based on use in a given calendar month (“metered software applications”). CloudConnect meters software use based on entitlements assigned to a user account. Software is licensed per named user (user account). A license is required for each user authorized to access a hosted desktop and any Microsoft desktop applications installed on the assigned hosted desktop. Once a user has been authorized to use said desktop and applications in a given calendar month, a license is consumed and remains valid and reusable for the named user until the end of the calendar month. Named users or user accounts that do not intend to access a metered software application or desktop in a given calendar month (billing period) must contact CloudConnect to de-authorize or delete the account prior to the commencement of the billing period in question. For Private Domain subscribers, contact your Active Directory Administrator to de-authorize or disable user accounts. Users seeking a credit for unused Microsoft desktop applications must contact CloudConnect to uninstall the unused applications from the subscriber’s Desktop Host(s) before the beginning of the billing period.
For Microsoft Exchange Server, a license is consumed each month that a user’s mailbox is enabled on Subscriber’s Microsoft Exchange Server.
Pricing for Microsoft and Citrix products are subject to change without notice. To obtain most current SPLA pricing for Microsoft software use rights or CSP pricing for Citrix software use rights, please contact CloudConnect. Subscriber is granted software and use rights as a subscription based service, Subscriber in no way takes ownership of any license from Citrix or Microsoft for pre-written software.
CloudConnect does not meter licensing for any third party applications.
Thin Clients (Devices)
In certain scenarios, Subscriber may obtain a Thin Client device from CloudConnect for an additional monthly fee. Thin Clients are small computers with a Microsoft Windows Embedded operating system. Thin Clients use a special configuration that limits user interaction with the local desktop and provides a seamless user experience with CloudConnect Desktops. The Thin Client device may not be used for any purpose other than its intended purpose of accessing CloudConnect hosted desktops. Other than hardware failure and providing instructions for setup and configuration, CloudConnect does not provide any support for thin clients obtained from CloudConnect. CloudConnect thin clients should only be used on trusted networks behind a firewall. Thin Clients do not have any malware detection agent software installed. Subscriber may elect to install such software if required for Subscriber’s specific industry. CloudConnect does not monitor, audit, or manage the Thin Client remotely. Subscriber should therefore secure the Thin Client “Technician” (administrator) account and avoid providing users with Technician credentials. Only IT professionals should utilize the Technician account for the specific purpose of installing peripheral devices, drivers, and performing updates to the Citrix Receiver or Adobe Flash Player Plugin. In addition to User State Migrations, Thin Client installations can generally take 2 hours for a skilled Technician to setup and install the device.
Ownership of Software Services and Content
CloudConnect does not convey any ownership of any software license to Subscriber. Virtual machines and all software provided by CloudConnect are property of CloudConnect and/or CloudConnect’s software vendors. Only data imported and generated by Subscriber on a CloudConnect virtual machine or storage device shall remain the intellectual property of Subscriber subject to all terms of this agreement.
Provisioning of CloudConnect Services
CloudConnect does not charge for the provisioning of its services. Provisioning means the initial setup or enabling/disabling features of services rendered. Provisioning does not mean technical support, managed services, migration, system upgrades, and/or data import and export. Only Subscriber or Subscriber’s authorized designee may submit provisioning requests to CloudConnect. To provision additional user accounts and licensing submit requests to email@example.com (Private Domain Subscribers should contact their Active Directory Administrator). Changes in storage allocation or resource pools should be submitted to the CloudConnect Network Operations Center (NOC) firstname.lastname@example.org. To arrange an exchange of a Thin Client device, to request an additional Thin Client Device, or for technical information regarding Thin Client Devices should be directed to email@example.com. Certain provisioning requests may require users to logoff of the system, or may require a temporary service interruption. Certain requests may take up to 48 hours to process depending on Subscriber’s hosted infrastructure configuration.
Migration of Subscriber’s existing data and applications
CloudConnect does not provide for the migration of Subscriber’s existing applications, data, and/or system settings/user states to Subscriber’s Hosted Infrastructure. Subscriber should contract with a qualified IT professional familiar with the CloudConnect Platform to perform such migration. Upon request of Subscriber, CloudConnect will provide referrals to various IT professionals familiar with the CloudConnect Platform, however CloudConnect makes no warranty with respect to the IT Professional’s expertise, nor shall Subscriber hold CloudConnect responsible for losses arising out of or attributable to the IT Professional’s acts, errors, and/or omissions in performing such migration.
It is possible that Subscriber’s IT Professional may discover pre-existing data corruption or application compatibility issues with Subscriber’s existing system configuration. Such issues may need to be resolved prior to performing a migration to CloudConnect. These issues may require Subscriber to incur additional charges beyond migration costs, for an IT Professional to correct, or additional software licenses may need to be purchased from third parties so Subscriber’s applications function in a multi-user environment. It is also possible that Subscriber may still be required to incur these additional charges if Subscriber elects to cancel migration to CloudConnect during the migration process, as these issues may need to be rectified in order to return Subscriber back to Subscriber’s original infrastructure.
Submitting Subscriber data to CloudConnect via Physical Media
Subscribers or IT Professionals who submit external hard drive disks on behalf of Subscriber to CloudConnect for virtual USB mounting should encrypt the data or drive prior to submitting to CloudConnect. Should Subscriber or Subscriber’s designee fail to encrypt data on a drive submitted to CloudConnect, Subscriber shall indemnify, defend, and hold CloudConnect harmless should the drive or data become lost or stolen while in CloudConnect’s possession.
CloudConnect will not distribute hard drives to Subscriber for the purposes of importing Subscriber’s existing data to CloudConnect. CloudConnect recommends importing data only through secure network connections such as ICA client drive mapping, third party folder synchronization services such as Citrix Share File, or a VPN connection.
CloudConnect utilizes third party owned and operated colocation facilities for housing CloudConnect’s data storage and information processing equipment. Said Colocation facility shall comply with the terms of SAS 70 Type II, as well as the terms of TIA Tier III datacenter facilities for redundant cooling, power, and IP transit systems. CloudConnect shall furnish evidence of compliance, certifications, and/or audits of the facilities to Subscriber upon request to the extent that said Colocation Facility makes such information available to its tenants. In Colocation Facilities only, the CloudConnect Platform shall consist of hardware that facilitates a network and power supply topology that is at least n+1 redundant.
CloudConnect may also utilize self-operated facilities for housing CloudConnect data storage and information processing equipment that is primarily used for disaster recovery purposes and platform testing. Self-Operated facilities may not comply with the terms of SAS 70 Type II, nor comply with the terms of TIA Tier III datacenter facilities.
Microsoft & Citrix Software
CloudConnect maintains a Services Provider License Agreement (SPLA) with Microsoft. All Microsoft products and services installed on a Subscriber’s Desktop or Server must be licensed through the SPLA program with CloudConnect and are subject to Microsoft’s terms and conditions contained herein. Notwithstanding the Microsoft Public License, Subscriber may not install Microsoft software licensed through other means such as retail purchases. Exceptions and/or reduced SPLA rates may apply for Subscribers with existing Microsoft Software Assurance contracts.
Similarly CloudConnect is a Citrix Service Provider (CSP). All Citrix products and services installed on a Subscriber’s Desktop or Server must be licensed through the CSP program with CloudConnect. Notwithstanding Citrix Public License, Subscriber may not install Citrix software licensed through any other means such as retail purchases.
Should Subscriber use the CloudConnect Platform in any manner that conflicts with the Terms of Service, subscriber is doing so at their own risk. CloudConnect will not support subscriber’s Cloud environment when used in any manner that conflicts with the following Terms of Service. Should subscriber use CloudConnect in any manner that conflicts with the Terms of Service (knowingly and/or unknowingly), Subscriber waives all claims against CloudConnect, and further agrees to indemnify, defend, and hold CloudConnect harmless for any loss to any party arising out of or attributable to the use of CloudConnect in said manner that conflicts with the Terms of Service.
Should Subscriber use CloudConnect in any manner that conflicts with these Terms of Service, Subscriber may, at CloudConnect’s discretion, be deemed in default of this agreement.
CloudConnect desktops use the Microsoft Windows Server 2008 R2 Operating System with Remote Desktop Services Role (“Desktop Host”) and Citrix XenApp 6.5. Windows 7 virtualized desktops are not available through CloudConnect under the Microsoft SPLA program. Subscriber is responsible for verifying that use of non-Microsoft applications on Windows Server 2008 R2 Remote Desktop Services / Citrix XenApp 6.5, and/or use with virtualization technologies do not violate the software provider’s End User License Agreement, or any local, state, or federal law. CloudConnect should not be utilized to host or deliver any application where temporary loss of access to such application could result in losses including, but not limited to, personal injury, death, failure to diagnose, treat, cure or prevent a medical disease and/or condition, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.
Hardware Acceleration/GPU Rendering Not Available
CloudConnect applications run inside of a virtualized operating system. Virtualized operating systems do not have access to a Graphical Processing Unit (GPU). CloudConnect desktops do not support Direct9 and/or DirectX features such as DirectDraw Acceleration, Direct3D Acceleration, and/or APG Texture Acceleration. Therefore, applications that rely on hardware acceleration technologies for graphical rendering may not function or render usable on CloudConnect. Some examples of application types that may rely on these technologies include Computer Aided Design (CAD) / Graphic Design, Imaging, Video Editing, and Geographic Information Systems (GIS) software. Subscribers are responsible for testing functionality of all applications on CloudConnect prior to using the CloudConnect platform in a production environment.
Installing and Configuring Third Party Applications
Third Party Applications are generally installed onto CloudConnect desktops in a manner similar to installing on a personal computer. However, when an application is installed on a Desktop Host, all users with access to the Desktop Host generally have access to the application. Subscriber is responsible for installing, maintaining, configuring, troubleshooting, patching, and updating any application or software licensed through a third party. Subscriber must maintain retain an Information Technology Professional with a CloudConnect user account with local administrative privileges to provide for the installation and maintenance of such applications. Subscriber must verify compatibility of Third Party Applications with the Microsoft Windows Server 2008 R2 operating system prior to installation and use.
Application Streaming is a technology developed by Citrix Systems to enhance application stability in a multi-user desktop environment. Application Streaming also provides for the centralized management of an application across multiple users, and restricts application enumeration at the user or session level, rather than the virtual machine level. Application Streaming packages a Windows Desktop application into a sandboxed environment or isolation environment, while executing on the user’s Desktop Host. Not all applications are able to be streamed. Packaging, testing, assigning, updating, patching, and/or configuring of applications for Application Streaming are all billable services from CloudConnect at a rate of $150 per hour. Subscriber’s use of the Application Streaming technology is included with the Software Use Rights of each desktop user.
Licensing of Third Party Applications
Subscriber is solely responsible for complying with all End User License Agreements for third party applications used by Subscriber. Subscriber must also obtain licenses for all third party software installed in or streamed to Subscriber’s Hosted Infrastructure where required. Subscriber shall indemnify and defend CloudConnect for any claim brought by a third party software provider for violation of their End User License Agreement provided such claim is attributable to Subscriber’s use of said software on the CloudConnect Platform.
Remote Desktop Services Architecture Security Considerations (User Account Control)
User desktops within a Subscriber’s organization are isolated at the session layer, not by virtual machine. Users with administrator privileges can introduce a computer virus, malware, or other security vulnerability, which can affect all users and all user data within their organization. Users with administrator privileges also have full control over any user’s data, which is stored locally on the Desktop Host for which said user has administrator privileges. Because of these considerations, administrator privileges should be limited to a single user account for the sole purpose of installing and configuring software. This administrative account should only be used by a responsible user or trusted IT professional. CloudConnect will not support any Desktop Host where multiple users or irresponsible users have been granted administrator privileges, and makes no warranty with respect to the security of said Desktop Host and its data, when multiple users or irresponsible users have been granted administrator privileges.
As recommended by Citrix, CloudConnect may disable User Account Control (UAC) on Subscriber’s Desktop Hosts when required for Application Streaming. When users are granted local administrator rights and UAC is disabled, the security of the Desktop Host can become further compromised. Subscribers choosing to add users to the local administrators group should enable UAC on the affected Desktop Hosts. CloudConnect reiterates it will not support and make no warranty with respect to the security of a Desktop Host and its data, when a multiple users or irresponsible users have been granted administrator privileges.
For the purposes of this section, an irresponsible user includes a user unaware of the difference between a standard user account and an administrator account. An irresponsible user is also includes a user unable to distinguish between trusted executable/windows installer files and untrusted executable/windows installer files.
Network Display Protocol
CloudConnect subscribers interact with CloudConnect hosted applications and desktops through the Citrix Independent Computing Architecture protocol (ICA). ICA is a network based display protocol, and image quality and integrity are directly affected by the quality of one’s internet/network connection. Because CloudConnect relies on the internet in all cases to deliver hosted applications and desktops to users, CloudConnect is not able to control network quality of service between CloudConnect facilities and the Subscriber’s point of access. Subscriber should therefore test their applications with their current ISP connection to determine if performance will be acceptable.
Because of these network conditions, CloudConnect uses image compression algorithms to improve the usability of hosted applications and desktops. Examples may include, but are not limited to, color compression, queuing and tossing, progressive compression, lossy compression, and jpeg/heavyweight compression. These image compression algorithms may intermittently or continuously degrade image quality. Certain abnormal network conditions including jitter and loss of bandwidth can invoke additional compression over and above what is normally used. Image compression algorithms can significantly degrade image quality during such circumstances. Subscribers should carefully consider the effects of loss of image quality and integrity on their organization’s workflows. CloudConnect should not be used in any industry or use case where loss of image quality or integrity could result in losses including, but not limited to, personal injury, death, failure to diagnose, treat, cure, or prevent a medical disease and/or condition, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.
Not all devices will be compatible when used with CloudConnect and CloudConnect provides no support for peripheral devices, other than instructions on how to generally setup the type of device and how to generally use the device with a Cloud Desktop. CloudConnect does not support native device drivers for peripheral (locally attached) hardware devices. Peripheral devices are unable to be redirected to CloudConnect desktops using the device’s native driver (i.e. no isochronous redirection). Native device drivers should be installed locally on the client’s workstation or access point. Citrix supported peripheral devices will generally map to the CloudConnect desktop through Citrix or Microsoft universal drivers for the type of device. Peripheral device mapping is limited to most printers, TWAIN compliant scanners (only when being used with a TWAIN compliant image capture software installed on the Cloud Desktop such as Adobe Professional), certain web cameras, microphones, speakers, basic human input devices (such as a keyboard and mouse), and thumb drives pre-formatted with FAT32 file system. Peripheral device performance and usability is reliant on low internet latency (consistently less than 30 milliseconds), and adequate bandwidth (consistently more than 5 Mbps download and 5 Mbps upload). Loss of bandwidth and/or increase in latency can cause peripheral devices to become unusable. Subscriber should verify desired peripheral device functionality with their access points and network connections prior to using CloudConnect in production. Subscriber is prohibited from using CloudConnect with any device that is (1) not supported by the device manufacturer for use with remote desktop technologies and/or virtualization technologies, (2) a medical device or device used to diagnose, treat, cure, or prevent any medical disease and/or condition, (3) any device, where use with a Remote Desktop, and/or loss of connectivity with a Remote Desktop could lead to losses including, but not limited to, personal injury, death, destruction of property, utility disruption, transportation system disruption, environmental damage, and/or financial loss.
Client Drive Mapping
CloudConnect Desktops by default allow users to read and write to local (client) drives and thumb drives from the user’s Cloud Desktop. If Subscriber needs to prevent users from having read and write access to personal drives (to prevent users from importing or exporting data to or from Subscriber’s Cloud environment), Subscriber must contact the CloudConnect Help Desk to block this functionality.
CloudConnect implements an optimization technology from Citrix Systems known as Flash Redirection. Flash Redirection offloads Flash content from the Subscriber’s hosted desktop to be rendered seamlessly, but locally on Subscriber’s workstation computer or Thin Client. Flash Redirection introduces potential access to local resources and should not be used by Subscriber unless the effects and security considerations resulting from such interactions have been properly evaluated. If Subscriber desires not to use Flash Redirection, Subscriber should contact CloudConnect to disable the feature.
Web Browser CPU Throttling
CloudConnect may implement technologies to limit the CPU (processor) consumption of Web Browsers installed on or streamed to Subscriber’s Cloud Desktops. Certain media-intensive websites can utilize excessive CPU, causing performance problems for Subscriber and other users. If Subscriber needs access to high performance web browsing for rendering of flash content, Subscriber should use the Microsoft Internet Explorer web browser with Flash Redirection.
Local Application Access
Local Application Access is an optional Citrix technology that allows users to interact with applications installed on local workstation computers from the Cloud Desktop through seamless application windows, thus providing a single unified workspace where the user may access both local and cloud-hosted applications. This scenario may be desirable for certain applications as part of a comprehensive Cloud solution, provided the application does not store data locally, or the data generated by the locally accessed application is backed up by a third party. In other cases, this scenario can cause significant user confusion and result in users generating data locally that either (1) is not written to the correct location and thus becomes lost or (2) is not backed up or made highly available. There also exists a potential security risk, whereby local unauthenticated users may gain access to Subscriber’s Hosted Infrastructure if the local application is configured to access a database or data share located in the Cloud and credentials for the database or share are saved locally. Subscriber should consult with CloudConnect prior to enabling this feature, and obtain appropriate training and an understanding of the security risks and required mitigation techniques prior to using this feature in production.
Remote Access Considerations
CloudConnect is an inherently remote computing architecture by design. All CloudConnect users are able to remotely access their Cloud environment from most mainstream computing devices with an internet connection. CloudConnect cannot restrict user access to the system based on geographic location, physical address, or IP address. Subscriber should not use CloudConnect if universal remote access is undesirable. Private Domain Subscribers may consider restricting logon hours to business hours for certain users through Active Directory.
Remote Management Software
Certain third party remote access, remote management, and/or online meeting software can conflict with the Citrix ICA protocol, and/or Citrix display drivers on a Desktop Host and the client computer being used to access the Desktop Host. Prior to installing any such software on a Desktop Host, or client workstation/access point, Subscriber should verify its compatibility with Citrix.
Subscriber’s Internet Access
Subscriber is solely responsible for internet access from any location used to access or remotely connect to Subscriber’s Hosted infrastructure. CloudConnect requires reliable internet access with substantial bandwidth, low latency, and high Quality of Service to render hosted applications and hosted desktops usable to Subscribers. For production office environments, bandwidth of at least 15 Mbps download 15 Mbps upload is recommended for the first 30 concurrent users. Latency should be consistently less than 30 milliseconds round trip to CloudConnect. Individual remote users not requiring a High Definition User Experience simply require a broadband or equivalent internet connection. CloudConnect will not monitor, troubleshoot, or diagnose Subscriber’s internet connection. CloudConnect will not provide any support, nor diagnose or troubleshoot any issue for Subscriber as would otherwise be required under the terms of this agreement, unless Subscriber’s internet connection meets the aforementioned minimum requirements.
Notice to Subscribers Traveling Abroad
CloudConnect filters internet traffic to and from countries suspected of engaging in industrial espionage against the United States. Subscribers traveling to these regions will need to contact CloudConnect to arrange traffic filtering exceptions to allow Subscriber to connect to hosted infrastructure while traveling in these countries/geographic regions. For a current list of countries and regions blocked by CloudConnect, contact the Help Desk.
Confidentiality of User Accounts and Credentials
CloudConnect will never ask a user for their password. Subscriber must require all users in Subscriber’s environment not disclose user account credentials to any individual including users within the organization. Allowing multiple users to logon with the same user account (impersonation) poses a significant security risk. Should any of Subscriber’s credentials become compromised, Subscriber must immediately notify CloudConnect to reset credentials.
Upon termination of an employee, the employee’s user account should be immediately disabled or placed into receivership (whereby the credentials are reset for the receiving user). Private domain subscribers should coordinate this with their self-designated Private Domain Administrator. All other subscribers should coordinate this through the CloudConnect Help Desk to disable or reset user account credentials.
Disclosing user credentials to anyone other than the named user, or failing to report user credentials being compromised, can result in civil and/or criminal penalties and/or unauthorized access to Subscriber’s infrastructure. Such unauthorized access could be malicious or unintentional, and result in data loss, downtime, identity theft, theft and/or corruption of data, and or financial loss. Subscriber shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to Subscriber’s disclosure of user account credentials to any party and/or impersonation of user accounts (shared accounts), or for Subscriber’s failure to report compromised credentials.
CloudConnect will not support any configuration where user accounts are assigned to devices and not named users. CloudConnect makes no warranty of system performance when Subscriber assigns accounts to devices and not users.
Malware Detection & Removal
Malware is a malicious or unwanted form of software or computer code, that when executed on Subscriber’s hosted infrastructure can cause security to be compromised on Subscriber’s hosted infrastructure. Malware is generally inadvertently executed or installed by users, whom are tricked by websites, emails, and other electronic information sources that make false representations about its prospective software and its authenticity.
To mitigate this threat, CloudConnect uses Endpoint Protection software/monitoring agents installed into Subscriber’s architecture. Users also should not be provided any kind of administrator credentials as users with administrator credentials can unknowingly override an Endpoint Protection agent’s attempt to block or quarantine the malware. CloudConnect also facilitates filtering of known malicious or phishing websites by making Norton Connect Safe® available to Subscriber.
Should CloudConnect detect malware, Subscriber will be notified and a maintenance window scheduled to remove the malware. Removal of malware must be performed by CloudConnect, and CloudConnect will bill for this service at a rate of $150 per hour. Malware removal is mandatory once malware is detected, and Subscriber may not opt out of removal of malware.
Subscriber agrees not to tamper with any Endpoint protection software or monitoring agents installed into Subscriber’s environment, and shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to Subscriber’s tampering or inhibiting the Endpoint Protection software from normally functioning, updating, and reporting to CloudConnect servers.
Subscriber shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of Endpoint Protection software’s failure to detect any malware, malicious software, or other unwanted attack on Subscriber’s hosted infrastructure.
Responsibility to Report Suspected Malware
Should Subscriber suspect any part of Subscriber’s hosted infrastructure is infected with Malware, or that the security of any part of said infrastructure is compromised, Subscriber agrees to promptly report such suspicion to CloudConnect by contacting the Help Desk at 1-855-256-8343 option #1 or emailing firstname.lastname@example.org. Subscriber’s failure to report suspected malware to CloudConnect shall constitute an event of default by Subscriber as well as a full assumption of Subscriber’s liability and indemnification of CloudConnect for losses arising out of or attributable to said Malware infection.
Email Security and Email Considerations
CloudConnect does not provide any email screening or email security services. Subscribers should obtain these services from their email provider. Private Domain Subscribers choosing to self-host Microsoft Exchange or other email server software on CloudConnect servers are required to point MX records to a CloudConnect approved third-party email screening and security service. Subscribers should contact CloudConnect for a current list of CloudConnect approved third party email screening services. Subscriber is prohibited from pointing any MX record directly to any CloudConnect IP address. CloudConnect also filters IP traffic to and from known malicious IP addresses and countries suspected of engaging in industrial espionage against the United States. To communicate with these regions via email, Subscriber should configure outbound emails to route through a trusted email proxy such as Postini, or Microsoft Exchange Hosted Security.
Private Domain Subscribers (if applicable)
CloudConnect offers its Private Domain architecture as an option to subscribers requiring their own Directory Service (Active Directory). Private Domain environments are for technically sophisticated subscribers requiring exclusive control over user accounts and security principals. In this Private Domain architecture, object security is fully delegated to the Subscriber. Subscriber is therefore fully responsible for the security, maintenance, and management of its own Active Directory and its objects. Subscribers without the resources or need to manage their own Microsoft Active Directory Forest should consider using the CloudConnect Public Domain architecture as an alternative.
The need to secure or “harden” Active Directory is escalated in a Cloud environment, primarily because logon points are readily accessible from the internet. Failure to secure Active Directory may result in civil and/or criminal penalties and/or unauthorized access to Subscriber’s infrastructure. Such unauthorized access could be malicious or unintentional, and result in data loss, downtime, identity theft, theft and/or corruption of data, and or financial loss. Subscriber shall indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to Subscriber’s failure to secure and/or maintain its own Active Directory Forest on an ongoing basis.
CloudConnect will provision the Subscriber’s Active Directory Forest, however because security requirements vary from organization to organization, CloudConnect does not secure subscriber’s Active Directory. Prior to use in production, Subscriber or Subscriber’s designee should implement Active Directory hardening best practices. Hardening best practices include, but are not limited to, minimum user account password complexity, limiting user account password age and history, automatic disconnection or locking of idle user sessions, account lockout for invalid logon attempts, disabling the domain “Guest” account, and renaming the domain “Administrator” account. Domain administrator accounts should never be granted access to hosted applications and desktops and/or any logon point which is accessible from the internet. Desktop/Application users should not be granted administrator rights. Guidance on securing subscriber’s Active Directory may be obtained by reading the CloudConnect Private Domain Advisory.
Subscriber’s failure to maintain the requirements set forth in this paragraph will result in termination of service by CloudConnect and could compromise Subscriber’s security. Subscriber must designate and maintain an Active Directory Administrator, principally responsible for administering Subscriber’s Active Directory. Subscriber may not install, uninstall, or interfere with any Microsoft, Citrix, or ActivAeon software or agent within their virtual machines. Subscriber must maintain one non-transitive external bidirectional Forest Trust with gateway.cloudconnect.net on an ongoing basis. This Trust relationship is required for CloudConnect’s Citrix architecture to deliver Subscriber’s applications and desktops and does not subordinate any control of Subscriber’s Active Directory to CloudConnect. CloudConnect cannot reset Subscriber’s Active Directory Administrator password or any user account passwords.
Subscribers Utilizing Non-Microsoft Operating Systems
Certain Subscribers may opt to have CloudConnect host virtual machines/servers using an operating system not manufactured by Microsoft. In this case, the operating system must (1) be supported by CloudConnect’s current hypervisor vendor and (2) Subscriber must obtain any required licenses from the operating system manufacturer for use of the operating system in a multi-tenant Public Cloud.
CloudConnect does not provide support for non-Microsoft operating systems, and does not provide any security services such as providing endpoint protection agents and monitoring for malware for the operating system. Subscriber is responsible for the security and monitoring of the operating system, as well as the installation of any patches, updates, and/or hotfixes that may be distributed by the Operating System manufacturer.
Non-Microsoft operating systems are not compatible as a host for the Citrix ICA protocol. Subscriber will only be able to access such Non-Microsoft operating systems through third or protocols or protocol built-in to the non-Microsoft operating system.
Private Domain Subscribers are assigned a static internet IP address as well as a PVLAN (Private Virtual Local Area Network). These Subscribers may request opening of specific firewall ports and Network Address Translation rules to forward web service ports to application servers located on Subscriber’s PVLAN. Subscriber’s designated Active Directory Administrator is principally responsible for authorizing CloudConnect to open such firewall ports. Subscriber must understand risks associated with opening firewall ports and port forwarding and take necessary measures to secure application servers for internet traffic. For web applications that do not require direct integration with Subscriber’s PVLAN, Subscriber should consider dedicated web hosting from third party hosting providers.
If Subscriber still requires web applications on a CloudConnect Server, Subscribers should take necessary measures to secure their web application and user accounts. Such measures should include installing and maintaining valid SSL certificates on the application server, requiring authentication against an independent directory service, and redirecting/limiting internet-exposed ports to secure ports such as SSL/TLS (TCP 443). Users transmitting credentials to an application server in plaintext or without a valid SSL certificate risk interception of credentials by an attacker. In this scenario, if the web application’s authentication is integrated with Subscriber’s Active Directory, the user’s CloudConnect hosted applications and desktops will also be compromised because CloudConnect authenticates Private Domain subscribers to Subscriber’s Active Directory.
Other than malware detection on the host operating system, CloudConnect does not monitor Private Domain web applications or firewalls for security threats or uptime. Subscribers should consider contracting with third party monitoring services where required to monitor web applications for security threats and uptime.
For certain Private Domain deployments, Subscriber may request a site-to-site VPN tunnel to link a Local Area Network with Subscriber’s CloudConnect Virtual Local Area Network (VLAN). VPN tunnels expose subscriber’s CloudConnect network to external and potentially unsecured networks such as Subscriber’s on site Local Area Network. Subscriber understands that the security of their CloudConnect network is limited by the Security of Subscriber’s on site Local Area Network. Subscriber should therefore take steps necessary to secure their on-site Local Area Network, or any other Network or device which will be given access to the VPN Tunnel. VPN tunnels should only have access to network(s) trusted by Subscriber.
CloudConnect uses the Vyatta VC virtual appliance to create and maintain VPN tunnels. In certain circumstances, there may be compatibility issues across firewall vendors when configuring a site-to-site IPSEC VPN Tunnel. Certain compatibility issues may result in the tunnel intermittently dropping, or loss of connectivity, and/or ability to traverse the tunnel. CloudConnect therefore cannot provide any warranty with respect to site-to-site tunnels with third party VPN endpoints located at the Subscriber’s facility. Time by CloudConnect spent troubleshooting any VPN tunnel will be billed at a rate of $150 per hour.
Data Protection Service
For an additional monthly fee, Subscriber may enroll in the CloudConnect Data Protection Service. Data Protection Service is an optional nightly backup service for Subscriber’s hosted infrastructure, capable of reverting subscriber’s hosted operating systems to a previous state, and/or restoring individual files or folders. The nightly backup is designed to perform a quiesced snapshot of the subscriber’s operating system to ensure backups are crash consistent. Crash consistent backups are different from application aware backups. For example, database applications may require additional repairs after reverting to a previous snapshot. Subscriber should consult with application vendors to determine if crash-consistent backups are adequate for disaster recovery solution.
The Data Protection service is intended to protect subscribers from Subscriber’s acts of data corruption or accidental deletion. Backups of subscriber systems will run between the hours of 6:00 p.m. and 6:00 a.m. on qualified nights. It is possible for individual backup “jobs” to not complete under certain circumstances (i.e. maintenance of the backup system, backup job failure, etc.), in which case recovery of data to a specific point in time in accordance with the following Retention of Backup Data may not be possible. When a valid restore point is available, the data recovery process may take several hours depending on the amount of data being recovered and assuming the request is made during normal business hours. The ability to execute a data recovery job or restore a system is not guaranteed between the hours of 6:00 p.m. and 6:00 a.m. as the backup system may be running scheduled backup jobs or be undergoing maintenance. Subscribers may need to wait until the next business day for data recovery. In any case of inability to recover data, subscriber shall hold CloudConnect harmless.
The CloudConnect Nightly Backup Service does not restore application items (application item recovery). Examples may include specific database tables, SQL databases, database transaction logs, Microsoft Exchange Mailboxes or Mailbox items (such as an email or a contact). In the case where application items must be restored, Subscriber should implement application-specific or third party backup solutions to provide for the necessary recovery functionality.
The CloudConnect Data Protection Service does not provide for granular recovery of system states and/or Active Directory. Private domain Subscribers should configure the Windows Server Backup role on domain controllers and store the backup media on the domain controller to provide granular recovery of the System State and Active Directory.
Subscriber should verify Windows shadow copies are enabled on all drives in Subscriber’s system. Shadow copies provide for fast self-service recovery of accidentally deleted or corrupt files and folders with a shorter recovery point objective at the expense of a smaller retention of backup data. Should Subscriber require CloudConnect retrieve data from the Nightly Backup service or revert or temporarily boot Subscriber’s System to a previous snapshot, such services will be billed at $150 per hour. Additional charges for resource pools and storage may apply if the restored environment coexists with the production environment.
Retention of Backup Data
For subscribers of CloudConnect’s Data Protection Service only, CloudConnect will retain successfully completed backup job restore points in accordance with the following schedule:
7 most recent weeknight backups and
10 most recent weekly backups
Upon termination of this agreement, CloudConnect may, at its sole discretion, destroy or delete all of Subscriber’s backup retention data.
Backup data is de-duplicated, hypothecated, and may be comingled with previous backup data and backup data of other Subscribers to improve system performance.
Third Party Backup Solutions
CloudConnect recommends Subscriber purchase Citrix Share File for Citrix Receiver through CloudConnect or other qualified source as a best practice. Citrix Share File acts as a third party custodian of Subscriber’s data providing an additional off site backup of Subscriber’s files and folders. Share File integrates with the Citrix Receiver but is not a Business Continuity Solution like CloudConnect High Availability. Citrix Share File backs up files and folders (data). Share File does not back up software, systems, and/or system states nor does it provide access to third party software necessary to interact with subscriber data.
CloudConnect is not a data archival service and will not provide any archival of any software, data, or database. Subscriber is responsible for archival of all data through internal procedures or third party archival service providers.
CloudConnect will provision Subscriber’s Hosted Infrastructure using a highly available commercial-grade architecture with server clustering technologies. Clustering technologies will be configured to provide automated and expeditious system recovery from more severe types of hardware or system failures. Fault tolerant networking architectures will be used to prevent service interruptions when a single network hardware component fails.
Disaster Recovery & Business Continuity
CloudConnect will replicate Subscriber’s virtual machines to a second geographic location (Disaster Recovery Site). The virtual machine replication process will consist of an initial synchronization, followed by incremental changes replicated approximately every 24 hours. Bandwidth and processing constraints may increase the incremental backup window increasing the recovery point objective window. Replica virtual machines will generally boot from a crash consistent state however will not have been application aware image-processed. CloudConnect also does not replicate Nightly backup data to the redundant site.
CloudConnect shall have the right, at its sole discretion, to failover all CloudConnect processing to the Disaster Recovery Site. CloudConnect will make this decision provided a qualifying disaster event has occurred and failing over CloudConnect to the Disaster Recovery Site is in the best interest of CloudConnect subscribes collectively. During such an event, downtime, and up to 24 hours of data loss is possible for Subscriber (“incremental data loss”). Subscriber agrees to indemnify, defend, and hold CloudConnect harmless for any loss arising out of or attributable to CloudConnect’s decision to failover to the Disaster Recovery Site.
Encryption & Transport Security
CloudConnect remote application and desktop sessions use the Citrix ICA protocol. CloudConnect will embed the ICA protocol into the SSL/TLS protocol (port 443) with 256 bit AES encryption when the session traverses a public network (“the internet”).
CloudConnect will store all Subscriber data at rest using hard drive encryption technologies. All data at rest will be stored using 128 bit or better encryption.
If Subscriber initiates external communications on their own from the CloudConnect environment (email clients, web browsers, remote assistance agents and executable, etc.), CloudConnect is not a party to such transaction, and therefore cannot secure its communications. Subscribers must still be conscious of and secure communications with third parties as a Subscriber normally would from a traditional hardware device.
Scheduled Maintenance Windows
CloudConnect shall have the right to cause service interruptions between the hours of 10:00 p.m. and 5:00 a.m. for platform enhancements, updates, improvements, and fixes. CloudConnect shall notify either Subscriber or Subscriber’s Private Domain Administrator at least 6 hours prior to the start of a Scheduled Maintenance Window. CloudConnect will also provide an estimate of the Scheduled Maintenance Window completion time, however makes no warranty with respect to the estimate’s accuracy. Scheduled Maintenance Windows are not considered “downtime,” and as such are not eligible for any claim under CloudConnect’s Service Level Agreement (See CloudConnect Service Level Agreement).
Emergency Maintenance Windows
CloudConnect shall have the right to cause service interruptions without advance notice to Subscriber or Subscriber’s Private Domain Administrator during an emergency event. An emergency event exists when CloudConnect internally determines, at its sole discretion, that a service interruption is in the best interest of Subscriber(s) to repair or correct conditions including downtime, suspected security breach, impending system or hardware failure, or to apply a critical hotfix or security update. CloudConnect will notify Subscriber or Subscriber’s Private Domain Administrator via email of such service interruption as soon as practicable following an emergency.
CloudConnect Service Level Agreement (SLA)
Should Subscriber lose access to hosted desktops or applications (“downtime”) during a calendar month for a single continuous period totaling 2 hours or more, Subscriber shall be entitled to a refund dollar amount consisting of one half (1/2) of the previous calendar month’s subscription billing. For the purposes of this section, downtime does not begin until Subscriber has notified CloudConnect of such inability to connect to hosted desktops or applications, and ends when CloudConnect has notified Subscriber the condition has been fixed. Only downtime events caused solely caused by a CloudConnect operated datacenter hardware device, or operating system used for to deliver CloudConnect services. Downtime arising out of a malfunction of subscriber’s hosted operating system(s), or any software installed therein, is not eligible for SLA claims. Scheduled Maintenance, and downtime caused by other parties or causes beyond the direct control of CloudConnect are not eligible for claims to compensation under this SLA. This SLA shall be Subscriber’s sole remedy against CloudConnect for any loss incurred due to downtime. Subscriber is limited to a maximum of one SLA claim each calendar month and such qualifying downtime event must have occurred during said calendar month (i.e. Subscriber may not bank, or “roll over” a subsequent SLA event or claim from a calendar month for a credit to be applied to an invoice in a latter billing period).
In order to receive compensation for a qualifying downtime event under this SLA, Subscriber must notify CloudConnect via email of its desire to collect under an SLA claim no later than 30 days after the SLA qualifying incident occurs. Failure to notify CloudConnect within this period shall constitute a waiver to any compensation or credit as provided by this SLA.
Should Subscriber lose access to hosted desktops or applications (“extended downtime”) for a continuous period of at least 48 hours or more in one occurrence, Subscriber may terminate this agreement without penalty. Said termination shall be Subscriber’s sole remedy for any loss arising out of extended downtime.
CloudConnect’s acceptance of an SLA claim and subsequent compensation shall not ever be construed as an admission of liability for downtime or extended downtime by CloudConnect. Nor shall said acceptance of an SLA claim and subsequent compensation ever be an admission by CloudConnect that CloudConnect a negligent act, error, and/or omission by CloudConnect has occurred. CloudConnect’s acceptance of an SLA claim and subsequent compensation shall never be construed as an admission of a breach of contract by CloudConnect or that CloudConnect has failed to perform a contractual obligation and/or duty.
Subscriber’s acceptance of SLA compensation shall constitute a final settlement and waiver of any claim for damages (future or otherwise) by Subscriber arising out of or attributable to said downtime or extended downtime.
Despite best efforts, no system, including CloudConnect, is completely immune from failure, downtime, or service interruptions. Subscriber should understand that the possibility for downtime exists with CloudConnect services even when CloudConnect performs all duties under this agreement. Subscriber must consider carefully this risk and the potential effect of downtime on its organization when choosing a hosted application service such as CloudConnect.
Notwithstanding the remedies provided by the Service Level Agreement, Subscriber shall hold CloudConnect harmless for any direct loss, indirect loss, and/or consequential damages arising out of or attributable to downtime and/or extended downtime.
CloudConnect warrants to Subscriber that the CloudConnect Platform will perform in a manner that does not unreasonably impede or restrict Subscriber from working productively, provided Subscriber adheres to the terms and conditions of this agreement, and uses CloudConnect in a supported configuration, with tested third party software applications, peripheral devices, properly functioning access points (computers, laptops, tablets, mobile phones, etc.), and an adequate internet/network connection.
Should Subscriber determine CloudConnect in a supported configuration unreasonably impedes or restricts Subscriber from working productively, Subscriber’s sole remedy shall be termination of this agreement within the termination window. Subscriber’s failure to terminate this agreement within the termination window constitutes an ongoing acceptance by Subscriber that the CloudConnect platform is performing in a manner that does not unreasonably impede or restrict Subscriber from working productively.
Because CloudConnect is a multi-user environment, Subscriber should avoid installing applications, applying patches, updates, and/or changing system configurations, during production hours. Doing so can have undesirable results, cause data loss, negatively impact or interrupt other users currently logged on, and in extreme cases, cause service outages or a system crash.
Billing and Payment
CloudConnect shall not be required to provide notification to Subscriber prior to a use of services that results in additional charges, or when a service requested or rendered will result in additional costs (i.e. billable support services). CloudConnect’s failure to provide such notification that a service or use is billable shall not alleviate Subscriber of Subscriber’s responsibility to render payment for services provided under the terms of this agreement.
Subscriber will be billed in arrears for CloudConnect services rendered during a given Billing Period. CloudConnect billing works strictly on a calendar month basis; as such a Billing Period begins on the first of a given calendar month, and ends on the last day of said calendar month. Services consumed on a partial or non-continuous basis during a Billing Period are not pro-rated and will be billed according to the terms contained herein.
At the end of each billing period, CloudConnect gathers “usage data.” Such usage data includes:
- The maximum Committed Storage of the Subscriber’s hosted operating systems during the billing period
- Data Protection (if applicable) based on the maximum committed storage above
- Authorized users for Metered Software Applications (“Software Use Rights”)
- The maximum number of Thin Client devices in possession of the Subscriber
- The maximum number of Resource Pools consumed by Subscriber
- Any Billable Support hours provided during the billing period
CloudConnect shall promptly submit to Subscriber an itemized invoice of services consumed, the quantities of Services consumed (“usage data”), the unit price for each Service, and the total amount due, and the due date. Said due date shall be no later than 21 days from the post mark date of the invoice or 21 days from the last day of said Billing Period.
Except for Software Use Rights, CloudConnect will hold Subscriber’s unit prices constant for CloudConnect Services during the initial term of this agreement. CloudConnect may at any time after the first term, increase costs of services provided to Subscriber upon thirty days’ notice to Subscriber. Notwithstanding data export costs and migration costs, Subscriber may terminate this agreement without penalty no later than thirty days following receipt of notice of a price increase from CloudConnect.
Unified Invoicing for Advanced Support and CloudConnect Services
CloudConnect does not have an Advanced Support service offering, that covers issues beyond issues covered by CloudConnect technical support. Subscriber, at Subscriber’s sole discretion, may choose to contract directly with a registered CloudConnect Partner for technical support services for issues not covered by CloudConnect (Advanced Support). In such case, Subscriber may also elect to be invoiced for Advanced Support through CloudConnect (Unified Invoicing). Services rendered by the Partner and invoiced through Unified Invoicing will appear on CloudConnect invoices as a line item entitled “Advanced Support.” Such line item(s) represents a contractual relationship between Subscriber and Partner exclusive of CloudConnect.
Subscriber agrees to hold CloudConnect harmless for any loss arising out of or attributable to Partner’s negligent acts errors and/or omissions in Partner’s capacity as the Advanced Support provider. Subscriber accepts that CloudConnect makes no warranty and does not guarantee or back said Advanced Support, nor any of the Partner’s representations, services, and/or contractual obligations. In no case shall CloudConnect ever be liable to Subscriber for Partner’s failure to perform, nonperformance, negligence, and/or malpractice. Subscriber acknowledges Partner’s services are not contracted through CloudConnect rather said services are contracted directly between Subscriber and the Partner.
Upon request of Subscriber, CloudConnect shall furnish evidence of payment to Partner for Advanced Support under the terms of Unified Invoicing. Should Subscriber choose to terminate its Advanced Support agreement with Partner, Subscriber shall provide CloudConnect with thirty days’ notice of stop payment, upon which CloudConnect will stop invoicing for the service. Notice of stop payment to CloudConnect does not constitute notice to Partner nor oblige CloudConnect to provide any notices to Partner. Any outstanding discrepancies shall be resolved directly with the Partner. CloudConnect will not mediate or arbitrate any dispute between Subscriber and Partner.
CloudConnect represents that it provides services and licensed products. Currently, Cloud Services are generally not subject to Sales or use Tax in the Commonwealth of Massachusetts. However, licensed products are taxed. Therefore, those components containing licensed products are also taxed. Subscriber understands that Cloud Computing is a new and relatively unregulated industry. Should the Commonwealth of Massachusetts pass new laws, or modifies existing laws that makes additional components subject to a Tax, Subscriber shall be liable for any such taxes provided CloudConnect itemizes the Tax on Subscriber’s monthly invoice.
Subscriber shall become liable to CloudConnect for a minimum finance charge of $50 for any invoice not received ten days of the invoice due date (the grace period). Subscriber shall continue to accrue late charges at a rate of 18% per year (pro-rated to the nearest month) until Subscriber’s account becomes current.
Subscriber should check all CloudConnect invoices upon receipt of such invoice for any error. Subscriber must notify CloudConnect of any payment dispute or discrepancy in price, quantity, or product, no later than 30 days from receipt of such invoice. CloudConnect will evaluate the error, and if necessary, correct the error within 7 days of receipt of dispute. Subscriber shall pay any balance upon receipt of CloudConnect’s correction. Should Subscriber fail to check invoices upon receipt and/or fail to within 30 days of receipt notify CloudConnect of any invoicing error or payment dispute, Subscriber waives any claim to a monetary adjustment for any incorrect or disputed dollar amount on said invoice.
Remedy for Nonpayment
In the event CloudConnect does not receive payment from Subscriber by the 60th day after the invoice date, CloudConnect shall disable (“deactivate”) Subscriber’s hosted infrastructure. Such an event will cause downtime and prevent Subscriber from interacting with Subscriber’s data, software applications, system settings, and hosted desktops. Subscriber agrees to indemnify, defend, and hold CloudConnect harmless for any loss to any party arising out of or attributable to CloudConnect’s deactivation of Subscriber’s hosted infrastructure for non-payment. Said downtime is not eligible for any SLA claim.
Reactivation of Disconnected Service
Should Subscriber’s hosted infrastructure become deactivated, CloudConnect will reactivate Subscriber’s hosted infrastructure upon receipt of all past due amounts, late charges, and interest. CloudConnect will also assess a $25 reactivation fee per user account to reactive Subscriber’s service. This reactivation fee must be paid at the time of reactivation.
Should Subscriber’s account become 90 days past due, CloudConnect shall deem Subscriber’s hosted environment to be abandoned. CloudConnect may at any time following the 90th day the account becomes past due, permanently remove and delete Subscriber’s hosted infrastructure, applications, operating systems, all data contained therein, and all backup and replica data produced by CloudConnect (removal and deletion), provided CloudConnect has served Subscriber with at least 30 days’ advance notice of said removal and deletion via certified US Mail (return receipt requested) to Subscriber’s last known principal address or place of business. Said notice may be initiated upon Subscriber’s account becoming 60 days past due in order to facilitate removal and deletion upon Subscriber’s account becoming 90 days past due.
Subscriber shall defend, indemnify, and hold CloudConnect harmless for any claim arising out of CloudConnect’s deletion of Subscriber’s hosted infrastructure and all data contained therein provided such deletion was the result of Subscriber’s Abandonment.
Should Subscriber become insolvent, CloudConnect will, upon submission of satisfactory evidence of such insolvency or Chapter 11 filing, provide for the export of Subscriber’s data (vmdk format only) on physical data storage media to Subscriber within 30 days of Subscriber’s request regardless of Subscriber’s account status. Subscriber shall still be liable for any cancellation fees, data export fees, and late charges, however CloudConnect will not require Subscriber’s account become current in order to facilitate the export of Subscriber’s data.
CloudConnect Customer Service is provided by the CloudConnect Help Desk. Customer Service issues may include billing and payment, opening/closing accounts, customer feedback, complaints, and other non-technical or general questions and inquiries from the Subscriber. Customer Service issues and inquiries may be directed to 1-855-256-8343 option #1.
CloudConnect provides technical support for Citrix ICA protocol access related issues only, including Remote Desktop Session Resets. For Public Domain Subscribers, CloudConnect also provides technical support for user accounts, such as resetting or changing user passwords, and creating or disabling user accounts. CloudConnect does not provide support for configuring or setting up Subscriber’s hosted operating system. CloudConnect does not provide support for any application licensed through a third party, or any application installed by Subscriber. CloudConnect does not support, setup, and/or configure Subscriber’s applications, databases, and or peripheral devices. CloudConnect will provide general instructions on how to setup devices and applications with CloudConnect, however any support, setup, and/or configurations not covered by CloudConnect will be billed at rate of $150 per hour.
Technical support for non-critical issues is a call back service Monday through Friday from 7:00 a.m. until 6:00 p.m. (normal support hours). Subscriber may arrange for a support appointment by emailing email@example.com, or may alternatively open a support request through the CloudConnect Help Desk (1-855-256-8343, option 1). CloudConnect does not troubleshoot or analyze intermittent issues; as such the issue must be readily reproducible for CloudConnect to provide support. Subscriber is expected to participate and/or work in harmony with CloudConnect Support where necessary to resolve an issue.
Technical Support requests received after normal support hours will be evaluated based on severity, and if CloudConnect determines in its sole discretion that it is necessary, support will be provided by the on call support engineer. Generally support will be provided after hours if users are unable to access hosted applications and desktops as a result of a fault that can only be corrected by CloudConnect.
Should CloudConnect determine that the installation of third party software by Subscriber caused any of the Microsoft or Citrix software components to stop functioning, for which CloudConnect must troubleshoot to cure an issue ordinarily by CloudConnect support, or that Subscriber’s negligence caused the issue, such Support will be billed at a rate of $150 per hour.
CloudConnect does not provide any on-site support of any kind for Subscribers. CloudConnect does not provide support for Subscriber-owned devices and software. CloudConnect only provides support for the Citrix Receiver when installed on a Subscriber-owned device when the Subscriber-owned device and software is functions in accordance with the manufacturer’s specifications.
When subscriber requests support for any software or technical issues not covered by the terms of this agreement, such support shall be billed at a rate of $150 per hour rounded to the nearest fifteen minutes.
Remote Desktop Session Resets
Occasionally, CloudConnect Support may be required to reset a user’s desktop session because of an inability to connect. This is many times caused by users leaving sessions in a disconnected state rather than cleanly logging off. Sessions left in a disconnected state can under certain circumstances become “stale” requiring a reset by CloudConnect.
When a desktop session is reset, any unsaved work is deleted and lost. Users must be aware that CloudConnect can only protect Subscriber data that has been “saved” to disk. Data generated by open programs that exists in system memory but has not been written to disk is not protected, not backed up, and cannot be reproduced until saved to disk.
As a best practice, users should save all work prior to disconnecting from a working session. CloudConnect recommends users completely logoff when completing a working session.
CloudConnect shall not be responsible for any data loss arising out of or attributable to a reset of a user’s desktop session. CloudConnect shall not be required to inform users that a pending reset will cause any unsaved work to be deleted as there is no means of recovering unsaved work from a “stale” desktop session.
Technical Issues of Special Interest
Under certain circumstances, CloudConnect may, at its sole discretion, choose to provide support to a Subscriber for an issue not ordinarily covered by CloudConnect (Technical Issue of Special Interest). CloudConnect is not under any obligation to provide support for a Technical Issue of Special Interest, and such issues are generally not covered under the terms of this agreement. Technical Issues of Special Interest are technical issues that CloudConnect determines to be of exceptional importance, affect multiple subscribers, indicate a looming or underlying system-wide issue, and/or validate a new technology, configuration, or hotfix, which could benefit other subscribers. Should CloudConnect choose to provide technical support for a Technical Issue of Special Interest, such action is limited to the specific technical issue during the specific occurrence only and a resolution is not guaranteed. CloudConnect’s actions in providing support for an issue of special interest shall not constitute an assumption of liability for the specific support issue on an ongoing basis, nor shall it constitute an assumption of liability for any other technical issue not ordinarily covered by the terms of this agreement. CloudConnect is not required to classify support incidents nor shall CloudConnect be required to notify Subscriber when Subscriber is receiving support from CloudConnect for a Technical Issue of Special Interest versus a normal Technical Support issues.
User Profile Corruption and or System State Corruption
Should a User’s profile or a system state become corrupted, Subscriber will be responsible for the repair of the corrupted user profile or system state. If Subscriber’s contracted IT professional is unable to repair the corruption, CloudConnect will repair the corruption at a rate of $150 per hour. Corruption is usually the result of incorrect registry settings and/or missing system or user files and folders. This can generally be caused by Malware/Malware removal, and/or installation/removal of third party applications as well as human error.
Additional Support Services from Third Parties
Subscriber must maintain support with third parties for software services not supported by CloudConnect. Examples of this may include a contracted IT professional to collectively manage Subscriber’s applications, application updates, users, permissions, Active Directory (if applicable), peripheral devices, and technical processes. Subscriber should also maintain support for third party line of business applications, for support issues specific to the software application. CloudConnect is not a managed services provider, and provides technical support only for issues explicitly covered by the terms of this agreement.
Subscriber to use Microsoft Certified Drivers and Applications only
Where Subscriber has the capability to install applications or drivers into Subscriber’s hosted infrastructure, Subscriber shall only use drivers and applications certified for the Microsoft Windows Server 2008 R2 operating system. Failure to use applications and/or drivers certified for this operating system can cause system crashes, system STOP errors (Blue Screen of Death), security breaches, undesired performance, and/or downtime. CloudConnect will not troubleshoot or diagnose any system performance, crash, or STOP error unless all installed drivers, applications, and peripheral devices are certified for Windows 2008 R2. Should CloudConnect troubleshoot a STOP error or system crash, such service will be billable at a rate of $150 per hour. Should CloudConnect determine that the issue was caused by a fault in an application, component, or driver that is a part of CloudConnect’s Core Software Components, then Subscriber shall not be liable for CloudConnect’s support charges.
Core Software Components
Subscriber agrees not to tamper, uninstall, modify, inhibit, or otherwise interfere with the Core Software Components installed into Subscriber’s hosted environment, without the written consent of CloudConnect. The Core Software Components include any software installed into Subscriber’s environment on the commencement date of this agreement. Examples of the Core Software Components include any Windows Server Standard services as part of CloudConnect’s gold image, the Citrix IMA Service and associated Citrix software components, Microsoft System Center agent and System Center Endpoint Protection client, Citrix Receiver Enterprise, ActivAeon Agent Control Service, Citrix Encryption Service, Citrix MFCOM Service, Citrix Streaming Service, Citrix Health Monitoring and Recovery, Citrix Group Policy Engine, Citrix Diagnostic Facility COM Server, Citrix Virtual Desktop Agent (if applicable), VMware Tools Service, and/or any other service, executable, software code or application required for CloudConnect to provide services under the terms of this agreement.
Trial Accounts, Demonstration Accounts, and Trial Users
CloudConnect may, at its sole discretion, provide a 7 day trial account to a prospective CloudConnect subscriber. CloudConnect Trial accounts may not be used in production and are for demonstration purposes only. Prospective CloudConnect subscribers are prohibited from installing applications into a demonstration environment and/or changing system settings. There is no backup, recovery, or high availability protection for trial/demonstration accounts. The prospective CloudConnect customer should not transfer any critical data to, or generate any critical data in a trial/demonstration account. Data generated in a trial or demonstration account may also not be able to be transferred to a production account, should trial or demonstration users ultimately subscribe to a CloudConnect service. Trial account users are subject to these limitations as well as all limitations placed on Subscribers under the terms of this agreement. Trial accounts and demonstration accounts are only available to users accessing CloudConnect from the Continental United States and provided such users are members of organizations and with principal offices located in the Continental United States. CloudConnect may choose to qualify trial users, and limit distribution of trial and demonstration accounts based on such qualifications. Such qualifications may include a basic background check on the party requesting the demonstration or trial account and/or the viability of the prospective Customer in becoming a CloudConnect Subscriber.
Strong Encryption Export Notice
CloudConnect distributes Citrix Receiver to Subscribers on demand to connect to and interact with Subscriber’s hosted applications and desktops. Citrix Receiver is subject to the export jurisdiction of the U.S. Department of Commerce Bureau of Industry and Security (BIS), which administers Export Administrator Regulations.
Users traveling outside of the United States must comply with all international, foreign, and domestic laws pertaining to the export and or use of Citrix Receiver. Certain foreign jurisdictions may not allow the use of the Citrix Receiver software as it is strong encryption capable.
Subscriber Lawful Use
Subscriber agrees to only use CloudConnect for lawful purposes. Subscriber shall not cause, suffer, permit, or allow unlawful content or user activity to exist on Subscriber’s hosted infrastructure, applications, and desktops. Subscriber shall indemnify, defend, and hold harmless CloudConnect from any loss or claim arising out of or attributable to Subscriber’s unlawful use of CloudConnect. Subscriber shall not use CloudConnect products and services in any manner that is malicious or abusive and/or causes harm to any party. Subscriber shall not cause, suffer, permit, or allow any user to attempt to gain access to any area of the CloudConnect Platform that is not intended or authorized for Subscriber’s use.
Right to Comply with Authorities
Should CloudConnect know by any means that Subscriber has violated the Subscriber Lawful Use clause, CloudConnect shall have the right to disable services, notify appropriate authorities, and/or turnover hosted content and/or data (to the extent with which CloudConnect is physically able to access said information) to the authorities having jurisdiction. Subscriber shall indemnify, defend, and hold harmless CloudConnect from any loss or claim resulting from CloudConnect’s disabling of services, compliance with law enforcement, court order, judicial subpoena, or other legal proceeding in connection with CloudConnect’s compliance with law enforcement’s investigations of the Subscriber.
Internet Acceptable Use
CloudConnect provides a Virtual Internet Gateway for Subscriber’s use with CloudConnect software services. Subscriber shall not cause, suffer, permit, or allow the use of the internet gateway or assigned IP address(es) for any malicious purpose, including but not limited to, sending mass unwanted email communications (SPAM email), attempts to hack or gain control of third party systems on the internet, attempts to cause a denial of service attack on another party, intellectual property theft, piracy, industrial/political espionage, treason, copyright infringement, publication/hosting/distribution of pornographic and/or hateful/offensive or illegal content, use with file torrents, bit torrents and associated services, and/or any other practice commonly recognized as abusive or malicious by reputable Internet Service Providers, industry standards, or applicable law. Subscriber is further bound to all Acceptable Use Requirements of CloudConnect’s agreements with CloudConnect’s Internet Services Providers (ISP), including Verizon Communications, Level-3 Communications, TowardEx Technologies, Comcast Communications, and Cogent, or any other current ISP of CloudConnect. For copies of these Acceptable Use Policies, please contact CloudConnect.
Should CloudConnect discover Subscriber’s use of the Virtual Internet Gateway is causing, participating in, and/or contributing to any malicious purpose or abusive practice, Subscriber shall be considered in default of this agreement. In addition to CloudConnect’s remedies for Subscriber’s default, CloudConnect shall also be permitted (without consent of Subscriber) to take immediate necessary measures to stop abusive/malicious practices (including disabling accounts, hosted infrastructure, and/or internet access). Any time spent by CloudConnect diagnosing, tracing, correcting and/or remediating the abusive/malicious practice shall be billed at a rate of $150 per hour.
CloudConnect does not meter bandwidth use by Subscriber; however CloudConnect reserves the right to throttle bandwidth of Subscriber at CloudConnect’s sole discretion. Subscriber agrees not to abusively or excessively consume bandwidth. Should CloudConnect deem Subscriber is excessively consuming or utilizing bandwidth, CloudConnect may apply reasonable additional charges to Subscriber to cover excess bandwidth costs. For the purposes of this section, the definition of Excessive Consumption of Bandwidth shall include more than 325 GB of ingress or egress data in one month. The definition of Abusive Bandwidth Use shall include delegating or reselling bandwidth to third parties and/or use with a file torrent web service.
Connecting any computer system to the internet carries risks. Use of web browsers and other internet software applications, increases the likelihood of malware infections, unwanted software, and or security becoming compromised. Subscriber must use internet software responsibly and accept all risks and consequences associated with its use. Subscriber must educate its users on how to recognize non-reputable websites, and not to disclose or transmit personally identifiable information in a web browser unless the authenticity of the site has been verified and the connection is secured. Notwithstanding system access via the ICA protocol, if Subscriber does not wish to grant users access to internet services, Subscriber should contact CloudConnect.
CloudConnect preconfigures Subscriber’s internet DNS resolvers to use Norton Connect Safe® service with a failback to Open DNS. These services are designed to filter known malicious websites. CloudConnect may, at its sole discretion, elect to extend content filtering to include pornographic/obscene website content and gaming/file sharing website content as well. CloudConnect may also filter, at its sole discretion, IP traffic based on known malicious IP addresses, and/or countries and geographic regions with elevated incidence of malicious IP activity including countries suspected of engaging in industrial espionage against the United States. Subscriber shall not alter any of its DNS settings without the written consent of CloudConnect. Subscriber’s attempt to remove or circumvent content filtering technologies, or alter DNS entries shall constitute an event of default for Subscriber.
Should content filtering substantially interfere with Subscriber’s ability to conduct its ordinary course of business through false positive filtering, or because of Subscriber’s international business needs, Subscriber may contact CloudConnect to whitelist certain IP addresses and subnets. CloudConnect shall have sole discretion whether or not to whitelist the requested content.
To the fullest extent permitted by law, Subscriber shall indemnify, defend, and hold CloudConnect harmless for any loss to any party arising out of or attributable to Subscriber’s use of CloudConnect’s Virtual Internet Gateway.
Connect Safe® is a registered trademark of Symantec Corporation.
CloudConnect to have unrestricted access to Subscriber’s virtual machines
CloudConnect shall have the right to access any virtual machine assigned to Subscriber at any time and without notice with full local administrator access for the purposes of executing its duties under the terms of this agreement. Subscriber shall in all cases cooperate and facilitate access to Subscriber’s virtual machines when required by CloudConnect. Subscriber’s failure to facilitate such access upon request of CloudConnect shall constitute a default under this agreement.
Non-Disclosure of CloudConnect Intellectual Property
Subscriber agrees it will not disclose any technical information about the CloudConnect architecture to any party, except to reputable services providers to the extent necessary for such services providers to render technology and/or software maintenance and repair services.
No Resale or Sublet of CloudConnect Services
Subscriber is prohibited from reselling, renting, subletting, leasing, or licensing any CloudConnect service to any third party without the written consent of CloudConnect.
Transfer of this Agreement
This Agreement may be transferred by Subscriber to a third party upon receipt of written consent of CloudConnect to complete such transfer. All of Subscriber’s CloudConnect services must remain with one single account and may not be split or divided into separate or sub accounts.
Software Updates and Security Patches
Unless this feature is disabled by Subscriber, CloudConnect by default, will update, apply security patches, and install applicable hotfixes for Microsoft (excluding Service Packs for Microsoft Exchange Server and SQL Server), and VMware products exclusively licensed through CloudConnect. Updates, patches and hotfixes will only be installed when CloudConnect determines the patch or update is necessary for Subscriber. CloudConnect will only install hotfixes for Citrix products licensed through CloudConnect when Subscriber reports a Citrix related issue to CloudConnect and the issue implicates a need for a Citrix hotfix. Subscriber is responsible for updating and patching software installed by Subscriber or software licensed from third parties (see Installing and Configuring Applications)
A software update is not a software upgrade. Software upgrade means a change is Software Version (e.g. Microsoft Office 2007 upgrade to Microsoft Office 2010). A software update is a modification, enhancement, or patch within a Software Version. CloudConnect generally will not automatically upgrade software versions. Subscriber must request software version upgrades from CloudConnect. Migration fees may apply (See Future Operating System and Software Upgrades).
Future Operating System and Software Upgrades
Depending on subscriber’s Cloud architecture (Private domain, public domain, dynamic disk, persistent disk, or diskless), there may be a time limit to the length of time for which CloudConnect can support subscriber’s Cloud architecture, primarily due to software upgrades, and end of product support from software vendors including Microsoft and Citrix Systems. CloudConnect will support subscriber’s operating system software until at least the Microsoft Mainstream Support End date as defined by Microsoft for the subscriber’s software in use. At the end of Microsoft Mainstream Support, migration CloudConnect may require a mandatory migration of Subscriber’s data, user, and application states to a new environment. Such migration may include installing/reinstalling programs on newer operating systems, user state migrations, active directory domain services migrations, and other items as required to responsibly upgrade the subscriber’s cloud environment to future supported operating systems and software. Subscriber may also be required to upgrade existing peripheral hardware devices as well as Non-Microsoft Software licensed through third parties for compatibility with newer Microsoft operating systems. There are no charges for upgrading Microsoft software or operating system licenses as subscriber has software assurance through CloudConnect, however the migration may require up to 2 hours of billable technician time per user account and up to 12 hours of billable time per active directory migration. Such technician time will be billed at a rate of $150 per hour and may need to be performed by CloudConnect.
CloudConnect Release of New Operating Systems
Due to software co-dependency, Subscribers are not eligible for software upgrades when the software is released to manufacturing by the software vendor. CloudConnect must verify all software components are available and supported across platforms. CloudConnect must also verify and test the software with the CloudConnect Platform. Generally, new Microsoft Operating Systems will be available for newly provisioned systems no later than six months following the date Citrix Systems begins supporting the new Microsoft Operating System. For use cases where the Microsoft operating system is not used in conjunction with a Citrix product, CloudConnect will make the operating system available to Subscriber for newly provisioned systems upon being supported by VMware. Subscribers desiring to replace an existing hosted system with a software upgrade will be billed $150 per hour by CloudConnect to perform user state and system state migrations. CloudConnect does not allow in place upgrades of operating systems.
Microsoft Software Services
MICROSOFT requires CloudConnect to notify its Subscribers of the following limitations, and conditions of use for which Subscriber agrees to be bound:
No High Risk Use. The Products/Services are not fault-tolerant. The Products are neither designed nor intended for use in a situation where the Product’s failure could lead to death or serious bodily injury of any person, or to severe physical or environmental damage (“High Risk Use”). Subscriber is not licensed to use the Products in, or in conjunction with, High Risk Use. High Risk Use includes, for example: aircraft or other modes of human mass transportation, nuclear or chemical facilities, and Class III medical devices under the U.S. Food, Drug, and Cosmetic Act.
Subscriber is prohibited from removing, modifying, or obscuring any copyright, trademark or other propriety rights notices that are contained in or on the Products.
Subscriber is prohibited from reverse engineering, decompiling, or disassembling the Products, except to the extent that such activity is expressly permitted by applicable law.
To the extent permitted by applicable law, all warranties by Microsoft and any liability by Microsoft or its suppliers for any damages, whether direct, indirect, or consequential, arising from this Service shall not apply or extend to Subscriber.
Subscriber accepts that Microsoft is not required to provide technical support for these services, and except where provided for by CloudConnect, Subscriber is responsible for its own technical support for the Software Services.
Subscriber understands Products and Software Services are proprietary technologies created by Microsoft, and Subscriber shall not cause, suffer, permit, or allow infringement of or detriment to Microsoft’s rights to its intellectual property.
Subscriber agrees to allow CloudConnect to disclose information about Subscriber and Subscriber’s agreements with CloudConnect where required by the Microsoft Services Provider Level Agreement, which may be amended from time to time and is available for review from CloudConnect, LLC upon written request by Subscriber.
Notwithstanding qualified disclosures under this agreement, CloudConnect will not intentionally share or disseminate information about Subscriber or Subscriber data with third parties. CloudConnect reserves the right to disclose information about Subscriber and or Subscriber’s data to third parties when required by law, court order, or to cooperate with a law enforcement investigation. CloudConnect may provide access to Subscriber’s hosted environment to third parties on a need to know basis. Examples of this scenario may include third party technical support personnel to troubleshoot issues specific to Subscriber’s hosted environment. CloudConnect may also be contractually obligated to share demographic information about Subscriber to comply with software licensing requirements from reputable vendors such as Microsoft and Citrix. The information disclosed, and agreements CloudConnect maintains with such reputable vendors is available to Subscriber upon request. CloudConnect will never disclose any information that is ordinarily prohibited by law, unless directed to do so by court order.
Because of the Microsoft Active Directory architecture, CloudConnect must publish the first name, last name, and universal principal name (UPN) of each Public Domain user account in the Public Domain’s Global Catalogue. First names, last names and UPNs may be viewed by any other CloudConnect Public Domain Subscriber and/or user. A Subscriber account is considered to be in the Public Domain when the user’s logon name takes the format of “username@cloud.” Except for this information, CloudConnect will not publish any other personally identifiable information about any Subscriber or user account in the Global Catalogue. Subscribers not wishing to have such information published should use a pseudonym or consider the CloudConnect Private Domain architecture.
CloudConnect may actively monitor and log internet traffic from Subscriber’s hosted infrastructure. CloudConnect generally examines these logs for attempted communications with known/suspected malicious IP addresses as well as geographic regions with elevated incidence of cybercrime (such as countries suspected of engaging in industrial espionage against the United States). CloudConnect shares this logged information with reputable IP address reputation service providers to collaborate on the discovery of malicious IP addresses and respond to cyber threats. CloudConnect uses masquerade technologies to protect Subscriber’s privacy when this information is shared with IP reputation services. For additional information on this service, contact CloudConnect.
CloudConnect reserves the right to internally monitor user activity and collect user behavioral statistics for internal purposes.
CloudConnect shall purchase and maintain insurance from responsible insurance companies licensed to conduct the business of insurance in the Commonwealth of Massachusetts that meet the following minimum requirements:
Cyber Liability $2,000,000 per occurrence / $2,000,000 aggregate
Errors and Omissions $2,000,000 per occurrence / $2,000,000 aggregate
General Liability $2,000,000 per occurrence / $2,000,000 aggregate
CloudConnect does not maintain product liability for Thin Client devices, as CloudConnect is not the manufacturer of the device. Subscriber shall hold CloudConnect harmless from any loss arising out of or attributable to faults in the design or code of any Thin Client device furnished by CloudConnect.
CloudConnect’s insurance generally provides coverage when a qualifying act, error, and/or omission by CloudConnect directly causes qualifying damages to Subscriber. Subscriber is not an additional insured under any CloudConnect insurance policy. CloudConnect’s insurance does not cover Subscriber for losses to third parties as a result of Subscriber’s acts of negligence. Subscribers who license or maintain personally identifiable information, health records, intellectual property, and/or other high risk data should strongly consider purchasing their own data privacy liability insurance coverage. Storing personally identifiable information on a CloudConnect server does not imply liability of CloudConnect should such data be compromised, nor will CloudConnect’s insurance pay any such claims.
CloudConnect will promptly furnish Subscriber with insurance certificates and/or list Subscriber as a Certificate Holder with appropriate policy cancellation notice upon request of Subscriber.
Subscriber’s Compliance with Information Security Regulations
CloudConnect is a multi-tenant public cloud. It is the responsibility of Subscriber to determine if Subscriber is required to comply with industry standards or regulations including HIPAA, 201 CMR 17, PCI, FIPS, SAS 70, and others. The Subscriber as an entity is responsible for its own compliance with such standards and regulations pertaining to information security and electronic data processing systems. CloudConnect will, upon request of Subscriber, provide written documentation detailing certain technical and security specifications of the CloudConnect Platform. Subscriber shall use such documentation for no other purpose than to determine whether or not Subscriber is able to comply with applicable regulations and industry standards once utilizing the CloudConnect Platform. Subscriber agrees not to disclose such information to any third party, and Subscriber understands there are limits to the amount of technical information CloudConnect can disclose to Subscriber because of CloudConnect’s own security policies.
CloudConnect does manage and perform certain security services for all subscribers. CloudConnect may also distribute security information, alerts, patches, and recommended technical configurations to Subscriber. Subscriber should not assume these security services imply Subscriber’s compliance with Industry Standards, Regulations and Laws, which may govern Subscriber with respect to information security and electronic data processing systems. Subscriber should retain the services of a professional security consultant or auditor where needed to determine if additional security measures are required for compliance, or if the CloudConnect platform prevents Subscriber from achieving compliance.
Subscriber’s Default and CloudConnect’s Remedy
Should Subscriber default on any covenant of this agreement, CloudConnect shall have the right to terminate this agreement and/or disable software services, provided Subscriber has not cured such default seven days’ after receipt of notice of default from CloudConnect. This default remedy shall not limit or prejudice any other remedies specified in this agreement. Subscriber shall indemnify, defend and hold CloudConnect harmless from any loss arising out of or attributable to CloudConnect’s termination of Subscriber for default.
CloudConnect’s Default and Subscriber’s Remedy
Should CloudConnect fail to perform an obligation under this agreement, and said failure to perform gives rise to a technical glitch, which substantially interferes with Subscriber’s ability to conduct its ordinary course of business, CloudConnect shall be considered in default of this agreement. Subscriber must notify CloudConnect in writing of the alleged default and associated technical glitch, as well as the impact on Subscriber’s business no later than seven days after discovery of said glitch by Subscriber. Said notice shall be served via certified US Mail return receipt requested, or via Federal Express. CloudConnect shall have ten business days to either cure the alleged default, or postmark a Notice of Dispute, which shall include a reasonable justification for CloudConnect’s dispute of the alleged default. Should CloudConnect fail to cure or issue written Notice of Dispute to Subscriber by the tenth business day thereafter, Subscriber, as sole remedy, may terminate this agreement without penalty. Should CloudConnect issue a Notice of Dispute, Subscriber may initiate arbitration proceedings consistent with the provisions of Disputes Under this Agreement. Should Subscriber fail to initiate said arbitration proceedings within thirty days’ of receipt of Notice of Dispute, said default of CloudConnect shall be considered cured.
Should Subscriber or CloudConnect default under this agreement for the same reason on more than one occasion, then either party may exercise their default remedies without affording the other an opportunity to cure said default.
Termination by Subscriber
Notwithstanding the provisions of CloudConnect’s Default and Subscriber’s Remedy, should Subscriber choose to terminate this agreement during the agreement term and after the cancelation window, Subscriber shall be responsible for the most recent monthly charges for Resource Pools, Committed Storage, and Devices (as defined in this agreement) that existed in Subscriber’s hosted environment on the commencement multiplied by the number of calendar months remaining the in the agreement term. Or, if terminating after a renewal date, the monthly recurring charges Resource Pools, Committed Storage, and Devices that existed in Subscriber’s hosted environment on the renewal date multiplied by the number of calendar months remaining in said agreement term.
Termination by CloudConnect
Notwithstanding the provisions of Subscriber’s Default and CloudConnect’s Remedy, CloudConnect may terminate this agreement at any time provided CloudConnect provides Subscriber with six months advance notice of its intent to terminate. Should CloudConnect terminate this agreement, Subscriber shall not be liable for any early termination charges or penalties. Subscriber will, however, be responsible for the acquisition of Subscriber data.
Upon termination by either party (including for termination arising out of the default of either party), Subscriber shall be ultimately responsible for migrating Subscriber from Subscriber’s Hosted Infrastructure, to Subscriber’s new environment. Subscriber may request CloudConnect provide Subscriber’s virtual machines in vmdk format. CloudConnect will charge Subscriber $2.00 per Gigabyte of vmdk data exported plus reasonable costs incurred during the process (shipping, storage media, etc.). Any Microsoft or Citrix software exported by Subscriber in vmdk format is considered not licensed at time of export. Subscriber will be required to obtain retail licenses from Microsoft and Citrix to run the Microsoft or Citrix software normally licensed under the SPLA or CSP programs.
No Interference by Subscriber
Subscriber agrees not to take any action against CloudConnect, which could adversely affect or jeopardize another subscriber’s use of CloudConnect services or cause business interruption to another subscriber, or cause temporary or permanent loss of access to hosted infrastructure.
Subscriber to Indemnify, Defend, and Hold CloudConnect Harmless
To the fullest extent permitted by law, Subscriber hereby agrees to defend, indemnify, and hold CloudConnect harmless for any loss, including losses to third parties arising out of or attributable to Subscriber’s use of the CloudConnect Platform, provided such loss is the result of a failure to comply with the terms of this agreement or provided such loss is attributable to the negligent acts, errors, and/or omissions of Subscriber, or attributable applications installed by Subscriber, and/or peripheral devices installed by Subscriber.
Subscriber agrees indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to the actions or inactions of a third party, malicious party or hacker, and/or any loss arising out of a cause beyond the direct control of CloudConnect. Subscriber further agrees to indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to faults, bugs, defects, and/or security vulnerabilities in any software code installed by Subscriber as well as faults, bugs, defects, and/or security vulnerabilities in any software that is provided by CloudConnect (including software manufactured by or services provided by, Dell, Microsoft, Symantec, Vyatta, VMware, Citrix, Zoho Corporation, ThreatSTOP, Symantec, Open DNS, TowardEX, Verizon, and/or ActivAeon) or used by CloudConnect to deliver software services to Subscriber. Subscriber further agrees to indemnify, defend, and hold CloudConnect harmless from any loss arising out of or attributable to faults, bugs, defects, and/or security vulnerabilities in any hardware or firmware used by Subscriber in connection with CloudConnect, as well as faults, bugs, defects, and/or security vulnerabilities in any hardware that is provided by CloudConnect for Subscriber’s use and/or used/operated by CloudConnect to deliver software services to Subscriber.
Limitation of Damages
In all circumstances, CloudConnect shall never be liable to Subscriber for any claim for damages, unless CloudConnect materially breached this agreement while acting with willful negligence and in bad faith.
CloudConnect shall never be liable to Subscriber for any claim for damages, which is not covered by an insurance policy in effect by CloudConnect’s at the time of the alleged cyber breach, negligent act, error, and/or omission. Nor shall CloudConnect ever be liable to Subscriber for any claim for damages that exceeds what CloudConnect’s insurance policies shall pay (policy limits) less any previous claims paid by the insurance carrier to any party during the policy term.
Subscriber shall indemnify, defend, and hold harmless CloudConnect harmless for any loss, downtime, or delay, arising out of or attributable to any natural disaster or manmade disaster, Act of God, act of a civil or military authority, riot, social unrest, Act of War, certified act of terrorism, widespread utility outage, fire, flood, earthquake, tornado, hurricane, storm, casualty or loss of or at CloudConnect’s Colocation Facility or Self-Operated Facility, utility or HVAC disruption at CloudConnect’s Colocation Facility or Self-Operated Facility, downtime by CloudConnect’s Internet Services Provider(s), hardware failure, and/or other incident of force majeure.
No Consequential Damages
Under no circumstances shall CloudConnect ever be liable to Subscriber for consequential or indirect damages arising out of or attributable to CloudConnect’s performance or failure to perform under this agreement. CloudConnect shall never be liable to Subscriber for any business interruption claim.
No Punitive or Penalty Damages
Under no circumstances shall CloudConnect be liable to Subscriber for any punitive, penalty, and/or multiple damages for any claim under this agreement. CloudConnect shall never be liable to Subscriber for any interest on any claim or attorney’s fees.
No Personal Liability
Subscriber shall hold harmless both individually, and collectively, the officers, directors, managers, agents, shareholders, members, employees, and owners of CloudConnect from any personal liability for any claim under this agreement.
Unless Subscriber is a natural person or Subscriber’s Private Domain Administrator is a natural person CloudConnect shall hold harmless both individually and collectively, the officers, directors, managers, agents, shareholders, members, employees, owners, and agents of Subscriber from any personal liability for any claim under this agreement. In the case where Subscriber or Subscriber’s Private Domain Administrator is a natural person, said person’s liability shall only extend in so far as liability permits under this agreement.
Waiver of Right to Trial by Jury
Both parties hereby waive their right to a Trial by Jury for any dispute or claim arising out of this agreement.
Disputes under this Agreement
In the event a dispute shall arise between the parties to this agreement, it is hereby agreed that the dispute shall be referred to the AMERICAN ARBITRATOR’S ASSOCIATION (the “Arbitrator”), for arbitration in accordance with the applicable United States Arbitration and Mediation Rules of Arbitration. The arbitrator's decision shall be final and legally binding and judgment may be entered thereon.
The non-prevailing party of the arbitration shall bear all Costs of Arbitration for both parties, unless otherwise directed by the Arbitrator. Costs of Arbitration shall not include attorney’s fees.
This agreement shall be governed by the laws of THE COMMONWEALTH OF MASSACHUSETTS and, where applicable, THE UNITED STATES OF AMERICA.
Amendments to this Agreement
No future amendment of this agreement shall be binding unless such amendment is made by CloudConnect and CloudConnect provides at least thirty days’ notice of such amendment to Subscriber prior to the date such amendment shall take effect. Proper notice may include an email notification sent to Subscriber’s most recent email address.
Subscriber may request amendments; however Subscriber is prohibited from amending this agreement without the Written Consent of CloudConnect.
No oral agreements of any kind shall in any way amend or alter this agreement. A party’s actions or failure to act shall never be construed as an amendment or consent to amendment of this agreement.
For the purposes of this agreement, Written Consent shall mean a document furnished by the consenting party, for the sole purpose of providing consent. Said document shall explain in writing what is being consented to, and said document shall be signed and dated by an authorized member of the consenting party. The cashing and/or endorsing of a check shall never constitute written consent by any party.
Except where action is required under the terms of this agreement, the failure of either party to complain or notify the other party of a default shall never constitute a waiver to the either parties’ rights or remedies contained herein.
This agreement shall be the supreme governing document of Subscriber’s contractual relationship with CloudConnect and vice versa. Where a conflict arises between this agreement and any other previous, current, or future agreement, written or oral, this agreement shall prevail.
Should any clause, paragraph, or section of this agreement be rendered null, void, invalid, or nonbinding in any legal or arbitration proceeding, the surviving clauses, sections, paragraphs, thoughts, and/or ideas shall remain in full force and effect.
Revised April 15, 2013